11 files changed, 5 insertions, 77 deletions

diff --git a/AntivirusBypass/AntivirusBypass.psd1 b/AntivirusBypass/AntivirusBypass.psd1
index 29949c1..507cfdb 100644
--- a/AntivirusBypass/AntivirusBypass.psd1
+++ b/AntivirusBypass/AntivirusBypass.psd1
@@ -1,5 +1,4 @@
 @{

-

 # Script module or binary module file associated with this manifest.

 ModuleToProcess = 'AntivirusBypass.psm1'

 

@@ -24,39 +23,6 @@ Description = 'PowerSploit Antivirus Avoidance/Bypass Module'
 # Minimum version of the Windows PowerShell engine required by this module

 PowerShellVersion = '2.0'

 

-# Name of the Windows PowerShell host required by this module

-# PowerShellHostName = ''

-

-# Minimum version of the Windows PowerShell host required by this module

-# PowerShellHostVersion = ''

-

-# Minimum version of the .NET Framework required by this module

-# DotNetFrameworkVersion = ''

-

-# Minimum version of the common language runtime (CLR) required by this module

-# CLRVersion = ''

-

-# Processor architecture (None, X86, Amd64) required by this module

-# ProcessorArchitecture = ''

-

-# Modules that must be imported into the global environment prior to importing this module

-# RequiredModules = @()

-

-# Assemblies that must be loaded prior to importing this module

-# RequiredAssemblies = @()

-

-# Script files (.ps1) that are run in the caller's environment prior to importing this module.

-# ScriptsToProcess = ''

-

-# Type files (.ps1xml) to be loaded when importing this module

-# TypesToProcess = @()

-

-# Format files (.ps1xml) to be loaded when importing this module

-# FormatsToProcess = @()

-

-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess

-# NestedModules = @()

-

 # Functions to export from this module

 FunctionsToExport = '*'

 

@@ -74,14 +40,4 @@ ModuleList = @(@{ModuleName = 'AntivirusBypass'; ModuleVersion = '1.0.0.0'; GUID
 

 # List of all files packaged with this module

 FileList = 'AntivirusBypass.psm1', 'AntivirusBypass.psd1', 'Find-AVSignature.ps1', 'Usage.md'

-

-# Private data to pass to the module specified in RootModule/ModuleToProcess

-# PrivateData = ''

-

-# HelpInfo URI of this module

-# HelpInfoURI = ''

-

-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.

-# DefaultCommandPrefix = ''

-

 }

diff --git a/CodeExecution/Invoke-ReflectivePEInjection.ps1 b/CodeExecution/Invoke-ReflectivePEInjection.ps1
index 4a1d0e8..990c4b1 100644
--- a/CodeExecution/Invoke-ReflectivePEInjection.ps1
+++ b/CodeExecution/Invoke-ReflectivePEInjection.ps1
@@ -153,13 +153,10 @@ Find a DemoDLL at: https://github.com/clymb3r/PowerShell/tree/master/Invoke-Refl
 
 .LINK
 
-Blog: http://clymb3r.wordpress.com/
-Github repo: https://github.com/clymb3r/PowerShell/tree/master/Invoke-ReflectivePEInjection
+http://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/
 
-Blog on reflective loading: http://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/
 Blog on modifying mimikatz for reflective loading: http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
 Blog on using this script as a backdoor with SQL server: http://www.casaba.com/blog/
-
 #>
 
 [CmdletBinding()]
diff --git a/CodeExecution/Invoke-WmiCommand.ps1 b/CodeExecution/Invoke-WmiCommand.ps1
index c15d478..0c06424 100644
--- a/CodeExecution/Invoke-WmiCommand.ps1
+++ b/CodeExecution/Invoke-WmiCommand.ps1
@@ -1,5 +1,3 @@
-#Requires -Version 2
-
 function Invoke-WmiCommand {
 <#
 .SYNOPSIS
diff --git a/Exfiltration/Get-GPPPassword.ps1 b/Exfiltration/Get-GPPPassword.ps1
index ea87de4..768a0d2 100644
--- a/Exfiltration/Get-GPPPassword.ps1
+++ b/Exfiltration/Get-GPPPassword.ps1
@@ -9,7 +9,6 @@ function Get-GPPPassword {
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 2.4.2
  
 .DESCRIPTION
 
diff --git a/Exfiltration/Invoke-CredentialInjection.ps1 b/Exfiltration/Invoke-CredentialInjection.ps1
index f4357bd..a7b312d 100644
--- a/Exfiltration/Invoke-CredentialInjection.ps1
+++ b/Exfiltration/Invoke-CredentialInjection.ps1
@@ -13,7 +13,6 @@ function Invoke-CredentialInjection
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 1.1
 
     .DESCRIPTION
 
diff --git a/Exfiltration/Invoke-Mimikatz.ps1 b/Exfiltration/Invoke-Mimikatz.ps1
index 6934584..c701f63 100644
--- a/Exfiltration/Invoke-Mimikatz.ps1
+++ b/Exfiltration/Invoke-Mimikatz.ps1
@@ -15,9 +15,7 @@ Mimikatz Author: Benjamin DELPY `gentilkiwi`. Blog: http://blog.gentilkiwi.com.
 License:  http://creativecommons.org/licenses/by/3.0/fr/
 Required Dependencies: Mimikatz (included)
 Optional Dependencies: None
-Version: 1.5
-ReflectivePEInjection version: 1.1
-Mimikatz version: 2.0 alpha (2/16/2015)
+Mimikatz version: 2.0 alpha (12/14/2015)
 
 .DESCRIPTION
 
@@ -62,15 +60,7 @@ Find mimikatz at: http://blog.gentilkiwi.com
 
 .LINK
 
-Blog: http://clymb3r.wordpress.com/
-Benjamin DELPY blog: http://blog.gentilkiwi.com
-
-Github repo: https://github.com/clymb3r/PowerShell
-mimikatz Github repo: https://github.com/gentilkiwi/mimikatz
-
-Blog on reflective loading: http://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/
-Blog on modifying mimikatz for reflective loading: http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
-
+http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
 #>
 
 [CmdletBinding(DefaultParameterSetName="DumpCreds")]
diff --git a/Exfiltration/Invoke-NinjaCopy.ps1 b/Exfiltration/Invoke-NinjaCopy.ps1
index 36cef8d..15bee1b 100644
--- a/Exfiltration/Invoke-NinjaCopy.ps1
+++ b/Exfiltration/Invoke-NinjaCopy.ps1
@@ -25,8 +25,6 @@ Contributors: This script has a byte array hardcoded, which contains a DLL wich
 License: GPLv3 or later
 Required Dependencies: None
 Optional Dependencies: None
-Version: 1.1
-ReflectivePEInjection version: 1.1
 
 .DESCRIPTION
 
diff --git a/Exfiltration/Invoke-TokenManipulation.ps1 b/Exfiltration/Invoke-TokenManipulation.ps1
index 90f9d47..3a61da8 100644
--- a/Exfiltration/Invoke-TokenManipulation.ps1
+++ b/Exfiltration/Invoke-TokenManipulation.ps1
@@ -49,8 +49,6 @@ Author: Joe Bialek, Twitter: @JosephBialek
 License: BSD 3-Clause
 Required Dependencies: None
 Optional Dependencies: None
-Version: 1.12
-(1.11 -> 1.12: Simple logic added by Josh M. Bryant to find an unprotected process to grab a SYSTEM token from, rather than hardcoding to wininit, https://www.fixtheexchange.com/)
 
 .DESCRIPTION
 
diff --git a/Exfiltration/VolumeShadowCopyTools.ps1 b/Exfiltration/VolumeShadowCopyTools.ps1
index 9d6952e..579dd0e 100644
--- a/Exfiltration/VolumeShadowCopyTools.ps1
+++ b/Exfiltration/VolumeShadowCopyTools.ps1
@@ -10,7 +10,6 @@ function Get-VolumeShadowCopy
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 2.0.0
 #>
 
     $UserIdentity = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent())
@@ -35,7 +34,6 @@ function New-VolumeShadowCopy
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 2.0.0
 
 .DESCRIPTION
 
@@ -121,7 +119,6 @@ function Remove-VolumeShadowCopy
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 2.0.0
 
 .DESCRIPTION
 
@@ -180,7 +177,6 @@ function Mount-VolumeShadowCopy
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    Version: 2.0.0
 
 .DESCRIPTION
 
diff --git a/PowerSploit.psd1 b/PowerSploit.psd1
index 678294b..0137fd7 100644
--- a/PowerSploit.psd1
+++ b/PowerSploit.psd1
@@ -41,5 +41,6 @@ ModuleList = @( @{ModuleName = 'AntivirusBypass'; ModuleVersion = '1.0.0.0'; GUI
                 @{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'},
                 @{ModuleName = 'Recon'; ModuleVersion = '1.0.0.0'; GUID = '7e775ad6-cd3d-4a93-b788-da067274c877'},
                 @{ModuleName = 'ScriptModification'; ModuleVersion = '1.0.0.0'; GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'},
-                @{ModuleName = 'Persistence'; ModuleVersion = '1.0.0.0'; GUID = '633d0f10-a056-41da-869d-6d2f75430195'} )
+                @{ModuleName = 'Persistence'; ModuleVersion = '1.0.0.0'; GUID = '633d0f10-a056-41da-869d-6d2f75430195'},
+                @{ModuleName = 'PrivEsc'; ModuleVersion = '1.0.0.0'; GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'} )
 }
diff --git a/Recon/Invoke-Portscan.ps1 b/Recon/Invoke-Portscan.ps1
index 99bbb89..6f059e2 100644
--- a/Recon/Invoke-Portscan.ps1
+++ b/Recon/Invoke-Portscan.ps1
@@ -15,10 +15,6 @@ Optional Dependencies: None
 
 Does a simple port scan using regular sockets, based (pretty) loosely on nmap
 
-.NOTES
-
-version .13
-
 .PARAMETER Hosts
 
 Include these comma seperated hosts (supports IPv4 CIDR notation) or pipe them in