aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-12-14Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-62/+103
2015-12-14Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-54/+68
2015-12-14Fix Invoke-Shellcode OS architecture detectionMatt Graeber1-10/+23
Fixes issue #70
2015-12-14Adding PollingInterval param to Get-KeystrokesMatt Graeber1-3/+15
Incorporates idea from @obscuresec in issue #50.
2015-12-11Added Invoke-DowngradeAccount to set an account to use reversible encryption.Harmj0y1-1/+117
2015-12-11Domain local group query fix.Harmj0y1-30/+140
Added ConvertFrom-UACValue to convert binary UAC values to human readable format. Corrected logic in Set-ADObject.
2015-12-03Start of Recon/PowerView Pester testsHarmj0y1-0/+676
2015-12-03Privesc/PowerUp Pester testsHarmj0y1-0/+485
2015-12-03Added ./Privesc/ folder that integrates PowerUp.ps1Harmj0y5-0/+2479
Updated README.md's
2015-12-03Integration of PowerView into ./Recon/Harmj0y4-16/+11260
2015-11-09Removing Invoke-ShellcodeMSIL from psproj fileMatt Graeber1-1/+0
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber1-1/+1
2015-11-09Adding Pester tests for CodeExecution moduleMatt Graeber1-0/+362
2015-11-09Revert "Excluding the Tests folder from being loaded as a module"Matt Graeber3-363/+2
This reverts commit a0ab599810f8f05a9bf24850fb9104516b71abb7.
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber3-2/+363
2015-11-07Adding -DoNotZeroMZ for testingMatt Graeber1-5/+14
2015-11-07Removed extraneous parametersMatt Graeber1-58/+13
Removed extraneous parameters Removed the following extraneous parameters: -PEPath -PEUrl The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-07Revert "Removed extraneous parameters"Matt Graeber1-18/+89
This reverts commit 0eb520e31f97bc0ca83bd2c1546a18dd97e09d79.
2015-11-07Removed extraneous parametersMatt Graeber1-89/+18
Removed the following extraneous parameters: -PEPath -PEUrl -ComputerName The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-06Fixed a casting bugMatt Graeber1-2/+2
2015-11-05Removing Invoke-ShellcodeMSILMatt Graeber3-272/+1
This was only ever intended to be a PoC. I'll bring this back if requested but it exhibits duplicate functionality.
2015-11-05Test: Ensure all scripts are not LE Unicode encodedMatt Graeber1-0/+49
2015-11-05Re-import Invoke-Shellcode.ps1Matt Graeber1-1/+1
2015-11-05Adding Visual Studio 2015 project fileMatt Graeber2-0/+225
Those who wish to load this project into VS 2015 with Adam Driscoll's PowerShell VS extension may now do so.
2015-11-05Removing Metasploit integration from Invoke-ShellcodeMatt Graeber1-267/+4
This should have only ever been a shellcode runner. Those wishing to integrate this with Metasploit should generate a shellcode payload with msfvenom.
2015-11-04Migrating everything back to Invoke-Shellcode.ps1. I'm done making my point ↵Matt Graeber3-773/+719
now. :P
2015-11-04Normalizing all files to ascii encodingMatt Graeber5-11/+11
2015-11-04Revert "Normalizing all files to ascii encoding"Matt Graeber7-65/+1726
This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80.
2015-11-04Normalizing all files to ascii encodingMatt Graeber7-1726/+65
2015-09-30Merge pull request #77 from clymb3r/masterMatt Graeber1-1/+18
Fix for multi-processor systems
2015-09-30Fix for multi-processor systemsclymb3r1-1/+18
Fix processor architecture detection for multi-processor systems.
2015-09-23Adding Invoke-WmiCommandMatt Graeber3-1/+339
2015-08-16Merge pull request #69 from Invoke-IR/masterMatt Graeber1-1/+146
Added New-VolumeShadowCopy and Remove-VolumeShadowCopy Cmdlets
2015-07-08Cleaned up Remove-VSC and New-VSCJared Atkinson1-34/+12
- Changed Remove-VSC to have a single mandatory parameter (DevicePath) - Updated New-VSC to check initial state of the VSS Service and return VSS to its inital state after execution
2015-07-08Added New-VolumeShadowCopy and Remove-VolumeShadowCopy CmdletsJared Atkinson1-1/+168
2015-05-11Merge pull request #68 from hydrajump/get-keystrokes-headings-reorderChris Campbell1-1/+1
Fix for headings in wrong order
2015-05-10Fix for headings in wrong orderJonathan1-1/+1
The column headings in the log file are out of order, e.g. ``` "TypedKey","Time","WindowTitle" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ``` The "WindowTitle" should be the first column heading like this, ``` "WindowTitle","TypedKey","Time" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ```
2015-04-26URI fix, Proxy Support, UA Update Chris Campbell1-8/+58
This fixes the URI bug submitted by @enigma0x3. Thank you for the PR as well! A legacy switch is added in case anyone is relying on this script and an older meterpreter handler. Proxy support is added to grab the default proxy by way of a switch. The default user-agent is grabbed from the registry instead of being a static string. I tested this on a Windows 7 SP1 (both x86 and 64-bit) and Windows 8.1 (64-bit) with an older handler and an updated one.
2015-02-26Out-EncryptedScript uses FIPS-compliant crypto #60mattifestation1-35/+43
Thanks, @aconite33 for the suggestion. - TripleDESCryptoServiceProvider is now used as the crypto algorithm because it won't break the script when FIPS compliance is enabled in the registry. - I actually implemented the InitializationVector parameter - Cleaned up the output script - Cleaned up comment-based help
2015-02-17Merge pull request #62 from clymb3r/masterMatt Graeber1-4/+11
Update to latest Mimikatz, add sanity checks
2015-02-16Update to latest Mimikatz, add sanity checksclymb3r1-4/+11
Updated to the latest Mimikatz build. Added sanity checks to ensure that 32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz to fail.
2015-02-03Added parameters back to the original Invoke-Shellcodemattifestation1-1/+47
2015-02-03Moved Invoke-Shellcodemattifestation4-715/+723
These things happen
2015-01-26Merge pull request #61 from clymb3r/masterMatt Graeber1-5/+17
Adding PEBytes parameter
2015-01-26Adding PEBytes parameterclymb3r1-5/+17
Added PEBytes parameter for reflectively loading a PE file passed as a byte array to the script.
2015-01-09Merge pull request #59 from clymb3r/masterMatt Graeber1-2/+2
Bugfix: Resolving ordinals in remote dll injection
2015-01-07Bugfix: Resolving ordinals in remote dll injectionclymb3r1-2/+2
Thanks to sixdub for finding and fixing a bug when resolving functions by ordinal in remote processes.
2014-11-17 Add-Persistence bugfixmattifestation2-11/+23
When file paths were specified, they were not being properly validated.
2014-11-16Moving all RE functionality to PowerShellArsenalmattifestation40-8686/+10
https://github.com/mattifestation/PowerShellArsenal PowerSploit will now stay true to its roots of being a purely offensive PowerShell module.
2014-10-01Loading of an SSP no longer requires a reboot.mattifestation1-1/+41
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 00:18:29 +0000