PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework

Age	Commit message (Collapse)	Author	Files	Lines
2016-03-15	Added Get-SiteName to find the site a computer is a part of	Harmj0y	1	-101/+288
	Added -ComputerName parameter to Get-NetGPO to enumerate all GPOs a given computer has applied Fixed bug in Find-GPOComputerAdmin and added site enumeration for GPO links
2016-03-15	Moved admin check for Get-System to allow for RevToSelf	Harmj0y	1	-4/+4

2016-03-11	Added Get-System to Privesc/	Harmj0y	3	-3/+636
	Added Pester tests for Get-System
2016-03-11	Additional error checking in Get-DFSshare	Harmj0y	1	-9/+10

2016-03-11	Merge pull request #118 from Meatballs1/dfs_v1_pkt	HarmJ0y	1	-6/+198
	Parse DFSv1 PKT
2016-03-10	Get-TimedScreenshot enhancement. Issue #114	Matt Graeber	1	-2/+18
	Get-TimedScreenshot now captures the entire screen. The screen resolution is obtained via WMI. If for some reason that fails, it will fall back to the old, less ideal method.
2016-03-10	Bugfix: Invoke-TokenManipulation. Issue #112	Matt Graeber	1	-6/+19
	Fixed the PSv4 dependency for obtaining process ownership information. Thanks to @mmashwani for suggesting the WMI solution.
2016-03-09	Fixed bug with Get-NetGroupMember and computer accounts.	Harmj0y	1	-33/+15
	samaccounttype enumeration now more accurate.
2016-03-09	fix for Find-GPOComputerAdmin	Harmj0y	1	-3/+15

2016-03-09	Bug fix for Invoke-EnumerateLocalAdmin	Harmj0y	1	-5/+4

2016-03-09	Removed Set-MacAttribute and Copy-ClonedFile	Harmj0y	2	-234/+117
	Combined Convert-NT4toCanonical and Convert-DomainSimpletoNT4 into Convert-ADName
2016-03-07	Added New-GPOImmediateTask	Harmj0y	1	-12/+220

2016-03-07	DomainOnly tweak	Harmj0y	1	-5/+4

2016-03-07	Added -DomainOnly flag to Invoke-EnumerateLocalAdmin	Harmj0y	1	-9/+23

2016-03-07	renamed output field for Get-NetLocalGroup API	Harmj0y	1	-1/+1

2016-03-07	Added NetLocalGroupGetMembers enumeration method for Get-NetLocalGroup with ↵	Harmj0y	1	-151/+302
	the -API flag Fixed threading specification in most threaded functions.
2016-03-07	Parse DFSv1 PKT	Meatballs	1	-6/+198

2016-03-06	Added additional fields to Get-NetLocalGroup results.	Harmj0y	1	-22/+63

2016-02-28	Modified output of Find-GPOLocation to return more object information.	Harmj0y	1	-26/+48

2016-02-28	-fixed several bugs in Find-GPOLocation (-GroupName now works properly and ↵	Harmj0y	1	-132/+147
	Sites returned) -Find-GPOLocation with no arguments now returns all mappings -fixed parsing issue in Get-NetGPOGroup- names now properly extracted from restricted group templates
2016-02-12	Added Pester tests for Get-SiteListPassword	Harmj0y	2	-2/+95
	Encrypted password check for Get-SiteListPassword fields
2016-02-12	Added additional search paths, code cleanup.	Harmj0y	1	-42/+14

2016-02-11	Added Get-SiteListPassword to decrypt McAfee SiteList.xml file passwords.	Harmj0y	2	-1/+203

2016-02-11	Most ldap-based search functions now accept a -Credential argument for ↵	Harmj0y	1	-1084/+1427
	querying from non-domain joined machines without a runas Changed several functions to filters, where appropriate. Get-NetShare, Get-NetSession, Get-NetLoggedOn, Get-NetRDPSession, Invoke-CheckLocalAdminAccess, Get-LastLoggedOn, Get-CachedRDPConnection, Get-NetProcess are now filters, better handle pipeline input, and now return an augmented result object with the queried ComputerName as a field Replaced RemoteUserName/RemotePassword with -Credential parameter in Get-CachedRDPConnection and Get-NetProcess modified output object for Get-NetShare to be a proper object Various bug fixes and better parameter validation
2016-01-25	Merge pull request #111 from sagishahar/dev	HarmJ0y	1	-3/+3
	Fix 'Install-ServiceBinary' for non-'Modifiable' files
2016-01-25	Merge pull request #108 from sagishahar/master	HarmJ0y	2	-55/+195
	Add 'CanRestart' to output and Pester tests
2016-01-17	Fix 'Install-ServiceBinary' for non-'Modifiable' files	sagishahar	1	-3/+3
	The 'Install-ServiceBinary' function fails on an edge case where the service's file permission does not include the 'Modify' permission but does include the 'Write' permission (https://technet.microsoft.com/en-au/library/dd349321(v=ws.10).aspx). In this scenario, renaming the original service file for backup purposes will result in 'Access Denied' message. Fixing this requires that the file be copied to service.exe.bak instead of renamed to service.exe.bak.
2016-01-14	Merge pull request #107 from secabstraction/dev	Matt Graeber	2	-206/+376
	new Get-Keystrokes
2016-01-13	Fixed Pester/PassThru	Jesse Davis	1	-0/+2

2016-01-13	Fixed Pester/PassThru	Jesse Davis	1	-2/+0

2016-01-13	Fixed Pester/PassThru	Jesse Davis	1	-1/+1

2016-01-13	Fixed Pester/PassThru	Jesse Davis	2	-12/+12

2016-01-13	Fixed Pester/PassThru	Jesse Davis	2	-7/+11

2016-01-13	Merge pull request #110 from PowerShellMafia/master	Matt Graeber	1	-1/+2
	Merging Invoke-TokenManipulation fix into dev
2016-01-13	Merge pull request #109 from mmashwani/master	Matt Graeber	1	-1/+2
	Don't search for SYSTEM token by using hard coded English name
2016-01-13	Don't search for SYSTEM token by using hard coded English name for SYSTEM ↵	mmashwani	1	-1/+2
	account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
2016-01-13	Add 'CanRestart' to output and Pester tests	sagishahar	2	-55/+195
	Pester tests to the function 'Test-ServiceDaclPermission' were added in order to increase confidence in its reliability. In general, my intention was to replace the current functionality of the service management functions such as Invoke-ServiceStart, to not use blindly 'sc.exe start' but rather consult with the DACL permissions and base the decision on that. Unforunately, further investigation lead me to the conclusion that retrieval of the service's DACL permissions requires that an additional DACL permission (RC) be set. This may lead to an edge case that could miss a potential privilege escalation condition and thereby the original idea was discarded. Nonetheless, 'Test-ServiceDaclPermission' can be used for less critical tasks. Therefore, a 'CanRestart' property was added to the output of the service enumeration functions such as 'Get-ServiceUnquoted' as I think that it will add value to redteamers/pentesters by helping them prioritise which service should be abused for escalation of privileges. Services that can be restarted by a low privileged user will probably be prioritised first. Additionally, manual checking whether the vulnerable service can be restarted would not be required in most cases.
2016-01-11	Update Get-Keystrokes.ps1	Jesse Davis	1	-4/+4

2016-01-09	Update Exfiltration.tests.ps1	Jesse Davis	1	-2/+2

2016-01-09	new Get-Keystrokes	Jesse Davis	2	-207/+373

2015-12-29	Merge pull request #105 from stufus/find_ad_managed_security_groups	Matt Graeber	5	-63/+138
	Find AD Managed Security Groups
2015-12-29	Added Find-ManagedSecurityGroups to readme	Stuart Morgan	1	-0/+2

2015-12-29	Sorted exports into alphabetical order	Stuart Morgan	1	-13/+13

2015-12-29	Sorted the recon.psd1 module import into alphabetical order	Stuart Morgan	1	-51/+51

2015-12-29	Added reference to function to powersploit.psd1 and recon.psd1	Stuart Morgan	2	-0/+2

2015-12-28	Added Find-ManagedSecurityGroups	Stuart Morgan	1	-0/+71

2015-12-18	Merge pull request #102 from PowerShellMafia/devv3.0.0	PowerShellMafia	43	-1612/+16557
	Merge 3.0 release changes
2015-12-18	Set all module versions to 3.0	Matt Graeber	9	-335/+19
	Also cleaned up some module manifest cruft.
2015-12-18	Improved root module manifest for PS Gallery	Matt Graeber	1	-14/+116

2015-12-18	Added manifest info for the PowerShell Gallery	Matt Graeber	1	-0/+17