Complete rewrite of Powersyringe

7 files changed, 250 insertions, 0 deletions

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..26ea710
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,49 @@
+*.doc  diff=astextplain

+*.DOC	diff=astextplain

+*.docx	diff=astextplain

+*.DOCX	diff=astextplain

+*.dot	diff=astextplain

+*.DOT	diff=astextplain

+*.pdf	diff=astextplain

+*.PDF	diff=astextplain

+*.rtf	diff=astextplain

+*.RTF	diff=astextplain

+

+*.jpg  	binary

+*.png 	binary

+*.gif 	binary

+

+*.cs text=auto diff=csharp 

+*.vb text=auto

+*.c text=auto

+*.cpp text=auto

+*.cxx text=auto

+*.h text=auto

+*.hxx text=auto

+*.py text=auto

+*.rb text=auto

+*.java text=auto

+*.html text=auto

+*.htm text=auto

+*.css text=auto

+*.scss text=auto

+*.sass text=auto

+*.less text=auto

+*.js text=auto

+*.lisp text=auto

+*.clj text=auto

+*.sql text=auto

+*.php text=auto

+*.lua text=auto

+*.m text=auto

+*.asm text=auto

+*.erl text=auto

+*.fs text=auto

+*.fsx text=auto

+*.hs text=auto

+

+*.csproj text=auto merge=union 

+*.vbproj text=auto merge=union 

+*.fsproj text=auto merge=union 

+*.dbproj text=auto merge=union 

+*.sln text=auto eol=crlf merge=union 

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c583f98
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,165 @@
+

+#################

+## Eclipse

+#################

+

+*.pydevproject

+.project

+.metadata

+bin/**

+tmp/**

+tmp/**/*

+*.tmp

+*.bak

+*.swp

+*~.nib

+local.properties

+.classpath

+.settings/

+.loadpath

+

+# External tool builders

+.externalToolBuilders/

+

+# Locally stored "Eclipse launch configurations"

+*.launch

+

+# CDT-specific

+.cproject

+

+# PDT-specific

+.buildpath

+

+

+#################

+## Visual Studio

+#################

+

+## Ignore Visual Studio temporary files, build results, and

+## files generated by popular Visual Studio add-ons.

+

+# User-specific files

+*.suo

+*.user

+*.sln.docstates

+

+# Build results

+**/[Dd]ebug/

+**/[Rr]elease/

+*_i.c

+*_p.c

+*.ilk

+*.meta

+*.obj

+*.pch

+*.pdb

+*.pgc

+*.pgd

+*.rsp

+*.sbr

+*.tlb

+*.tli

+*.tlh

+*.tmp

+*.vspscc

+.builds

+**/*.dotCover

+

+## TODO: If you have NuGet Package Restore enabled, uncomment this

+#**/packages/ 

+

+# Visual C++ cache files

+ipch/

+*.aps

+*.ncb

+*.opensdf

+*.sdf

+

+# Visual Studio profiler

+*.psess

+*.vsp

+

+# ReSharper is a .NET coding add-in

+_ReSharper*

+

+# Installshield output folder 

+[Ee]xpress

+

+# DocProject is a documentation generator add-in

+DocProject/buildhelp/

+DocProject/Help/*.HxT

+DocProject/Help/*.HxC

+DocProject/Help/*.hhc

+DocProject/Help/*.hhk

+DocProject/Help/*.hhp

+DocProject/Help/Html2

+DocProject/Help/html

+

+# Click-Once directory

+publish

+

+# Others

+[Bb]in

+[Oo]bj

+sql

+TestResults

+*.Cache

+ClientBin

+stylecop.*

+~$*

+*.dbmdl

+Generated_Code #added for RIA/Silverlight projects

+

+# Backup & report files from converting an old project file to a newer

+# Visual Studio version. Backup files are not needed, because we have git ;-)

+_UpgradeReport_Files/

+Backup*/

+UpgradeLog*.XML

+

+

+

+############

+## Windows

+############

+

+# Windows image file caches

+Thumbs.db 

+

+# Folder config file

+Desktop.ini

+

+

+#############

+## Python

+#############

+

+*.py[co]

+

+# Packages

+*.egg

+*.egg-info

+dist

+build

+eggs

+parts

+bin

+var

+sdist

+develop-eggs

+.installed.cfg

+

+# Installer logs

+pip-log.txt

+

+# Unit test / coverage reports

+.coverage

+.tox

+

+#Translations

+*.mo

+

+#Mr Developer

+.mr.developer.cfg

+

+# Mac crap

+.DS_Store

diff --git a/Encrypt-Script.ps1 b/Encrypt-Script.ps1
new file mode 100644
index 0000000..7d043d3
--- /dev/null
+++ b/Encrypt-Script.ps1
diff --git a/Inject-Dll.ps1 b/Inject-Dll.ps1
new file mode 100644
index 0000000..6f81ef2
--- /dev/null
+++ b/Inject-Dll.ps1
diff --git a/Inject-Shellcode.ps1 b/Inject-Shellcode.ps1
new file mode 100644
index 0000000..14b673c
--- /dev/null
+++ b/Inject-Shellcode.ps1
diff --git a/README b/README
new file mode 100644
index 0000000..637415e
--- /dev/null
+++ b/README
@@ -0,0 +1,19 @@
+PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests. PowerSploit is comprised of the following scripts:

+

+

+Inject-Dll:

+

+   Inject-Dll injects a Dll into the process ID of your choosing.

+

+Inject-Shellcode:

+

+   Inject-Shellcode injects shellcode into the process ID of your choosing or within PowerShell locally.

+

+Encrypt-Script:

+

+   Encrypt-Script will encrypt a script (or any text file for that matter) and output the results to a minimally obfuscated script - evil.ps1.

+

+

+Usage:

+

+   Refer to the comment-based help in each individual script for usage information.
\ No newline at end of file
diff --git a/Release_Notes.txt b/Release_Notes.txt
new file mode 100644
index 0000000..4fc2004
--- /dev/null
+++ b/Release_Notes.txt
@@ -0,0 +1,17 @@
+05/26/2012

+----------

+

+* All the features of PowerSyringe have now been split up into separate scripts which now fall under the PowerSploit project.

+* Completely rewrote the PowerSyringe code from scratch.

+* All scripts are now in conformance with proper PowerShell verb-noun agreement.

+* All the scripts are entirely memory-resident now. This feature is possible through reflection. For more information on the implementation details, read my blog post: http://www.exploit-monday.com/2012/05/accessing-native-windows-api-in.html

+* Improved error handing. Error handlers should pick up on every fault now.

+* Added calls to VirtualFree for proper cleanup.

+* Detailed output is now displayed when the -Verbose option is enabled.

+* CreateThread assembly stub is now implemented in a function and is much more readable.

+

+

+Original Powersyringe

+---------------------

+

+The original Powersyringe can still be found in my Google Docs page: https://docs.google.com/open?id=0B-K55rLoulAfOGZiYjQzZGEtMGE5NC00NDgwLThmYjctZjc5YmIxNDQ5ZTE2