Meatballs
33560a2657
Refactor Msf::Exploit::Powershell to Rex::Powershell to allow for
...
msfvenom usage.
2015-02-10 20:53:46 +00:00
Spencer McIntyre
2a3855c5af
Skip the psh prepend sleep time error when it is 0
2015-02-09 14:20:04 -05:00
Tom Sellers
693e744da4
Hide icon flash on taskbar during cmd_psh_payload
...
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar. This can be avoided (verified) by adding the /b switch to the start section of the command launcher text. I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
2014-08-02 15:52:52 -05:00
Meatballs
5f0533677e
Cheat/Rubycop all the things
2014-07-20 21:07:59 +01:00
Meatballs
19dd21abaf
Remove duplicate methods
2014-04-25 15:40:03 +01:00
Meatballs
72a2849bf1
Better specs
...
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
Meatballs
0137fdb690
Prepend sleep should be an int
2014-04-23 07:29:51 +01:00
Meatballs
61b8fb7921
Remove puts
2014-04-23 06:15:28 +01:00
Meatballs
11526b59a6
Boolean datastore options should always be present
...
Dont evaluate true/false as 'true'/'false'!
2014-04-23 05:03:16 +01:00
Meatballs
1347649a47
Remove unused EOFs
2014-04-23 02:37:07 +01:00
Meatballs
01bfad3489
Correct datastore values
2014-04-23 02:08:57 +01:00
Meatballs
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
Meatballs
88fe619c48
Yarddoc exploit::powershell
2014-04-23 00:15:55 +01:00
Meatballs
4c66e86f73
Dont add extra space in args
2014-04-22 14:44:01 +01:00
Meatballs
0f942d8c3d
Still :shorten command args
2014-04-19 18:58:26 +01:00
Meatballs
270b4b9728
Catch first arg with shorten
2014-04-19 18:54:42 +01:00
RageLtMan
9f05760c50
Merge with Meatballs' initial changes
...
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
RageLtMan
5c3289bbc6
merge fix
2014-04-17 21:26:04 -04:00
Meatballs
0956ae5789
Fix payload selection
2014-03-02 20:56:55 +00:00
Meatballs
1ca690eccf
Do some rspec
2014-03-02 20:37:08 +00:00
Meatballs
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
RageLtMan
0056c26047
import msf exploit
2014-02-12 22:06:18 -05:00
Meatballs
c76341c82d
Dont dsub Invoke-Command etc...
2014-02-09 17:45:30 +00:00
Meatballs
151e45d8d1
Better exception descriptions
2014-02-09 12:52:56 +00:00
Meatballs
77dda5dc67
Give option to remove badchars
2014-02-09 12:34:25 +00:00
Meatballs
0379dc128c
Raise exception on known issues
2014-02-09 12:15:02 +00:00
Meatballs
02f1ff27ee
Add option to encode inner payload
2014-02-09 00:55:26 +00:00
Meatballs
f398c982e3
Include option to ensure payload is fully encoded
2014-02-08 23:51:13 +00:00
Meatballs
ad308efc05
Really minimize commandline size
2014-02-08 22:53:47 +00:00
Meatballs
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
Meatballs
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
Meatballs
435cc9b93f
Add single quote encapsulation
...
For WMI and psh_web_delivery
2013-12-16 15:13:13 +00:00
Meatballs
6c83109422
Really fix wmi
2013-11-23 16:44:44 +00:00
Meatballs
259d5a2dba
Backout Set-Variable as it is 3.0 only
2013-11-23 01:15:13 +00:00
Meatballs
1c60373f68
Reinstate %COMSPEC%
2013-11-23 00:45:04 +00:00
Meatballs
c194fdc67e
Fixup WMI
...
-c doesn't like $var assignments
2013-11-23 00:31:11 +00:00
Meatballs
3cbf768d16
Small size reductions
2013-11-22 22:58:42 +00:00
Meatballs
4fc8bb2b4b
Auto arch detection
2013-10-22 00:42:59 +01:00
Meatballs
971d0b7536
Generate args
2013-09-27 12:48:10 +01:00
Meatballs
5add142789
Choose smallest smallest
2013-09-20 13:47:51 +01:00
Meatballs
9aca98a9d4
Dont need to bypass
2013-09-17 19:12:49 +01:00
Meatballs
60328d5b2a
Bypass no profile and hidden by default
2013-09-13 21:22:15 +01:00
Meatballs
9ade4cb671
Refactor
2013-09-13 20:43:09 +01:00
Meatballs
aa4ad2b005
Change to ' and remove "
2013-09-13 20:23:18 +01:00
Meatballs
243d3d6ebd
Apply comments
2013-09-13 19:19:54 +01:00
Tab Assassin
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
Meatballs
e1cfe7cfe2
Update datastore changes
2013-07-29 15:31:59 +01:00
RageLtMan
4df3b0215c
replace lib/msf/core/exploit/powershell.rb, thanks @Meatballs1
2013-07-20 19:55:01 -04:00
RageLtMan
dc15c5b505
Merge branch 'master' into powershell_import
...
Resolve conflicts from old code being pulled into master.
Conflicts:
lib/msf/core/exploit/powershell.rb
modules/exploits/windows/smb/psexec_psh.rb
2013-07-20 19:29:55 -04:00
RageLtMan
4554cc6e51
Import Powershell libs and modules (again)
...
Add Rex powershell parser:
reads PSH, determines functions, variables, blocks
compresses and cleans up the code it's read, obfuscates
handles string literals and reserved variable names
extracts code blocks and functions for reuse
turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
Make use of Rex parser
Handles payload generation, substituions
Brings convenience methods - byte array generation and download
Re-add .NET compiler
Compiles .NET code (C#/VB.NET) in memory
Can generate binary output file (dynamic persistence)
Handles code-signing (steal cert with mimikatz, sign your bin)
Not detected by AV (still...)
Update payload generation
GZip compression and decompression (see Rex module as well)
msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
Makes use of updated Msf and Rex modules
Runs shellcode in-memory (in a hidden PSH window)
Completely bypasses all AVs tested for the last year...
2013-07-04 14:04:19 -04:00