| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2015-02-26 | Out-EncryptedScript uses FIPS-compliant crypto #60 | mattifestation | 1 | -35/+43 | |
| Thanks, @aconite33 for the suggestion. - TripleDESCryptoServiceProvider is now used as the crypto algorithm because it won't break the script when FIPS compliance is enabled in the registry. - I actually implemented the InitializationVector parameter - Cleaned up the output script - Cleaned up comment-based help | |||||
| 2015-02-17 | Merge pull request #62 from clymb3r/master | Matt Graeber | 1 | -4/+11 | |
| Update to latest Mimikatz, add sanity checks | |||||
| 2015-02-16 | Update to latest Mimikatz, add sanity checks | clymb3r | 1 | -4/+11 | |
| Updated to the latest Mimikatz build. Added sanity checks to ensure that 32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz to fail. | |||||
| 2015-02-03 | Added parameters back to the original Invoke-Shellcode | mattifestation | 1 | -1/+47 | |
| 2015-02-03 | Moved Invoke-Shellcode | mattifestation | 4 | -715/+723 | |
| These things happen | |||||
| 2015-01-26 | Merge pull request #61 from clymb3r/master | Matt Graeber | 1 | -5/+17 | |
| Adding PEBytes parameter | |||||
| 2015-01-26 | Adding PEBytes parameter | clymb3r | 1 | -5/+17 | |
| Added PEBytes parameter for reflectively loading a PE file passed as a byte array to the script. | |||||
| 2015-01-09 | Merge pull request #59 from clymb3r/master | Matt Graeber | 1 | -2/+2 | |
| Bugfix: Resolving ordinals in remote dll injection | |||||
| 2015-01-07 | Bugfix: Resolving ordinals in remote dll injection | clymb3r | 1 | -2/+2 | |
| Thanks to sixdub for finding and fixing a bug when resolving functions by ordinal in remote processes. | |||||
| 2014-11-17 | Add-Persistence bugfix | mattifestation | 2 | -11/+23 | |
| When file paths were specified, they were not being properly validated. | |||||
| 2014-11-16 | Moving all RE functionality to PowerShellArsenal | mattifestation | 40 | -8686/+10 | |
| https://github.com/mattifestation/PowerShellArsenal PowerSploit will now stay true to its roots of being a purely offensive PowerShell module. | |||||
| 2014-10-01 | Loading of an SSP no longer requires a reboot. | mattifestation | 1 | -1/+41 | |
| 2014-10-01 | Merge pull request #56 from clymb3r/master | Matt Graeber | 1 | -5/+35 | |
| Added -PassThru to Invoke-TokenManipulation | |||||
| 2014-10-01 | Added Install-SSP and Get-SecurityPackages | mattifestation | 3 | -4/+303 | |
| 2014-09-28 | Added -PassThru to Invoke-TokenManipulation | clymb3r | 1 | -5/+35 | |
| Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11. | |||||
| 2014-09-13 | Updating the script style guide #2 | mattifestation | 1 | -1/+1 | |
| 2014-09-13 | Updating the script style guide | mattifestation | 1 | -1/+1 | |
| 2014-08-29 | Adding MBR infector Set-MasterBootRecord | mattifestation | 2 | -1/+273 | |
| 2014-08-09 | Removing New-Object proxy function | mattifestation | 3 | -95/+1 | |
| 2014-07-12 | Merge pull request #52 from clymb3r/master | Matt Graeber | 1 | -63/+157 | |
| Bug fixes to Invoke-ReflectivePEInjection | |||||
| 2014-07-10 | Bug fixes to Invoke-ReflectivePEInjection | clymb3r | 1 | -63/+157 | |
| Fixed a bug where calling GetProcAddress by ordinal instead of procedure name failed. Fixed a bug where reflectively loading an EXE will cause the entry function (main()) to be called twice instead of once as expected. Added a ForceASLR flag to force ASLR to be used even if the PE file doesn't officially support ASLR. Some minor other changes. | |||||
| 2014-07-10 | Removed required module statement from Capstone | mattifestation | 1 | -2/+0 | |
| 2014-06-30 | Updated Get-VaultCredential name in README | mattifestation | 1 | -1/+1 | |
| 2014-06-30 | Get-VaultCredential now takes the singular form. | mattifestation | 3 | -6/+6 | |
| 2014-06-21 | Invoke-DllInjection now calls RtlCreateUserThread | mattifestation | 1 | -24/+26 | |
| Calling CreateRemoteThread on lsass. Bug fix: Invoke-DllInjection was checking the processor architecture when it should have been validating the OS architecture. This would cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit processor. | |||||
| 2014-06-19 | Adding Mayhem module and Set-CriticalProcess | mattifestation | 4 | -0/+206 | |
| 2014-06-19 | Removing Watch-BlueScreen | mattifestation | 3 | -83/+1 | |
| This vulnerability was patched a while ago making this function largely irrelevant. | |||||
| 2014-05-31 | Updated Get-VaultCredentials - Package SID | mattifestation | 2 | -1/+19 | |
| Package SIDs are now displayed for Win8 apps. Both the package SID and secret key are requirements for authenticating to Win8 app servers. | |||||
| 2014-05-30 | Issue #43 - Adding Get-VaultCredentials | mattifestation | 4 | -41/+426 | |
| Displays Windows vault credential objects including cleartext web credentials. | |||||
| 2014-05-20 | Merge pull request #49 from clymb3r/master | Chris Campbell | 1 | -4/+4 | |
| Update to latest Mimikatz (crash fix on Win7/8) | |||||
| 2014-05-20 | Update to latest Mimikatz (crash fix on Win7/8) | clymb3r | 1 | -4/+4 | |
| The latest version of Mimikatz fixes a crash that happens on Windows7/8 (and server versions) after installing the latest Windows updates. | |||||
| 2014-05-05 | Merge pull request #44 from clymb3r/master | Matt Graeber | 1 | -10/+24 | |
| Updated to latest Mimikatz | |||||
| 2014-05-04 | Updated to latest Mimikatz | clymb3r | 1 | -10/+24 | |
| Latest version of Mimikatz now natively supports being reflectively loaded by Invoke-ReflectivePEInjection, updating the script to take advantage of this new version. | |||||
| 2014-04-28 | Merge pull request #42 from clymb3r/master | Matt Graeber | 1 | -2/+0 | |
| Fixing error in script | |||||
| 2014-04-28 | Fixing error in script | clymb3r | 1 | -2/+0 | |
| 2014-04-19 | Merge pull request #41 from clymb3r/master | Matt Graeber | 2 | -12/+12 | |
| Updating Invoke-Mimikatz to Mimikatz 2.0 alpha | |||||
| 2014-04-16 | Fixing formatting | clymb3r | 2 | -1/+2 | |
| 2014-04-16 | Fixing garbage put in by merge | clymb3r | 2 | -17/+0 | |
| 2014-04-16 | Merge branch 'master' of https://github.com/mattifestation/PowerSploit | clymb3r | 364 | -17271/+1688 | |
| Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1 | |||||
| 2014-04-16 | Updating Invoke-Mimikatz to Mimikatz 2.0 alpha | clymb3r | 1 | -9/+9 | |
| 2014-03-21 | Missing File Names | Chris Campbell | 1 | -2/+2 | |
| Added printers.xml and drives.xml to the search. | |||||
| 2014-03-16 | Fixed error in PowerSploit ADS removal one-liner | mattifestation | 1 | -1/+1 | |
| 2014-03-16 | Adding internal recon/privesc privesc functions #40 | mattifestation | 2 | -1/+583 | |
| Added the following recon functions written by Joe Bialek (@JosephBialek): - Find-4648Logons - Find-4624Logons - Find-AppLockerLogs - Find-PSScriptsInPSAppLog - Find-RDPClientConnections - Get-ComputerDetails (Combines all of the above functions into a single function) | |||||
| 2014-03-05 | Bug fix of from v3 XML expanding to $Count | Chris Campbell | 1 | -2/+2 | |
| This bug fix was from @jakxx | |||||
| 2014-03-05 | Update to version 2.4.0 from @jakxx | Chris Campbell | 1 | -3/+14 | |
| Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx | |||||
| 2014-03-02 | Separating out functions & bug fix | clymb3r | 1 | -295/+438 | |
| All info gathering pieces of this script can now be called individually. Fixed a bug where the user SID wasn't being converted to a username in the RDP function. | |||||
| 2014-03-01 | Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy | mattifestation | 3 | -1/+157 | |
| 2014-02-23 | Consolidated Persistence module functions into Persistence.psm1 | mattifestation | 5 | -703/+701 | |
| It doesn't make sense to have these as separate ps1 files. | |||||
| 2014-02-23 | #31 Persistence module function nouns are now singular | mattifestation | 5 | -42/+42 | |
| The function names New-UserPersistenceOption and New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform to PowerShell naming best practices. | |||||
| 2014-02-21 | Merge pull request #32 from obscuresec/master | Matt Graeber | 1 | -72/+65 | |
| Minor fixes for compatibility between versions | |||||