aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-01-13Add 'CanRestart' to output and Pester testssagishahar2-55/+195
Pester tests to the function 'Test-ServiceDaclPermission' were added in order to increase confidence in its reliability. In general, my intention was to replace the current functionality of the service management functions such as Invoke-ServiceStart, to not use blindly 'sc.exe start' but rather consult with the DACL permissions and base the decision on that. Unforunately, further investigation lead me to the conclusion that retrieval of the service's DACL permissions requires that an additional DACL permission (RC) be set. This may lead to an edge case that could miss a potential privilege escalation condition and thereby the original idea was discarded. Nonetheless, 'Test-ServiceDaclPermission' can be used for less critical tasks. Therefore, a 'CanRestart' property was added to the output of the service enumeration functions such as 'Get-ServiceUnquoted' as I think that it will add value to redteamers/pentesters by helping them prioritise which service should be abused for escalation of privileges. Services that can be restarted by a low privileged user will probably be prioritised first. Additionally, manual checking whether the vulnerable service can be restarted would not be required in most cases.
2015-12-18Merge pull request #102 from PowerShellMafia/devv3.0.0PowerShellMafia43-1612/+16557
Merge 3.0 release changes
2015-12-18Set all module versions to 3.0Matt Graeber9-335/+19
Also cleaned up some module manifest cruft.
2015-12-18Improved root module manifest for PS GalleryMatt Graeber1-14/+116
2015-12-18Added manifest info for the PowerShell GalleryMatt Graeber1-0/+17
2015-12-18Updated .psproj to reflect additions/removalsMatt Graeber1-1/+9
2015-12-17Revert "Invoke-ReflectivePEInjection test harnesses updated"Matt Graeber1-2/+2
This reverts commit 98ebc1b0b8b64d069d34d80c128aa226b5e8416f.
2015-12-17Invoke-ReflectivePEInjection test harnesses updatedMatt Graeber1-2/+2
Affected test harness PEs were updated to work in XP. Addresses issue #100
2015-12-16Removed version numbers from scriptsMatt Graeber1-6/+0
A module should maintain a version number not the individual scripts.
2015-12-16Removed all version numbers from scriptsMatt Graeber11-77/+5
Scripts in a module should not be individually versioned. Only the module should be versioned.
2015-12-16Added volume shadow copy functions to README.mdPowerShellMafia1-1/+9
2015-12-16Update README.mdPowerShellMafia1-4/+11
2015-12-16Added a slight delay to Invoke-DllInjection validationMatt Graeber1-2/+4
In some cases, the loaded module would show up as loaded after the check occurred.
2015-12-16Invoke-DllInjection detects OS arch on all OSesMatt Graeber1-6/+4
This fix addresses issue #99. While I'm not the biggest fan of performing tests based on environment variables, I felt that making additional Win32 API calls would have been overkill.
2015-12-16Fixed Add-Persistence. Issue #98Matt Graeber1-1/+2
2015-12-16Fixed mangled decrypted script outputMatt Graeber1-2/+3
Addresses issue #80. This was a tricky fix because the script should ideally handle Unicode and Ascii encoded scripts. I haven't tested scripts with international characters but I would imagine those script would get mangled since the decrypted output is ultimately normalized to ascii.
2015-12-16Fixed Invoke-WmiCommand credential popup issueMatt Graeber1-1/+1
Easy fix to issue #97
2015-12-15Merge pull request #91 from FixTheExchange/patch-1PowerShellMafia1-4/+9
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15Invoke-WmiCommand is now PSv2 compatibleMatt Graeber1-6/+19
This bug fix addresses issue #96. As much as a hate dropping files to disk, this was the easiest way to preserve objects in PSv2+. If someone want to implement the [de]serialization themselves and keep everything in memory, please submit a PR.
2015-12-15Invoke-WmiCommand now obtains full powershell pathMatt Graeber1-2/+16
Addresses issue #95.
2015-12-14Invoke-DllInjection Pester test improvementMatt Graeber1-7/+7
The test dll I now use is advpack.dll since that is present in all versions of windows.
2015-12-14Invoke-Mimkatz: Incorporated latest 2.0 alpha buildMatt Graeber1-6/+9
Updated embedded powerkatz.dll to the latest version of mimikatz - [Commit 1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816) This update addresses issue #94.
2015-12-14Removed commented blocks.Harmj0y1-6/+6
2015-12-14Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit into devHarmj0y3-47/+17
2015-12-14Removed C# enum for Test-ServiceDaclPermissionHarmj0y1-42/+42
2015-12-14Bugfix #93Matt Graeber3-39/+3
Removed the "EndAddress" parameter set since it was never used. This should resolve any parameter set confusion.
2015-12-14Bugfix #92: perform OS check when importing NtCreateThreadExMatt Graeber2-8/+14
2015-12-14Added admin rights check for existing Privesc Pester testsHarmj0y1-1/+45
2015-12-14Get-NetDomain now not called if -ComputerName or -ComputerFile are passed ↵Harmj0y2-228/+173
for meta functions, in order to prevent failure when running on a non-domain joined machine took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
2015-12-14Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-62/+103
2015-12-14Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-54/+68
2015-12-14Fix Invoke-Shellcode OS architecture detectionMatt Graeber1-10/+23
Fixes issue #70
2015-12-14Adding PollingInterval param to Get-KeystrokesMatt Graeber1-3/+15
Incorporates idea from @obscuresec in issue #50.
2015-12-11Added Invoke-DowngradeAccount to set an account to use reversible encryption.Harmj0y1-1/+117
2015-12-11Domain local group query fix.Harmj0y1-30/+140
Added ConvertFrom-UACValue to convert binary UAC values to human readable format. Corrected logic in Set-ADObject.
2015-12-03Start of Recon/PowerView Pester testsHarmj0y1-0/+676
2015-12-03Privesc/PowerUp Pester testsHarmj0y1-0/+485
2015-12-03Added ./Privesc/ folder that integrates PowerUp.ps1Harmj0y5-0/+2479
Updated README.md's
2015-12-03Integration of PowerView into ./Recon/Harmj0y4-16/+11260
2015-11-09Removing Invoke-ShellcodeMSIL from psproj fileMatt Graeber1-1/+0
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber1-1/+1
2015-11-09Adding Pester tests for CodeExecution moduleMatt Graeber1-0/+362
2015-11-09Revert "Excluding the Tests folder from being loaded as a module"Matt Graeber3-363/+2
This reverts commit a0ab599810f8f05a9bf24850fb9104516b71abb7.
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber3-2/+363
2015-11-07Adding -DoNotZeroMZ for testingMatt Graeber1-5/+14
2015-11-07Removed extraneous parametersMatt Graeber1-58/+13
Removed extraneous parameters Removed the following extraneous parameters: -PEPath -PEUrl The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-07Revert "Removed extraneous parameters"Matt Graeber1-18/+89
This reverts commit 0eb520e31f97bc0ca83bd2c1546a18dd97e09d79.
2015-11-07Removed extraneous parametersMatt Graeber1-89/+18
Removed the following extraneous parameters: -PEPath -PEUrl -ComputerName The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-06Fixed a casting bugMatt Graeber1-2/+2
2015-11-05Removing Invoke-ShellcodeMSILMatt Graeber3-272/+1
This was only ever intended to be a PoC. I'll bring this back if requested but it exhibits duplicate functionality.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-31 04:30:03 +0000