aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-12-15Merge pull request #91 from FixTheExchange/patch-1PowerShellMafia1-4/+9
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15Invoke-WmiCommand is now PSv2 compatibleMatt Graeber1-6/+19
This bug fix addresses issue #96. As much as a hate dropping files to disk, this was the easiest way to preserve objects in PSv2+. If someone want to implement the [de]serialization themselves and keep everything in memory, please submit a PR.
2015-12-15Invoke-WmiCommand now obtains full powershell pathMatt Graeber1-2/+16
Addresses issue #95.
2015-12-14Invoke-DllInjection Pester test improvementMatt Graeber1-7/+7
The test dll I now use is advpack.dll since that is present in all versions of windows.
2015-12-14Invoke-Mimkatz: Incorporated latest 2.0 alpha buildMatt Graeber1-6/+9
Updated embedded powerkatz.dll to the latest version of mimikatz - [Commit 1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816) This update addresses issue #94.
2015-12-14Removed commented blocks.Harmj0y1-6/+6
2015-12-14Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit into devHarmj0y3-47/+17
2015-12-14Removed C# enum for Test-ServiceDaclPermissionHarmj0y1-42/+42
2015-12-14Bugfix #93Matt Graeber3-39/+3
Removed the "EndAddress" parameter set since it was never used. This should resolve any parameter set confusion.
2015-12-14Bugfix #92: perform OS check when importing NtCreateThreadExMatt Graeber2-8/+14
2015-12-14Added admin rights check for existing Privesc Pester testsHarmj0y1-1/+45
2015-12-14Get-NetDomain now not called if -ComputerName or -ComputerFile are passed ↵Harmj0y2-228/+173
for meta functions, in order to prevent failure when running on a non-domain joined machine took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
2015-12-14Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-62/+103
2015-12-14Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left on disk.Harmj0y1-54/+68
2015-12-14Fix Invoke-Shellcode OS architecture detectionMatt Graeber1-10/+23
Fixes issue #70
2015-12-14Adding PollingInterval param to Get-KeystrokesMatt Graeber1-3/+15
Incorporates idea from @obscuresec in issue #50.
2015-12-11Added Invoke-DowngradeAccount to set an account to use reversible encryption.Harmj0y1-1/+117
2015-12-11Domain local group query fix.Harmj0y1-30/+140
Added ConvertFrom-UACValue to convert binary UAC values to human readable format. Corrected logic in Set-ADObject.
2015-12-03Start of Recon/PowerView Pester testsHarmj0y1-0/+676
2015-12-03Privesc/PowerUp Pester testsHarmj0y1-0/+485
2015-12-03Added ./Privesc/ folder that integrates PowerUp.ps1Harmj0y5-0/+2479
Updated README.md's
2015-12-03Integration of PowerView into ./Recon/Harmj0y4-16/+11260
2015-11-09Removing Invoke-ShellcodeMSIL from psproj fileMatt Graeber1-1/+0
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber1-1/+1
2015-11-09Adding Pester tests for CodeExecution moduleMatt Graeber1-0/+362
2015-11-09Revert "Excluding the Tests folder from being loaded as a module"Matt Graeber3-363/+2
This reverts commit a0ab599810f8f05a9bf24850fb9104516b71abb7.
2015-11-09Excluding the Tests folder from being loaded as a moduleMatt Graeber3-2/+363
2015-11-07Adding -DoNotZeroMZ for testingMatt Graeber1-5/+14
2015-11-07Removed extraneous parametersMatt Graeber1-58/+13
Removed extraneous parameters Removed the following extraneous parameters: -PEPath -PEUrl The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-07Revert "Removed extraneous parameters"Matt Graeber1-18/+89
This reverts commit 0eb520e31f97bc0ca83bd2c1546a18dd97e09d79.
2015-11-07Removed extraneous parametersMatt Graeber1-89/+18
Removed the following extraneous parameters: -PEPath -PEUrl -ComputerName The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-06Fixed a casting bugMatt Graeber1-2/+2
2015-11-05Removing Invoke-ShellcodeMSILMatt Graeber3-272/+1
This was only ever intended to be a PoC. I'll bring this back if requested but it exhibits duplicate functionality.
2015-11-05Test: Ensure all scripts are not LE Unicode encodedMatt Graeber1-0/+49
2015-11-05Re-import Invoke-Shellcode.ps1Matt Graeber1-1/+1
2015-11-05Adding Visual Studio 2015 project fileMatt Graeber2-0/+225
Those who wish to load this project into VS 2015 with Adam Driscoll's PowerShell VS extension may now do so.
2015-11-05Removing Metasploit integration from Invoke-ShellcodeMatt Graeber1-267/+4
This should have only ever been a shellcode runner. Those wishing to integrate this with Metasploit should generate a shellcode payload with msfvenom.
2015-11-04Migrating everything back to Invoke-Shellcode.ps1. I'm done making my point ↵Matt Graeber3-773/+719
now. :P
2015-11-04Normalizing all files to ascii encodingMatt Graeber5-11/+11
2015-11-04Revert "Normalizing all files to ascii encoding"Matt Graeber7-65/+1726
This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80.
2015-11-04Normalizing all files to ascii encodingMatt Graeber7-1726/+65
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-2/+0
Removed 2 unnecessary lines.
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-4/+11
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
2015-09-30Merge pull request #77 from clymb3r/masterMatt Graeber1-1/+18
Fix for multi-processor systems
2015-09-30Fix for multi-processor systemsclymb3r1-1/+18
Fix processor architecture detection for multi-processor systems.
2015-09-23Adding Invoke-WmiCommandMatt Graeber3-1/+339
2015-08-16Merge pull request #69 from Invoke-IR/masterMatt Graeber1-1/+146
Added New-VolumeShadowCopy and Remove-VolumeShadowCopy Cmdlets
2015-07-08Cleaned up Remove-VSC and New-VSCJared Atkinson1-34/+12
- Changed Remove-VSC to have a single mandatory parameter (DevicePath) - Updated New-VSC to check initial state of the VSS Service and return VSS to its inital state after execution
2015-07-08Added New-VolumeShadowCopy and Remove-VolumeShadowCopy CmdletsJared Atkinson1-1/+168
2015-05-11Merge pull request #68 from hydrajump/get-keystrokes-headings-reorderChris Campbell1-1/+1
Fix for headings in wrong order
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-30 12:16:47 +0000