diff options
| author | HarmJ0y <will@harmj0y.net> | 2016-12-14 17:50:37 -0500 |
|---|---|---|
| committer | HarmJ0y <will@harmj0y.net> | 2016-12-14 17:50:37 -0500 |
| commit | 1980f403ee78234eae4d93b50890d02f827a099f (patch) | |
| tree | 2fec2850aae270130931f92385b5e5bdb57c1b4f /docs/CodeExecution/Invoke-Shellcode.md | |
| parent | 7cdaa3c2d6afbaaaf10804435e873e14698f40b9 (diff) | |
| download | PowerSploit-1980f403ee78234eae4d93b50890d02f827a099f.tar.gz PowerSploit-1980f403ee78234eae4d93b50890d02f827a099f.zip | |
For ./CodeExecution/ :
-PSScriptAnalyzering
-Tweaking of synopsis blocks in order to support platyPS
-Code standardization
-Generated docs
Diffstat (limited to 'docs/CodeExecution/Invoke-Shellcode.md')
| -rwxr-xr-x | docs/CodeExecution/Invoke-Shellcode.md | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/docs/CodeExecution/Invoke-Shellcode.md b/docs/CodeExecution/Invoke-Shellcode.md new file mode 100755 index 0000000..7240a4c --- /dev/null +++ b/docs/CodeExecution/Invoke-Shellcode.md @@ -0,0 +1,116 @@ +# Invoke-Shellcode
+
+## SYNOPSIS
+Inject shellcode into the process ID of your choosing or within the context of the running PowerShell process.
+
+PowerSploit Function: Invoke-Shellcode
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+## SYNTAX
+
+```
+Invoke-Shellcode [-ProcessID <UInt16>] [-Shellcode <Byte[]>] [-Force]
+```
+
+## DESCRIPTION
+Portions of this project was based upon syringe.c v1.2 written by Spencer McIntyre
+
+PowerShell expects shellcode to be in the form 0xXX,0xXX,0xXX.
+To generate your shellcode in this form, you can use this command from within Backtrack (Thanks, Matt and g0tm1lk):
+
+msfpayload windows/exec CMD="cmd /k calc" EXITFUNC=thread C | sed '1,6d;s/\[";\]//g;s/\\\\/,0/g' | tr -d '\n' | cut -c2-
+
+Make sure to specify 'thread' for your exit process.
+Also, don't bother encoding your shellcode.
+It's entirely unnecessary.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+Invoke-Shellcode -ProcessId 4274
+```
+
+Description
+-----------
+Inject shellcode into process ID 4274.
+
+### -------------------------- EXAMPLE 2 --------------------------
+```
+Invoke-Shellcode
+```
+
+Description
+-----------
+Inject shellcode into the running instance of PowerShell.
+
+### -------------------------- EXAMPLE 3 --------------------------
+```
+Invoke-Shellcode -Shellcode @(0x90,0x90,0xC3)
+```
+
+Description
+-----------
+Overrides the shellcode included in the script with custom shellcode - 0x90 (NOP), 0x90 (NOP), 0xC3 (RET)
+Warning: This script has no way to validate that your shellcode is 32 vs.
+64-bit!
+
+## PARAMETERS
+
+### -ProcessID
+Process ID of the process you want to inject shellcode into.
+
+```yaml
+Type: UInt16
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: 0
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Shellcode
+Specifies an optional shellcode passed in as a byte array
+
+```yaml
+Type: Byte[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Force
+Injects shellcode without prompting for confirmation.
+By default, Invoke-Shellcode prompts for confirmation before performing any malicious act.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+
+## RELATED LINKS
+
|