| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out.
|
|
|
|
Get-TimedScreenshot now captures the entire screen. The screen
resolution is obtained via WMI. If for some reason that fails, it will
fall back to the old, less ideal method.
|
|
Fixed the PSv4 dependency for obtaining process ownership information.
Thanks to @mmashwani for suggesting the WMI solution.
|
|
new Get-Keystrokes
|
|
|
|
|
|
|
|
account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
|
|
|
|
|
|
Also cleaned up some module manifest cruft.
|
|
Scripts in a module should not be individually versioned. Only the
module should be versioned.
|
|
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
|
|
Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816)
This update addresses issue #94.
|
|
Removed the "EndAddress" parameter set since it was never used. This
should resolve any parameter set confusion.
|
|
|
|
Incorporates idea from @obscuresec in issue #50.
|
|
|
|
This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80.
|
|
|
|
Removed 2 unnecessary lines.
|
|
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
|
|
Fix for multi-processor systems
|
|
Fix processor architecture detection for multi-processor systems.
|
|
- Changed Remove-VSC to have a single mandatory parameter (DevicePath)
- Updated New-VSC to check initial state of the VSS Service and return
VSS to its inital state after execution
|
|
|
|
The column headings in the log file are out of order, e.g.
```
"TypedKey","Time","WindowTitle"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
```
The "WindowTitle" should be the first column heading like this,
```
"WindowTitle","TypedKey","Time"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
```
|
|
Updated to the latest Mimikatz build. Added sanity checks to ensure that
32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz
to fail.
|
|
Added -PassThru to Invoke-TokenManipulation
|
|
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation
adding the -PassThru flag for newly created processes. Version increased
to 1.11.
|
|
|
|
Package SIDs are now displayed for Win8 apps. Both the package SID and
secret key are requirements for authenticating to Win8 app servers.
|
|
Displays Windows vault credential objects including cleartext web
credentials.
|
|
The latest version of Mimikatz fixes a crash that happens on Windows7/8
(and server versions) after installing the latest Windows updates.
|
|
Latest version of Mimikatz now natively supports being reflectively
loaded by Invoke-ReflectivePEInjection, updating the script to take
advantage of this new version.
|
|
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
|
|
|
|
Added printers.xml and drives.xml to the search.
|
|
This bug fix was from @jakxx
|
|
Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx
|
|
|
|
|
|
|
|
Used Select-XML to ensure compatibility with v2
|
|
Iterate version.
|
|
|
|
Bug fix of variables.
|
|
Thanks @obscuresec!
|
|
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
|