| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All info gathering pieces of this script can now be called individually.
Fixed a bug where the user SID wasn't being converted to a username in
the RDP function.
|
|
Get-ComputerDetails is a recon script which pulls a variety of useful
information off a computer which might later be useful by an attacker.
This includes:
Logons
AppLocker process start logs
PowerShell logs to find scripts run
RDP Client saved servers
|
|
Added a check to ensure the script isn't being run from Session0 with
the "NewWinLogon" flag. This flag does not work in Session0 because
winlogon.exe tries to load stuff from user32.dll which requires a
desktop is present. This is not possible in Session0 because there is no
desktop/GUI, so it causes winlogon to load and then immediately close
with error code c0000142 indicating a DLL failed to initialize. There is
no way to fix this that I know of, if you need to run the script from
Session0 use the "ExistingWinLogon" flag.
|
|
Processes could not be started when the script was being run from
Session 0. The fix is to use the CreateProcessAsUserW function when
running in Session 0. This API requires SeAssignPrimaryTokenPrivilege
priviege, so for non-session0 calls I still use CreateProcessWithTokenW
which does not require special privileges.
|
|
|
|
|
|
|
|
|
|
|
|
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
|
|
|
|
|
|
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
|
|
|
|
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
|
|
Scripts now work in 2008r2. I thought I tested before uploading but
something broke somehow... Now the scripts work in 2008r2 and win8+
|
|
|
|
Don't want gigantic ipch files from visual studio (among other useless
files) to be uploaded.
|
|
.NET 4.5 introduced breaking changes in the way Marshalling works. Added
a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5.
|
|
Prior to this fix, DllMain with the ProessDetach flag was not called
when unloading the reflectively loaded DLL. This was causing very weird
crashes in the Invoke-NinjaCopy script which is built on this script.
This should fix the crash.
|
|
Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
|
|
The latest version of .NET added generics to many of the InteropService
methods. Therefore, all of my uses of types need to be explicitly cast
with [Type].
|
|
Output from Get-ILDisassembly is slightly cleaner.
|
|
This functionality is present and maintained in Get-PEHeader.
|
|
|
|
Out-Minidump now outputs a FileInfo object (i.e. the same output as
Get-ChildItem) upon successfully creating a dump file.
|
|
|
|
added ErrorAction SilentlyContinue to Get-ChildItem
|
|
The compiler parameters were not being applied to Add-Type in
Get-PEHeader. Derp.
This led to unexpected errors when Visual Studio environment variables
were defined.
|
|
Sometimes you will have a denied access to a directory.
"ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied.
|
|
|
|
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
|
|
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
|
|
Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects!
|
|
Webstersprodigy portscan
|
|
|
|
into webstersprodigy-Portscan
Conflicts:
Recon/Recon.psd1
|
|
|
|
Get-NtSystemInformation now returns SystemCodeIntegrityInformation -
i.e. user-mode code integrity settings. This required reverse
engineering a dll that is only present on Windows 8 ARM devices.
|
|
Bug fix for error handling
|
|
Fix error handling and various style problems
|
|
|
|
Add checks to terminate script if not running in proper environment.
|
|
Added checks to ensure that the script is being ran on a domain-joined machine and with a domain account.
|
|
|
|
Get-Keystrokes is a PowerShell keylogger
|
|
|
|
|
|
|
|
See https://github.com/mattifestation/PowerSploit/pull/6#issuecomment-19289063
1) I like this feedback a lot and took it.
2) I tried going thread only but it got messed up with very large scans. Eventually,
I didn't think it was worth the amount of effort to make it reliable with only threads
3) Tried to do this
4) Did this
5) I like the idea in general and I took this one place (top-ports), but not for the two
examples you gave. The reasoning is, I want people to be able to specify various options
and arrays aren't that flexible. For example, I want people to specify a port list like
"80,90,8080-8090". Similar with CIDR, since that's one option, but they could also be
specifying hostnames e.g. "google.com,192.168.1.1/24,10.0.0.1"
|