| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2014-10-01 | Loading of an SSP no longer requires a reboot. | mattifestation | 1 | -1/+41 | |
| 2014-10-01 | Merge pull request #56 from clymb3r/master | Matt Graeber | 1 | -5/+35 | |
| Added -PassThru to Invoke-TokenManipulation | |||||
| 2014-10-01 | Added Install-SSP and Get-SecurityPackages | mattifestation | 3 | -4/+303 | |
| 2014-09-28 | Added -PassThru to Invoke-TokenManipulation | clymb3r | 1 | -5/+35 | |
| Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11. | |||||
| 2014-09-13 | Updating the script style guide #2 | mattifestation | 1 | -1/+1 | |
| 2014-09-13 | Updating the script style guide | mattifestation | 1 | -1/+1 | |
| 2014-08-29 | Adding MBR infector Set-MasterBootRecord | mattifestation | 2 | -1/+273 | |
| 2014-08-09 | Removing New-Object proxy function | mattifestation | 3 | -95/+1 | |
| 2014-07-12 | Merge pull request #52 from clymb3r/master | Matt Graeber | 1 | -63/+157 | |
| Bug fixes to Invoke-ReflectivePEInjection | |||||
| 2014-07-10 | Bug fixes to Invoke-ReflectivePEInjection | clymb3r | 1 | -63/+157 | |
| Fixed a bug where calling GetProcAddress by ordinal instead of procedure name failed. Fixed a bug where reflectively loading an EXE will cause the entry function (main()) to be called twice instead of once as expected. Added a ForceASLR flag to force ASLR to be used even if the PE file doesn't officially support ASLR. Some minor other changes. | |||||
| 2014-07-10 | Removed required module statement from Capstone | mattifestation | 1 | -2/+0 | |
| 2014-06-30 | Updated Get-VaultCredential name in README | mattifestation | 1 | -1/+1 | |
| 2014-06-30 | Get-VaultCredential now takes the singular form. | mattifestation | 3 | -6/+6 | |
| 2014-06-21 | Invoke-DllInjection now calls RtlCreateUserThread | mattifestation | 1 | -24/+26 | |
| Calling CreateRemoteThread on lsass. Bug fix: Invoke-DllInjection was checking the processor architecture when it should have been validating the OS architecture. This would cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit processor. | |||||
| 2014-06-19 | Adding Mayhem module and Set-CriticalProcess | mattifestation | 4 | -0/+206 | |
| 2014-06-19 | Removing Watch-BlueScreen | mattifestation | 3 | -83/+1 | |
| This vulnerability was patched a while ago making this function largely irrelevant. | |||||
| 2014-05-31 | Updated Get-VaultCredentials - Package SID | mattifestation | 2 | -1/+19 | |
| Package SIDs are now displayed for Win8 apps. Both the package SID and secret key are requirements for authenticating to Win8 app servers. | |||||
| 2014-05-30 | Issue #43 - Adding Get-VaultCredentials | mattifestation | 4 | -41/+426 | |
| Displays Windows vault credential objects including cleartext web credentials. | |||||
| 2014-05-20 | Merge pull request #49 from clymb3r/master | Chris Campbell | 1 | -4/+4 | |
| Update to latest Mimikatz (crash fix on Win7/8) | |||||
| 2014-05-20 | Update to latest Mimikatz (crash fix on Win7/8) | clymb3r | 1 | -4/+4 | |
| The latest version of Mimikatz fixes a crash that happens on Windows7/8 (and server versions) after installing the latest Windows updates. | |||||
| 2014-05-05 | Merge pull request #44 from clymb3r/master | Matt Graeber | 1 | -10/+24 | |
| Updated to latest Mimikatz | |||||
| 2014-05-04 | Updated to latest Mimikatz | clymb3r | 1 | -10/+24 | |
| Latest version of Mimikatz now natively supports being reflectively loaded by Invoke-ReflectivePEInjection, updating the script to take advantage of this new version. | |||||
| 2014-04-28 | Merge pull request #42 from clymb3r/master | Matt Graeber | 1 | -2/+0 | |
| Fixing error in script | |||||
| 2014-04-28 | Fixing error in script | clymb3r | 1 | -2/+0 | |
| 2014-04-19 | Merge pull request #41 from clymb3r/master | Matt Graeber | 2 | -12/+12 | |
| Updating Invoke-Mimikatz to Mimikatz 2.0 alpha | |||||
| 2014-04-16 | Fixing formatting | clymb3r | 2 | -1/+2 | |
| 2014-04-16 | Fixing garbage put in by merge | clymb3r | 2 | -17/+0 | |
| 2014-04-16 | Merge branch 'master' of https://github.com/mattifestation/PowerSploit | clymb3r | 364 | -17271/+1688 | |
| Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1 | |||||
| 2014-04-16 | Updating Invoke-Mimikatz to Mimikatz 2.0 alpha | clymb3r | 1 | -9/+9 | |
| 2014-03-21 | Missing File Names | Chris Campbell | 1 | -2/+2 | |
| Added printers.xml and drives.xml to the search. | |||||
| 2014-03-16 | Fixed error in PowerSploit ADS removal one-liner | mattifestation | 1 | -1/+1 | |
| 2014-03-16 | Adding internal recon/privesc privesc functions #40 | mattifestation | 2 | -1/+583 | |
| Added the following recon functions written by Joe Bialek (@JosephBialek): - Find-4648Logons - Find-4624Logons - Find-AppLockerLogs - Find-PSScriptsInPSAppLog - Find-RDPClientConnections - Get-ComputerDetails (Combines all of the above functions into a single function) | |||||
| 2014-03-05 | Bug fix of from v3 XML expanding to $Count | Chris Campbell | 1 | -2/+2 | |
| This bug fix was from @jakxx | |||||
| 2014-03-05 | Update to version 2.4.0 from @jakxx | Chris Campbell | 1 | -3/+14 | |
| Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx | |||||
| 2014-03-02 | Separating out functions & bug fix | clymb3r | 1 | -295/+438 | |
| All info gathering pieces of this script can now be called individually. Fixed a bug where the user SID wasn't being converted to a username in the RDP function. | |||||
| 2014-03-01 | Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy | mattifestation | 3 | -1/+157 | |
| 2014-02-23 | Consolidated Persistence module functions into Persistence.psm1 | mattifestation | 5 | -703/+701 | |
| It doesn't make sense to have these as separate ps1 files. | |||||
| 2014-02-23 | #31 Persistence module function nouns are now singular | mattifestation | 5 | -42/+42 | |
| The function names New-UserPersistenceOption and New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform to PowerShell naming best practices. | |||||
| 2014-02-21 | Merge pull request #32 from obscuresec/master | Matt Graeber | 1 | -72/+65 | |
| Minor fixes for compatibility between versions | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -3/+3 | |
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -1/+1 | |
| 2014-02-21 | Changed the direction of XML parsing | Chris Campbell | 1 | -70/+63 | |
| Used Select-XML to ensure compatibility with v2 | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -1/+1 | |
| Iterate version. | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -5/+5 | |
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -12/+12 | |
| Bug fix of variables. | |||||
| 2014-02-21 | Major Revision of Get-GPPPasswords | mattifestation | 1 | -59/+141 | |
| Thanks @obscuresec! | |||||
| 2014-02-20 | Adding Get-ComputerDetails recon script | clymb3r | 2 | -1/+439 | |
| Get-ComputerDetails is a recon script which pulls a variety of useful information off a computer which might later be useful by an attacker. This includes: Logons AppLocker process start logs PowerShell logs to find scripts run RDP Client saved servers | |||||
| 2014-02-12 | Changed Inject-LogonCredentials name to Invoke-CredentialInjection | mattifestation | 1 | -1/+1 | |
| 2014-02-12 | Merge pull request #28 from clymb3r/master | Matt Graeber | 5 | -3423/+3432 | |
| Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. | |||||
| 2014-02-12 | Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. | clymb3r | 5 | -3423/+3432 | |
| Added a check to ensure the script isn't being run from Session0 with the "NewWinLogon" flag. This flag does not work in Session0 because winlogon.exe tries to load stuff from user32.dll which requires a desktop is present. This is not possible in Session0 because there is no desktop/GUI, so it causes winlogon to load and then immediately close with error code c0000142 indicating a DLL failed to initialize. There is no way to fix this that I know of, if you need to run the script from Session0 use the "ExistingWinLogon" flag. | |||||