Nytro Posted July 23, 2012 Report Share Posted July 23, 2012 [h=1]PowerSploit: A PowerShell Post-Exploitation Framework![/h] July 23, 2012 By MayureshAt first, there was Syringe from SecureState. It was expanded upon and a slightly more featured PowerShell-based code/DLL injection utility – Powersyringe. The same author – Matt Graeber – improved upon it again to program PowerSploit.So, PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests. It retains much of the same functionality of Powersyringe but each payload is divided into a separate script according to functionality. Additionally, the PowerSyringe code was completely rewritten from scratch. All scripts are now in conformance with proper PowerShell verb-noun agreement and are entirely memory-resident (thanks to certain internal .NET methods and reflection)! PowerSploit also features improved error handing, allowing error handlers to pick up on every fault![h=2]PowerSploit is comprised of the following scripts:[/h]Inject-Dll: Inject-Dll injects a Dll into the process ID of your choosing.Inject-Shellcode: Inject-Shellcode injects shellcode into the process ID of your choosing or within PowerShell locally. It supports windows/meterpreter/reverse_http and windows/meterpreter/reverse_https payloads too!Encrypt-Script: Encrypt-Script will encrypt a script (or any text file for that matter) and output the results to a minimally obfuscated script – evil.ps1.Get-GPPPassword: Get-GPPPassword retrieves the plaintext password for accounts pushed through Group Policy in groups.xml. Used with permission from @obscuresec (obscuresec).Invoke-ReverseDnsLookup: Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test.Get-PEHeader: Get-PEHeader is the newest in-memory and on-disk PE parsing utility.Get-PEArchitecture: Get-PEArchitecture returns the architecture for which an executable was compiled.Get-DllLoadPath: Get-DllLoadPath returns the path from which Windows will load a Dll for the given executable.Get-ILDisassembly: Disassembles a raw MSIL byte array passed in from a MethodInfo object in a manner similar to that of Ildasm.So you can see that in addition to a lot of general purpose scripts, you have a lot of scripts that allow you to work with portable executable’s (PE’s) and reverse engineering (RE). Since this is an open source project, all of this can surely be improved upon. A writing style guide also has been provided by the author on the GitHub page, with the 3 clause BSD license, where this project is hosted.[h=3]Download PowerSploit:[/h]PowerSploit.zip and project home page.Sursa: PowerSploit: A PowerShell Post-Exploitation Framework! — PenTestIT 1 Quote Link to comment Share on other sites More sharing options...
