Quantcast
Channel: Exploit Monday
Viewing all articles
Browse latest Browse all 78

PowerSploit - A PowerShell Post-Exploitation Framework

$
0
0
PowerSploit Repo

After recently reviewing my code for Powersyringe, I realized it was total crap. Although it worked and got the job done in most cases, it was ugly. Also, upon discovering how to achieve true memory-residence when working with Win32 functions, I decided it was time to dismember Powersyringe. Behold... PowerSploit. PowerSploit retains much of the same functionality of Powersyringe but I decided to split each payload into a separate script according to functionality. Currently, PowerSploit is comprised of the following scripts:

  • Inject-Dll
  • Inject-Shellcode
  • Encrypt-Script

Also, I've finally given my code a good home on Github. Moving forward, any new functionality and scripts will be hosted under the PowerSploit repo.

Here's a highlight of the changes I made to the original Powersyringe:
  • All the features of PowerSyringe have now been split up into separate scripts which now fall under the PowerSploit project.
  • Completely rewrote the PowerSyringe code from scratch.
  • All scripts are now in conformance with proper PowerShell verb-noun agreement.
  • All the scripts are entirely memory-resident now. This feature is possible through reflection. For more information on the implementation details, read my blog post.
  • Improved error handing. Error handlers should pick up on every fault now.
  • Added calls to VirtualFree for proper cleanup.
  • Detailed output is now displayed when the -Verbose option is enabled.
  • CreateThread assembly stub is now implemented in a function and is much more readable.

As always, let me know if you have any legitimate issues with any of the scripts.

Viewing all articles
Browse latest Browse all 78

Trending Articles