aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-09-30Merge pull request #77 from clymb3r/masterMatt Graeber1-1/+18
Fix for multi-processor systems
2015-09-30Fix for multi-processor systemsclymb3r1-1/+18
Fix processor architecture detection for multi-processor systems.
2015-09-23Adding Invoke-WmiCommandMatt Graeber3-1/+339
2015-08-16Merge pull request #69 from Invoke-IR/masterMatt Graeber1-1/+146
Added New-VolumeShadowCopy and Remove-VolumeShadowCopy Cmdlets
2015-07-08Cleaned up Remove-VSC and New-VSCJared Atkinson1-34/+12
- Changed Remove-VSC to have a single mandatory parameter (DevicePath) - Updated New-VSC to check initial state of the VSS Service and return VSS to its inital state after execution
2015-07-08Added New-VolumeShadowCopy and Remove-VolumeShadowCopy CmdletsJared Atkinson1-1/+168
2015-05-11Merge pull request #68 from hydrajump/get-keystrokes-headings-reorderChris Campbell1-1/+1
Fix for headings in wrong order
2015-05-10Fix for headings in wrong orderJonathan1-1/+1
The column headings in the log file are out of order, e.g. ``` "TypedKey","Time","WindowTitle" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ``` The "WindowTitle" should be the first column heading like this, ``` "WindowTitle","TypedKey","Time" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ```
2015-04-26URI fix, Proxy Support, UA Update Chris Campbell1-8/+58
This fixes the URI bug submitted by @enigma0x3. Thank you for the PR as well! A legacy switch is added in case anyone is relying on this script and an older meterpreter handler. Proxy support is added to grab the default proxy by way of a switch. The default user-agent is grabbed from the registry instead of being a static string. I tested this on a Windows 7 SP1 (both x86 and 64-bit) and Windows 8.1 (64-bit) with an older handler and an updated one.
2015-02-26Out-EncryptedScript uses FIPS-compliant crypto #60mattifestation1-35/+43
Thanks, @aconite33 for the suggestion. - TripleDESCryptoServiceProvider is now used as the crypto algorithm because it won't break the script when FIPS compliance is enabled in the registry. - I actually implemented the InitializationVector parameter - Cleaned up the output script - Cleaned up comment-based help
2015-02-17Merge pull request #62 from clymb3r/masterMatt Graeber1-4/+11
Update to latest Mimikatz, add sanity checks
2015-02-16Update to latest Mimikatz, add sanity checksclymb3r1-4/+11
Updated to the latest Mimikatz build. Added sanity checks to ensure that 32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz to fail.
2015-02-03Added parameters back to the original Invoke-Shellcodemattifestation1-1/+47
2015-02-03Moved Invoke-Shellcodemattifestation4-715/+723
These things happen
2015-01-26Merge pull request #61 from clymb3r/masterMatt Graeber1-5/+17
Adding PEBytes parameter
2015-01-26Adding PEBytes parameterclymb3r1-5/+17
Added PEBytes parameter for reflectively loading a PE file passed as a byte array to the script.
2015-01-09Merge pull request #59 from clymb3r/masterMatt Graeber1-2/+2
Bugfix: Resolving ordinals in remote dll injection
2015-01-07Bugfix: Resolving ordinals in remote dll injectionclymb3r1-2/+2
Thanks to sixdub for finding and fixing a bug when resolving functions by ordinal in remote processes.
2014-11-17 Add-Persistence bugfixmattifestation2-11/+23
When file paths were specified, they were not being properly validated.
2014-11-16Moving all RE functionality to PowerShellArsenalmattifestation40-8686/+10
https://github.com/mattifestation/PowerShellArsenal PowerSploit will now stay true to its roots of being a purely offensive PowerShell module.
2014-10-01Loading of an SSP no longer requires a reboot.mattifestation1-1/+41
2014-10-01Merge pull request #56 from clymb3r/masterMatt Graeber1-5/+35
Added -PassThru to Invoke-TokenManipulation
2014-10-01Added Install-SSP and Get-SecurityPackagesmattifestation3-4/+303
2014-09-28Added -PassThru to Invoke-TokenManipulationclymb3r1-5/+35
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11.
2014-09-13Updating the script style guide #2mattifestation1-1/+1
2014-09-13Updating the script style guidemattifestation1-1/+1
2014-08-29Adding MBR infector Set-MasterBootRecordmattifestation2-1/+273
2014-08-09Removing New-Object proxy functionmattifestation3-95/+1
2014-07-12Merge pull request #52 from clymb3r/masterMatt Graeber1-63/+157
Bug fixes to Invoke-ReflectivePEInjection
2014-07-10Bug fixes to Invoke-ReflectivePEInjectionclymb3r1-63/+157
Fixed a bug where calling GetProcAddress by ordinal instead of procedure name failed. Fixed a bug where reflectively loading an EXE will cause the entry function (main()) to be called twice instead of once as expected. Added a ForceASLR flag to force ASLR to be used even if the PE file doesn't officially support ASLR. Some minor other changes.
2014-07-10Removed required module statement from Capstonemattifestation1-2/+0
2014-06-30Updated Get-VaultCredential name in READMEmattifestation1-1/+1
2014-06-30Get-VaultCredential now takes the singular form.mattifestation3-6/+6
2014-06-21Invoke-DllInjection now calls RtlCreateUserThreadmattifestation1-24/+26
Calling CreateRemoteThread on lsass. Bug fix: Invoke-DllInjection was checking the processor architecture when it should have been validating the OS architecture. This would cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit processor.
2014-06-19Adding Mayhem module and Set-CriticalProcessmattifestation4-0/+206
2014-06-19Removing Watch-BlueScreenmattifestation3-83/+1
This vulnerability was patched a while ago making this function largely irrelevant.
2014-05-31Updated Get-VaultCredentials - Package SIDmattifestation2-1/+19
Package SIDs are now displayed for Win8 apps. Both the package SID and secret key are requirements for authenticating to Win8 app servers.
2014-05-30Issue #43 - Adding Get-VaultCredentialsmattifestation4-41/+426
Displays Windows vault credential objects including cleartext web credentials.
2014-05-20Merge pull request #49 from clymb3r/masterChris Campbell1-4/+4
Update to latest Mimikatz (crash fix on Win7/8)
2014-05-20Update to latest Mimikatz (crash fix on Win7/8)clymb3r1-4/+4
The latest version of Mimikatz fixes a crash that happens on Windows7/8 (and server versions) after installing the latest Windows updates.
2014-05-05Merge pull request #44 from clymb3r/masterMatt Graeber1-10/+24
Updated to latest Mimikatz
2014-05-04Updated to latest Mimikatzclymb3r1-10/+24
Latest version of Mimikatz now natively supports being reflectively loaded by Invoke-ReflectivePEInjection, updating the script to take advantage of this new version.
2014-04-28Merge pull request #42 from clymb3r/masterMatt Graeber1-2/+0
Fixing error in script
2014-04-28Fixing error in scriptclymb3r1-2/+0
2014-04-19Merge pull request #41 from clymb3r/masterMatt Graeber2-12/+12
Updating Invoke-Mimikatz to Mimikatz 2.0 alpha
2014-04-16Fixing formattingclymb3r2-1/+2
2014-04-16Fixing garbage put in by mergeclymb3r2-17/+0
2014-04-16Merge branch 'master' of https://github.com/mattifestation/PowerSploitclymb3r364-17271/+1688
Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1
2014-04-16Updating Invoke-Mimikatz to Mimikatz 2.0 alphaclymb3r1-9/+9
2014-03-21Missing File NamesChris Campbell1-2/+2
Added printers.xml and drives.xml to the search.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 17:56:05 +0000