Skip to content
This repository has been archived by the owner on Jan 21, 2021. It is now read-only.

PowerSploit v3.0.0

Latest
Latest
Compare
Choose a tag to compare
@PowerShellMafia PowerShellMafia released this 19 Dec 00:36
· 275 commits to master since this release
v3.0.0
9e771d1

Features added:

  • PowerView and PowerUp!!! Moving forward this will be the home of these projects. Thank you @HarmJ0y for all the work that went in to integration and test writing!
  • Pester tests for PowerUp, PowerView, and the CodeExecution module. Full test coverage is desired but cannot be done in the interest of time, at the moment. Moving forward, all new code must be accompanied with Pester tests.
  • PowerSploit includes a .sln now for those who opt to develop PowerSploit in Visual Studio with the PowerShell Tools extension.

Enhancements:

  • Invoke-Mimikatz: It now uses the latest build of mimikatz 2.0 alpha (as of 12/14/2015)
  • Everything was normalized to ASCII for a consistent weaponization experience. A Pester test was written to ensure consistent, module-wide ASCII encoding.
  • I removed all versioning comments from functions. Versioning is to be maintained at the module level now.
  • Get-Keystrokes: Added a -PollingInterval parameter

Features/functionality removed:

  • Invoke-ShellcodeMSIL was removed. This was only ever designed as a PoC capability. Invoke-Shellcode and New-FunctionDelegate (in PowerShellArsenal) more than cover the functionality offered by Invoke-ShellcodeMSIL.
  • Invoke-Shellcode was modified. Metasploit integration was removed. See my blog post (http://www.exploit-monday.com/2015/12/offensive-tool-design-and-weaponization.html) which describes this rationale. The file hosting Invoke-Shellcode is no longer Invoke--Shellcode.ps1. I'm over my rage fit revolving around people downloading and executing code directly from GitHub repos.
  • Invoke-ReflectivePEInjection: Removed the -PEPath and -PEUrl parameters. It now only accepts a PE as a byte array.

Bug fixes:

  • Invoke-ReflectivePEInjection:
    • Fixed a casting bug which was throwing errors.
    • Added an option to not zero out the MZ signature. Clearing the PE signature prevents a PE from being loaded twice or more in succession.
    • It was failing when trying to resolve NtCreateThreadEx which is not exported by ntdll.dll in Windows XP.
  • Invoke-Mimikatz:
    • Invoke-Mimikatz was failing in Windows XP due to the embedded powerkatz.dll importing ntdll!_vscwprintf which doesn't exist in Windows XP. It now works fine in Win XP.
  • Invoke-WmiCommand - Fixed some Windows XP and PowerShell v2 compatibility issues
  • Out-EncryptedScript - Hopefully fixed some decrypted output inconsistencies
  • Add-Persistence - Fixed a bug where sometimes the persisted payload was garbled in the profile script
  • Invoke-DllInjection - Fixed logic bug that would manifest itself in Windows XP.
Assets 2