PowerShell is extremely useful for admins. This power is also extremely useful for attackers.<\/p>\n
There are several PowerShell tools specifically for increasing access on a network:<\/p>\n
PowerSploit <\/a>– PowerShell based pentest tool set developed by Mattifestation<\/a>.<\/p>\n PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, and penetration testers during all phases of an assessment.<\/p><\/blockquote>\n PowerSploit is comprised of the following major components:<\/p>\n CodeExecution The last one listed, Exfiltration, includes the following useful PowerShell pentest scripts.<\/p>\n Invoke-TokenManipulation <\/p>\n The\u00a0Posh-SecModule <\/a>by DarkOperator <\/a>includes lots of useful pentest PowerShell cmdlets.<\/p>\n This module is a PowerShell v3 only module at the moment. The module is a collection of functions that I have found usefull in my day to day work as a security professional. The functions are broken in to functionality:<\/p>\n Discovery: Perform network discovery. Nishang <\/a>is a suite of PowerShell pentest tools developed by Nikhil “SamratAshok” Mittal<\/a>. He also blogs at:\u00a0 http:\/\/www.labofapenetrationtester.com\/<\/a><\/p>\n Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security usage and during Penetraion Tests. Nishang is useful during various phases of a penetration test and is most powerful for post exploitation usage.<\/p><\/blockquote>\n
\nScriptModification
\nPersistence
\nPETools
\nCapstone
\nReverseEngineering
\nAntivirusBypass
\nRecon
\nExfiltration<\/p>\n
\nInvoke-CredentialInjection
\nInvoke-Mimikatz
\nGet-GPPPassword
\nGet-VaultCredential<\/p>\nPosh-SecModule<\/strong><\/a><\/h3>\n
\nParse: Parsers for Nmap, DNSRecon and other type of output files from security tools.
\nPostExploitation: Functions to help in performing post exploitation tasks.
\nRegistry: Collection of functions for manipulating the registry in remote hosts using WMI.
\nNessus: Collection of assemblies and functions for automating the Nessus Vulnerability Scanner.
\nUtilities: General purpose functions.
\nAudit: Functions that may be usful when performing audit of systems.
\nDatabase: Functions that are useful when interacting with databases.
\nShodan: Functions for doing discovery using Shodan using a valid API key.
\nVirusTotal: Functions for Interacting with Virus Total using a valid API key.
\nMetasploit: Functions for automating Metasploit Framework and the comercial version using the XMLRPC API.<\/p><\/blockquote>\nNishang<\/a><\/h3>\n