aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-11-05Re-import Invoke-Shellcode.ps1Matt Graeber1-1/+1
2015-11-05Adding Visual Studio 2015 project fileMatt Graeber2-0/+225
Those who wish to load this project into VS 2015 with Adam Driscoll's PowerShell VS extension may now do so.
2015-11-05Removing Metasploit integration from Invoke-ShellcodeMatt Graeber1-267/+4
This should have only ever been a shellcode runner. Those wishing to integrate this with Metasploit should generate a shellcode payload with msfvenom.
2015-11-04Migrating everything back to Invoke-Shellcode.ps1. I'm done making my point ↵Matt Graeber3-773/+719
now. :P
2015-11-04Normalizing all files to ascii encodingMatt Graeber5-11/+11
2015-11-04Revert "Normalizing all files to ascii encoding"Matt Graeber7-65/+1726
This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80.
2015-11-04Normalizing all files to ascii encodingMatt Graeber7-1726/+65
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-2/+0
Removed 2 unnecessary lines.
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-4/+11
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
2015-09-30Merge pull request #77 from clymb3r/masterMatt Graeber1-1/+18
Fix for multi-processor systems
2015-09-30Fix for multi-processor systemsclymb3r1-1/+18
Fix processor architecture detection for multi-processor systems.
2015-09-23Adding Invoke-WmiCommandMatt Graeber3-1/+339
2015-08-16Merge pull request #69 from Invoke-IR/masterMatt Graeber1-1/+146
Added New-VolumeShadowCopy and Remove-VolumeShadowCopy Cmdlets
2015-07-08Cleaned up Remove-VSC and New-VSCJared Atkinson1-34/+12
- Changed Remove-VSC to have a single mandatory parameter (DevicePath) - Updated New-VSC to check initial state of the VSS Service and return VSS to its inital state after execution
2015-07-08Added New-VolumeShadowCopy and Remove-VolumeShadowCopy CmdletsJared Atkinson1-1/+168
2015-05-11Merge pull request #68 from hydrajump/get-keystrokes-headings-reorderChris Campbell1-1/+1
Fix for headings in wrong order
2015-05-10Fix for headings in wrong orderJonathan1-1/+1
The column headings in the log file are out of order, e.g. ``` "TypedKey","Time","WindowTitle" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ``` The "WindowTitle" should be the first column heading like this, ``` "WindowTitle","TypedKey","Time" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ```
2015-04-26URI fix, Proxy Support, UA Update Chris Campbell1-8/+58
This fixes the URI bug submitted by @enigma0x3. Thank you for the PR as well! A legacy switch is added in case anyone is relying on this script and an older meterpreter handler. Proxy support is added to grab the default proxy by way of a switch. The default user-agent is grabbed from the registry instead of being a static string. I tested this on a Windows 7 SP1 (both x86 and 64-bit) and Windows 8.1 (64-bit) with an older handler and an updated one.
2015-02-26Out-EncryptedScript uses FIPS-compliant crypto #60mattifestation1-35/+43
Thanks, @aconite33 for the suggestion. - TripleDESCryptoServiceProvider is now used as the crypto algorithm because it won't break the script when FIPS compliance is enabled in the registry. - I actually implemented the InitializationVector parameter - Cleaned up the output script - Cleaned up comment-based help
2015-02-17Merge pull request #62 from clymb3r/masterMatt Graeber1-4/+11
Update to latest Mimikatz, add sanity checks
2015-02-16Update to latest Mimikatz, add sanity checksclymb3r1-4/+11
Updated to the latest Mimikatz build. Added sanity checks to ensure that 32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz to fail.
2015-02-03Added parameters back to the original Invoke-Shellcodemattifestation1-1/+47
2015-02-03Moved Invoke-Shellcodemattifestation4-715/+723
These things happen
2015-01-26Merge pull request #61 from clymb3r/masterMatt Graeber1-5/+17
Adding PEBytes parameter
2015-01-26Adding PEBytes parameterclymb3r1-5/+17
Added PEBytes parameter for reflectively loading a PE file passed as a byte array to the script.
2015-01-09Merge pull request #59 from clymb3r/masterMatt Graeber1-2/+2
Bugfix: Resolving ordinals in remote dll injection
2015-01-07Bugfix: Resolving ordinals in remote dll injectionclymb3r1-2/+2
Thanks to sixdub for finding and fixing a bug when resolving functions by ordinal in remote processes.
2014-11-17 Add-Persistence bugfixmattifestation2-11/+23
When file paths were specified, they were not being properly validated.
2014-11-16Moving all RE functionality to PowerShellArsenalmattifestation40-8686/+10
https://github.com/mattifestation/PowerShellArsenal PowerSploit will now stay true to its roots of being a purely offensive PowerShell module.
2014-10-01Loading of an SSP no longer requires a reboot.mattifestation1-1/+41
2014-10-01Merge pull request #56 from clymb3r/masterMatt Graeber1-5/+35
Added -PassThru to Invoke-TokenManipulation
2014-10-01Added Install-SSP and Get-SecurityPackagesmattifestation3-4/+303
2014-09-28Added -PassThru to Invoke-TokenManipulationclymb3r1-5/+35
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11.
2014-09-13Updating the script style guide #2mattifestation1-1/+1
2014-09-13Updating the script style guidemattifestation1-1/+1
2014-08-29Adding MBR infector Set-MasterBootRecordmattifestation2-1/+273
2014-08-09Removing New-Object proxy functionmattifestation3-95/+1
2014-07-12Merge pull request #52 from clymb3r/masterMatt Graeber1-63/+157
Bug fixes to Invoke-ReflectivePEInjection
2014-07-10Bug fixes to Invoke-ReflectivePEInjectionclymb3r1-63/+157
Fixed a bug where calling GetProcAddress by ordinal instead of procedure name failed. Fixed a bug where reflectively loading an EXE will cause the entry function (main()) to be called twice instead of once as expected. Added a ForceASLR flag to force ASLR to be used even if the PE file doesn't officially support ASLR. Some minor other changes.
2014-07-10Removed required module statement from Capstonemattifestation1-2/+0
2014-06-30Updated Get-VaultCredential name in READMEmattifestation1-1/+1
2014-06-30Get-VaultCredential now takes the singular form.mattifestation3-6/+6
2014-06-21Invoke-DllInjection now calls RtlCreateUserThreadmattifestation1-24/+26
Calling CreateRemoteThread on lsass. Bug fix: Invoke-DllInjection was checking the processor architecture when it should have been validating the OS architecture. This would cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit processor.
2014-06-19Adding Mayhem module and Set-CriticalProcessmattifestation4-0/+206
2014-06-19Removing Watch-BlueScreenmattifestation3-83/+1
This vulnerability was patched a while ago making this function largely irrelevant.
2014-05-31Updated Get-VaultCredentials - Package SIDmattifestation2-1/+19
Package SIDs are now displayed for Win8 apps. Both the package SID and secret key are requirements for authenticating to Win8 app servers.
2014-05-30Issue #43 - Adding Get-VaultCredentialsmattifestation4-41/+426
Displays Windows vault credential objects including cleartext web credentials.
2014-05-20Merge pull request #49 from clymb3r/masterChris Campbell1-4/+4
Update to latest Mimikatz (crash fix on Win7/8)
2014-05-20Update to latest Mimikatz (crash fix on Win7/8)clymb3r1-4/+4
The latest version of Mimikatz fixes a crash that happens on Windows7/8 (and server versions) after installing the latest Windows updates.
2014-05-05Merge pull request #44 from clymb3r/masterMatt Graeber1-10/+24
Updated to latest Mimikatz
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 03:34:31 +0000