aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration
AgeCommit message (Collapse)AuthorFilesLines
2016-03-10Get-TimedScreenshot enhancement. Issue #114Matt Graeber1-2/+18
Get-TimedScreenshot now captures the entire screen. The screen resolution is obtained via WMI. If for some reason that fails, it will fall back to the old, less ideal method.
2016-03-10Bugfix: Invoke-TokenManipulation. Issue #112Matt Graeber1-6/+19
Fixed the PSv4 dependency for obtaining process ownership information. Thanks to @mmashwani for suggesting the WMI solution.
2016-01-14Merge pull request #107 from secabstraction/devMatt Graeber1-206/+322
new Get-Keystrokes
2016-01-13Fixed Pester/PassThruJesse Davis1-1/+1
2016-01-13Fixed Pester/PassThruJesse Davis1-7/+8
2016-01-13Fixed Pester/PassThruJesse Davis1-2/+6
2016-01-13Don't search for SYSTEM token by using hard coded English name for SYSTEM ↵mmashwani1-1/+2
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
2016-01-11Update Get-Keystrokes.ps1Jesse Davis1-4/+4
2016-01-09new Get-KeystrokesJesse Davis1-207/+318
2015-12-18Set all module versions to 3.0Matt Graeber1-16/+1
Also cleaned up some module manifest cruft.
2015-12-16Removed all version numbers from scriptsMatt Graeber6-22/+2
Scripts in a module should not be individually versioned. Only the module should be versioned.
2015-12-15Merge pull request #91 from FixTheExchange/patch-1PowerShellMafia1-4/+9
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-14Invoke-Mimkatz: Incorporated latest 2.0 alpha buildMatt Graeber1-6/+9
Updated embedded powerkatz.dll to the latest version of mimikatz - [Commit 1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816) This update addresses issue #94.
2015-12-14Bugfix #93Matt Graeber2-26/+2
Removed the "EndAddress" parameter set since it was never used. This should resolve any parameter set confusion.
2015-12-14Bugfix #92: perform OS check when importing NtCreateThreadExMatt Graeber1-4/+7
2015-12-14Adding PollingInterval param to Get-KeystrokesMatt Graeber1-3/+15
Incorporates idea from @obscuresec in issue #50.
2015-11-04Normalizing all files to ascii encodingMatt Graeber2-4/+4
2015-11-04Revert "Normalizing all files to ascii encoding"Matt Graeber2-0/+693
This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80.
2015-11-04Normalizing all files to ascii encodingMatt Graeber2-693/+0
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-2/+0
Removed 2 unnecessary lines.
2015-10-30Update Invoke-TokenManipulation.ps1FixTheExchange1-4/+11
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
2015-09-30Merge pull request #77 from clymb3r/masterMatt Graeber1-1/+18
Fix for multi-processor systems
2015-09-30Fix for multi-processor systemsclymb3r1-1/+18
Fix processor architecture detection for multi-processor systems.
2015-07-08Cleaned up Remove-VSC and New-VSCJared Atkinson1-34/+12
- Changed Remove-VSC to have a single mandatory parameter (DevicePath) - Updated New-VSC to check initial state of the VSS Service and return VSS to its inital state after execution
2015-07-08Added New-VolumeShadowCopy and Remove-VolumeShadowCopy CmdletsJared Atkinson1-1/+168
2015-05-10Fix for headings in wrong orderJonathan1-1/+1
The column headings in the log file are out of order, e.g. ``` "TypedKey","Time","WindowTitle" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ``` The "WindowTitle" should be the first column heading like this, ``` "WindowTitle","TypedKey","Time" "Document1 - Word","[Shift]","01-05-2015:20:53:29:28" "Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31" "Document1 - Word","[Shift]","01-05-2015:20:53:29:38" ```
2015-02-16Update to latest Mimikatz, add sanity checksclymb3r1-4/+11
Updated to the latest Mimikatz build. Added sanity checks to ensure that 32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz to fail.
2014-10-01Merge pull request #56 from clymb3r/masterMatt Graeber1-5/+35
Added -PassThru to Invoke-TokenManipulation
2014-09-28Added -PassThru to Invoke-TokenManipulationclymb3r1-5/+35
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation adding the -PassThru flag for newly created processes. Version increased to 1.11.
2014-06-30Get-VaultCredential now takes the singular form.mattifestation3-6/+6
2014-05-31Updated Get-VaultCredentials - Package SIDmattifestation2-1/+19
Package SIDs are now displayed for Win8 apps. Both the package SID and secret key are requirements for authenticating to Win8 app servers.
2014-05-30Issue #43 - Adding Get-VaultCredentialsmattifestation3-41/+422
Displays Windows vault credential objects including cleartext web credentials.
2014-05-20Update to latest Mimikatz (crash fix on Win7/8)clymb3r1-4/+4
The latest version of Mimikatz fixes a crash that happens on Windows7/8 (and server versions) after installing the latest Windows updates.
2014-05-04Updated to latest Mimikatzclymb3r1-10/+24
Latest version of Mimikatz now natively supports being reflectively loaded by Invoke-ReflectivePEInjection, updating the script to take advantage of this new version.
2014-04-16Merge branch 'master' of https://github.com/mattifestation/PowerSploitclymb3r299-16383/+308
Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1
2014-04-16Updating Invoke-Mimikatz to Mimikatz 2.0 alphaclymb3r1-9/+9
2014-03-21Missing File NamesChris Campbell1-2/+2
Added printers.xml and drives.xml to the search.
2014-03-05Bug fix of from v3 XML expanding to $CountChris Campbell1-2/+2
This bug fix was from @jakxx
2014-03-05Update to version 2.4.0 from @jakxxChris Campbell1-3/+14
Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx
2014-03-01Added Get-VolumeShadowCopy and Mount-VolumeShadowCopymattifestation2-1/+149
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-3/+3
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-1/+1
2014-02-21Changed the direction of XML parsingChris Campbell1-70/+63
Used Select-XML to ensure compatibility with v2
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-1/+1
Iterate version.
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-5/+5
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-12/+12
Bug fix of variables.
2014-02-21Major Revision of Get-GPPPasswordsmattifestation1-59/+141
Thanks @obscuresec!
2014-02-12Merge pull request #28 from clymb3r/masterMatt Graeber5-3423/+3432
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
2014-02-12Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.clymb3r5-3423/+3432
Added a check to ensure the script isn't being run from Session0 with the "NewWinLogon" flag. This flag does not work in Session0 because winlogon.exe tries to load stuff from user32.dll which requires a desktop is present. This is not possible in Session0 because there is no desktop/GUI, so it causes winlogon to load and then immediately close with error code c0000142 indicating a DLL failed to initialize. There is no way to fix this that I know of, if you need to run the script from Session0 use the "ExistingWinLogon" flag.
2014-02-03Removed mimikatz.mattifestation289-16310/+0
This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 22:53:13 +0000