aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-03-06Added additional fields to Get-NetLocalGroup results.Harmj0y1-22/+63
2016-02-28Modified output of Find-GPOLocation to return more object information.Harmj0y1-26/+48
2016-02-28-fixed several bugs in Find-GPOLocation (-GroupName now works properly and ↵Harmj0y1-132/+147
Sites returned) -Find-GPOLocation with no arguments now returns all mappings -fixed parsing issue in Get-NetGPOGroup- names now properly extracted from restricted group templates
2016-02-12Added Pester tests for Get-SiteListPasswordHarmj0y2-2/+95
Encrypted password check for Get-SiteListPassword fields
2016-02-12Added additional search paths, code cleanup.Harmj0y1-42/+14
2016-02-11Added Get-SiteListPassword to decrypt McAfee SiteList.xml file passwords.Harmj0y2-1/+203
2016-02-11Most ldap-based search functions now accept a -Credential argument for ↵Harmj0y1-1084/+1427
querying from non-domain joined machines without a runas Changed several functions to filters, where appropriate. Get-NetShare, Get-NetSession, Get-NetLoggedOn, Get-NetRDPSession, Invoke-CheckLocalAdminAccess, Get-LastLoggedOn, Get-CachedRDPConnection, Get-NetProcess are now filters, better handle pipeline input, and now return an augmented result object with the queried ComputerName as a field Replaced RemoteUserName/RemotePassword with -Credential parameter in Get-CachedRDPConnection and Get-NetProcess modified output object for Get-NetShare to be a proper object Various bug fixes and better parameter validation
2016-01-25Merge pull request #111 from sagishahar/devHarmJ0y1-3/+3
Fix 'Install-ServiceBinary' for non-'Modifiable' files
2016-01-25Merge pull request #108 from sagishahar/masterHarmJ0y2-55/+195
Add 'CanRestart' to output and Pester tests
2016-01-17Fix 'Install-ServiceBinary' for non-'Modifiable' filessagishahar1-3/+3
The 'Install-ServiceBinary' function fails on an edge case where the service's file permission does not include the 'Modify' permission but does include the 'Write' permission (https://technet.microsoft.com/en-au/library/dd349321(v=ws.10).aspx). In this scenario, renaming the original service file for backup purposes will result in 'Access Denied' message. Fixing this requires that the file be copied to service.exe.bak instead of renamed to service.exe.bak.
2016-01-14Merge pull request #107 from secabstraction/devMatt Graeber2-206/+376
new Get-Keystrokes
2016-01-13Fixed Pester/PassThruJesse Davis1-0/+2
2016-01-13Fixed Pester/PassThruJesse Davis1-2/+0
2016-01-13Fixed Pester/PassThruJesse Davis1-1/+1
2016-01-13Fixed Pester/PassThruJesse Davis2-12/+12
2016-01-13Fixed Pester/PassThruJesse Davis2-7/+11
2016-01-13Merge pull request #110 from PowerShellMafia/masterMatt Graeber1-1/+2
Merging Invoke-TokenManipulation fix into dev
2016-01-13Merge pull request #109 from mmashwani/masterMatt Graeber1-1/+2
Don't search for SYSTEM token by using hard coded English name
2016-01-13Don't search for SYSTEM token by using hard coded English name for SYSTEM ↵mmashwani1-1/+2
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
2016-01-13Add 'CanRestart' to output and Pester testssagishahar2-55/+195
Pester tests to the function 'Test-ServiceDaclPermission' were added in order to increase confidence in its reliability. In general, my intention was to replace the current functionality of the service management functions such as Invoke-ServiceStart, to not use blindly 'sc.exe start' but rather consult with the DACL permissions and base the decision on that. Unforunately, further investigation lead me to the conclusion that retrieval of the service's DACL permissions requires that an additional DACL permission (RC) be set. This may lead to an edge case that could miss a potential privilege escalation condition and thereby the original idea was discarded. Nonetheless, 'Test-ServiceDaclPermission' can be used for less critical tasks. Therefore, a 'CanRestart' property was added to the output of the service enumeration functions such as 'Get-ServiceUnquoted' as I think that it will add value to redteamers/pentesters by helping them prioritise which service should be abused for escalation of privileges. Services that can be restarted by a low privileged user will probably be prioritised first. Additionally, manual checking whether the vulnerable service can be restarted would not be required in most cases.
2016-01-11Update Get-Keystrokes.ps1Jesse Davis1-4/+4
2016-01-09Update Exfiltration.tests.ps1Jesse Davis1-2/+2
2016-01-09new Get-KeystrokesJesse Davis2-207/+373
2015-12-29Merge pull request #105 from stufus/find_ad_managed_security_groupsMatt Graeber5-63/+138
Find AD Managed Security Groups
2015-12-29Added Find-ManagedSecurityGroups to readmeStuart Morgan1-0/+2
2015-12-29Sorted exports into alphabetical orderStuart Morgan1-13/+13
2015-12-29Sorted the recon.psd1 module import into alphabetical orderStuart Morgan1-51/+51
2015-12-29Added reference to function to powersploit.psd1 and recon.psd1Stuart Morgan2-0/+2
2015-12-28Added Find-ManagedSecurityGroupsStuart Morgan1-0/+71
2015-12-18Merge pull request #102 from PowerShellMafia/devv3.0.0PowerShellMafia43-1612/+16557
Merge 3.0 release changes
2015-12-18Set all module versions to 3.0Matt Graeber9-335/+19
Also cleaned up some module manifest cruft.
2015-12-18Improved root module manifest for PS GalleryMatt Graeber1-14/+116
2015-12-18Added manifest info for the PowerShell GalleryMatt Graeber1-0/+17
2015-12-18Updated .psproj to reflect additions/removalsMatt Graeber1-1/+9
2015-12-17Revert "Invoke-ReflectivePEInjection test harnesses updated"Matt Graeber1-2/+2
This reverts commit 98ebc1b0b8b64d069d34d80c128aa226b5e8416f.
2015-12-17Invoke-ReflectivePEInjection test harnesses updatedMatt Graeber1-2/+2
Affected test harness PEs were updated to work in XP. Addresses issue #100
2015-12-16Removed version numbers from scriptsMatt Graeber1-6/+0
A module should maintain a version number not the individual scripts.
2015-12-16Removed all version numbers from scriptsMatt Graeber11-77/+5
Scripts in a module should not be individually versioned. Only the module should be versioned.
2015-12-16Added volume shadow copy functions to README.mdPowerShellMafia1-1/+9
2015-12-16Update README.mdPowerShellMafia1-4/+11
2015-12-16Added a slight delay to Invoke-DllInjection validationMatt Graeber1-2/+4
In some cases, the loaded module would show up as loaded after the check occurred.
2015-12-16Invoke-DllInjection detects OS arch on all OSesMatt Graeber1-6/+4
This fix addresses issue #99. While I'm not the biggest fan of performing tests based on environment variables, I felt that making additional Win32 API calls would have been overkill.
2015-12-16Fixed Add-Persistence. Issue #98Matt Graeber1-1/+2
2015-12-16Fixed mangled decrypted script outputMatt Graeber1-2/+3
Addresses issue #80. This was a tricky fix because the script should ideally handle Unicode and Ascii encoded scripts. I haven't tested scripts with international characters but I would imagine those script would get mangled since the decrypted output is ultimately normalized to ascii.
2015-12-16Fixed Invoke-WmiCommand credential popup issueMatt Graeber1-1/+1
Easy fix to issue #97
2015-12-15Merge pull request #91 from FixTheExchange/patch-1PowerShellMafia1-4/+9
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15Invoke-WmiCommand is now PSv2 compatibleMatt Graeber1-6/+19
This bug fix addresses issue #96. As much as a hate dropping files to disk, this was the easiest way to preserve objects in PSv2+. If someone want to implement the [de]serialization themselves and keep everything in memory, please submit a PR.
2015-12-15Invoke-WmiCommand now obtains full powershell pathMatt Graeber1-2/+16
Addresses issue #95.
2015-12-14Invoke-DllInjection Pester test improvementMatt Graeber1-7/+7
The test dll I now use is advpack.dll since that is present in all versions of windows.
2015-12-14Invoke-Mimkatz: Incorporated latest 2.0 alpha buildMatt Graeber1-6/+9
Updated embedded powerkatz.dll to the latest version of mimikatz - [Commit 1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816) This update addresses issue #94.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-28 21:56:41 +0000