diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
| commit | b783b459c12112509a733253df9f5935e104200c (patch) | |
| tree | e58bce1f7d2f2584d1426262cc609f153d774e51 /Persistence/New-ElevatedPersistenceOptions.ps1 | |
| parent | 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff) | |
| parent | 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff) | |
| download | PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip | |
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
Diffstat (limited to 'Persistence/New-ElevatedPersistenceOptions.ps1')
| -rw-r--r-- | Persistence/New-ElevatedPersistenceOptions.ps1 | 170 |
1 files changed, 0 insertions, 170 deletions
diff --git a/Persistence/New-ElevatedPersistenceOptions.ps1 b/Persistence/New-ElevatedPersistenceOptions.ps1 deleted file mode 100644 index 4e11dee..0000000 --- a/Persistence/New-ElevatedPersistenceOptions.ps1 +++ /dev/null @@ -1,170 +0,0 @@ -function New-ElevatedPersistenceOptions -{ -<# -.SYNOPSIS - - Configure elevated persistence options for the Add-Persistence function. - - PowerSploit Function: New-ElevatedPersistenceOptions - Author: Matthew Graeber (@mattifestation) - License: BSD 3-Clause - Required Dependencies: None - Optional Dependencies: None - -.DESCRIPTION - - New-ElevatedPersistenceOptions allows for the configuration of elevated persistence options. The output of this function is a required parameter of Add-Persistence. Available persitence options in order of stealth are the following: permanent WMI subscription, scheduled task, and registry. - -.PARAMETER PermanentWMI - - Persist via a permanent WMI event subscription. This option will be the most difficult to detect and remove. - - Detection Difficulty: Difficult - Removal Difficulty: Difficult - User Detectable? No - -.PARAMETER ScheduledTask - - Persist via a scheduled task. - - Detection Difficulty: Moderate - Removal Difficulty: Moderate - User Detectable? No - -.PARAMETER Registry - - Persist via the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key. Note: This option will briefly pop up a PowerShell console to the user. - - Detection Difficulty: Easy - Removal Difficulty: Easy - User Detectable? Yes - -.PARAMETER AtLogon - - Starts the payload upon any user logon. - -.PARAMETER AtStartup - - Starts the payload within 240 and 325 seconds of computer startup. - -.PARAMETER OnIdle - - Starts the payload after one minute of idling. - -.PARAMETER Daily - - Starts the payload daily. - -.PARAMETER At - - Starts the payload at the specified time. You may specify times in the following formats: '12:31 AM', '2 AM', '23:00:00', or '4:06:26 PM'. - -.EXAMPLE - - C:\PS> $ElevatedOptions = New-ElevatedPersistenceOptions -PermanentWMI -Daily -At '3 PM' - -.EXAMPLE - - C:\PS> $ElevatedOptions = New-ElevatedPersistenceOptions -Registry -AtStartup - -.EXAMPLE - - C:\PS> $ElevatedOptions = New-ElevatedPersistenceOptions -ScheduledTask -OnIdle - -.LINK - - http://www.exploit-monday.com -#> - - [CmdletBinding()] Param ( - [Parameter( ParameterSetName = 'PermanentWMIDaily', Mandatory = $True )] - [Parameter( ParameterSetName = 'PermanentWMIAtStartup', Mandatory = $True )] - [Switch] - $PermanentWMI, - - [Parameter( ParameterSetName = 'ScheduledTaskDaily', Mandatory = $True )] - [Parameter( ParameterSetName = 'ScheduledTaskAtLogon', Mandatory = $True )] - [Parameter( ParameterSetName = 'ScheduledTaskOnIdle', Mandatory = $True )] - [Switch] - $ScheduledTask, - - [Parameter( ParameterSetName = 'Registry', Mandatory = $True )] - [Switch] - $Registry, - - [Parameter( ParameterSetName = 'PermanentWMIDaily', Mandatory = $True )] - [Parameter( ParameterSetName = 'ScheduledTaskDaily', Mandatory = $True )] - [Switch] - $Daily, - - [Parameter( ParameterSetName = 'PermanentWMIDaily', Mandatory = $True )] - [Parameter( ParameterSetName = 'ScheduledTaskDaily', Mandatory = $True )] - [DateTime] - $At, - - [Parameter( ParameterSetName = 'ScheduledTaskOnIdle', Mandatory = $True )] - [Switch] - $OnIdle, - - [Parameter( ParameterSetName = 'ScheduledTaskAtLogon', Mandatory = $True )] - [Parameter( ParameterSetName = 'Registry', Mandatory = $True )] - [Switch] - $AtLogon, - - [Parameter( ParameterSetName = 'PermanentWMIAtStartup', Mandatory = $True )] - [Switch] - $AtStartup - ) - - $PersistenceOptionsTable = @{ - Method = '' - Trigger = '' - Time = '' - } - - switch ($PSCmdlet.ParameterSetName) - { - 'PermanentWMIAtStartup' - { - $PersistenceOptionsTable['Method'] = 'PermanentWMI' - $PersistenceOptionsTable['Trigger'] = 'AtStartup' - } - - 'PermanentWMIDaily' - { - $PersistenceOptionsTable['Method'] = 'PermanentWMI' - $PersistenceOptionsTable['Trigger'] = 'Daily' - $PersistenceOptionsTable['Time'] = $At - } - - 'ScheduledTaskAtLogon' - { - $PersistenceOptionsTable['Method'] = 'ScheduledTask' - $PersistenceOptionsTable['Trigger'] = 'AtLogon' - } - - 'ScheduledTaskOnIdle' - { - $PersistenceOptionsTable['Method'] = 'ScheduledTask' - $PersistenceOptionsTable['Trigger'] = 'OnIdle' - } - - 'ScheduledTaskDaily' - { - $PersistenceOptionsTable['Method'] = 'ScheduledTask' - $PersistenceOptionsTable['Trigger'] = 'Daily' - $PersistenceOptionsTable['Time'] = $At - } - - 'Registry' - { - $PersistenceOptionsTable['Method'] = 'Registry' - $PersistenceOptionsTable['Trigger'] = 'AtLogon' - } - } - - $PersistenceOptions = New-Object -TypeName PSObject -Property $PersistenceOptionsTable - $PersistenceOptions.PSObject.TypeNames[0] = 'PowerSploit.Persistence.ElevatedPersistenceOptions' - - Write-Output $PersistenceOptions -}
\ No newline at end of file |