PowerShell is extremely useful for admins. This power is also extremely useful for attackers.
There are several PowerShell tools specifically for increasing access on a network:
PowerSploit
PowerSploit – PowerShell based pentest tool set developed by Mattifestation.
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, and penetration testers during all phases of an assessment.
PowerSploit is comprised of the following major components:
CodeExecution
ScriptModification
Persistence
PETools
Capstone
ReverseEngineering
AntivirusBypass
Recon
Exfiltration
The last one listed, Exfiltration, includes the following useful PowerShell pentest scripts.
Invoke-TokenManipulation
Invoke-CredentialInjection
Invoke-Mimikatz
Get-GPPPassword
Get-VaultCredential
Posh-SecModule
The Posh-SecModule by DarkOperator includes lots of useful pentest PowerShell cmdlets.
This module is a PowerShell v3 only module at the moment. The module is a collection of functions that I have found usefull in my day to day work as a security professional. The functions are broken in to functionality:
Discovery: Perform network discovery.
Parse: Parsers for Nmap, DNSRecon and other type of output files from security tools.
PostExploitation: Functions to help in performing post exploitation tasks.
Registry: Collection of functions for manipulating the registry in remote hosts using WMI.
Nessus: Collection of assemblies and functions for automating the Nessus Vulnerability Scanner.
Utilities: General purpose functions.
Audit: Functions that may be usful when performing audit of systems.
Database: Functions that are useful when interacting with databases.
Shodan: Functions for doing discovery using Shodan using a valid API key.
VirusTotal: Functions for Interacting with Virus Total using a valid API key.
Metasploit: Functions for automating Metasploit Framework and the comercial version using the XMLRPC API.
Nishang
Nishang is a suite of PowerShell pentest tools developed by Nikhil “SamratAshok” Mittal. He also blogs at: http://www.labofapenetrationtester.com/
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security usage and during Penetraion Tests. Nishang is useful during various phases of a penetration test and is most powerful for post exploitation usage.
Nishang includes several very interesting (and useful PowerShell pentest scripts):
- HTTP-Backdoor
A backdoor which is capable to recieve instructions from third party websites and could execute powershell scripts in memory. - DNS_TXT_Pwnage
A Backdoor which could recieve commands and powershell scripts from DNS TXT queries and execute those on target and could be controlled remotely using the queries. - Execute-OnTime
A Backdoor which could execute powershell scripts on a given time on a target. - Remove-Update
Introduce vulnerabilites by removing patches. - Download-Execute-PS
Download and execute a powershell script in memory. - Copy-VSS
Copy the SAM file using Volume Shadow Service. - FireBuster FireListener
A pair of scripts for Egress Testing - Get-LSASecret
Get LSA Secret from a target. - Get-PassHashes
Get password hashes from a target. - Get-WLAN-Keys
Get WLAN keys in plain from a target. - Keylogger
Log keys from a target. - Brute-Force
Brute force FTP, Active Directory, MS SQL Server and Sharepoint. - Port-Scan
A handy port scanner. - Add-Exfiltration
Add data exfiltration capability to gmail,pastebin, webserver and DNS to any script. - Add-Persistence
Add Reboot persistence capability to a script. - Remove-Persistence
Remoce persistence added by the Add-Persistence script. - Do-Exfiltration
Pipe (|) this to any script to exfiltrate the output.
Recent Comments