| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bug fixes to Invoke-ReflectivePEInjection
|
|
Fixed a bug where calling GetProcAddress by ordinal instead of procedure
name failed.
Fixed a bug where reflectively loading an EXE will cause the entry
function (main()) to be called twice instead of once as expected.
Added a ForceASLR flag to force ASLR to be used even if the PE file
doesn't officially support ASLR.
Some minor other changes.
|
|
|
|
|
|
|
|
Calling CreateRemoteThread on lsass.
Bug fix: Invoke-DllInjection was checking the processor architecture
when it should have been validating the OS architecture. This would
cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit
processor.
|
|
|
|
This vulnerability was patched a while ago making this function largely
irrelevant.
|
|
Package SIDs are now displayed for Win8 apps. Both the package SID and
secret key are requirements for authenticating to Win8 app servers.
|
|
Displays Windows vault credential objects including cleartext web
credentials.
|
|
Update to latest Mimikatz (crash fix on Win7/8)
|
|
The latest version of Mimikatz fixes a crash that happens on Windows7/8
(and server versions) after installing the latest Windows updates.
|
|
Updated to latest Mimikatz
|
|
Latest version of Mimikatz now natively supports being reflectively
loaded by Invoke-ReflectivePEInjection, updating the script to take
advantage of this new version.
|
|
Fixing error in script
|
|
|
|
Updating Invoke-Mimikatz to Mimikatz 2.0 alpha
|
|
|
|
|
|
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
|
|
|
|
Added printers.xml and drives.xml to the search.
|
|
|
|
Added the following recon functions written by Joe Bialek
(@JosephBialek):
- Find-4648Logons
- Find-4624Logons
- Find-AppLockerLogs
- Find-PSScriptsInPSAppLog
- Find-RDPClientConnections
- Get-ComputerDetails (Combines all of the above functions into a single
function)
|
|
This bug fix was from @jakxx
|
|
Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx
|
|
All info gathering pieces of this script can now be called individually.
Fixed a bug where the user SID wasn't being converted to a username in
the RDP function.
|
|
|
|
It doesn't make sense to have these as separate ps1 files.
|
|
The function names New-UserPersistenceOption and
New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform
to PowerShell naming best practices.
|
|
Minor fixes for compatibility between versions
|
|
|
|
|
|
Used Select-XML to ensure compatibility with v2
|
|
Iterate version.
|
|
|
|
Bug fix of variables.
|
|
Thanks @obscuresec!
|
|
Get-ComputerDetails is a recon script which pulls a variety of useful
information off a computer which might later be useful by an attacker.
This includes:
Logons
AppLocker process start logs
PowerShell logs to find scripts run
RDP Client saved servers
|
|
|
|
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
|
|
Added a check to ensure the script isn't being run from Session0 with
the "NewWinLogon" flag. This flag does not work in Session0 because
winlogon.exe tries to load stuff from user32.dll which requires a
desktop is present. This is not possible in Session0 because there is no
desktop/GUI, so it causes winlogon to load and then immediately close
with error code c0000142 indicating a DLL failed to initialize. There is
no way to fix this that I know of, if you need to run the script from
Session0 use the "ExistingWinLogon" flag.
|
|
|
|
This doesn't need to reside in PowerSploit. Those that are truly
paranoid should validate that the embedded executable in
Invoke-Mimikatz.ps1 is indeed mimikatz.
This was causing AV to flag upon downloading PowerSploit.
|
|
Update Invoke-ReverseDnsLookup.ps1
|
|
Added pipeline support and verbose statement.
|
|
The user should at least be made aware if they're using an unsupported
framework library version.
|
|
These are the compiled libs straight from
http://www.capstone-engine.org/download.html
|
|
|
|
|