aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration
AgeCommit message (Collapse)AuthorFilesLines
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-1/+1
Iterate version.
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-5/+5
2014-02-21Update Get-GPPPassword.ps1Chris Campbell1-12/+12
Bug fix of variables.
2014-02-21Major Revision of Get-GPPPasswordsmattifestation1-59/+141
Thanks @obscuresec!
2014-02-12Merge pull request #28 from clymb3r/masterMatt Graeber5-3423/+3432
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
2014-02-12Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.clymb3r5-3423/+3432
Added a check to ensure the script isn't being run from Session0 with the "NewWinLogon" flag. This flag does not work in Session0 because winlogon.exe tries to load stuff from user32.dll which requires a desktop is present. This is not possible in Session0 because there is no desktop/GUI, so it causes winlogon to load and then immediately close with error code c0000142 indicating a DLL failed to initialize. There is no way to fix this that I know of, if you need to run the script from Session0 use the "ExistingWinLogon" flag.
2014-02-03Removed mimikatz.mattifestation289-16310/+0
This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit.
2014-01-11Merge pull request #25 from clymb3r/masterMatt Graeber1-32/+142
Bug fixes for Invoke-TokenManipulation
2014-01-10Bug fixes for Invoke-TokenManipulationclymb3r1-32/+142
Processes could not be started when the script was being run from Session 0. The fix is to use the CreateProcessAsUserW function when running in Session 0. This API requires SeAssignPrimaryTokenPrivilege priviege, so for non-session0 calls I still use CreateProcessWithTokenW which does not require special privileges.
2014-01-01Fixes #23 - $Password was not being clearedmattifestation1-0/+1
2013-11-18Merge pull request #21 from clymb3r/masterMatt Graeber18-1/+4428
Adding Inject-LogonCredentials
2013-11-17Adding Inject-LogonCredentialsclymb3r18-1/+4428
2013-11-13Normalized all scripts to ASCII encodingmattifestation9-12/+12
2013-11-04Updated Invoke-TokenManipulation helpclymb3r1-2/+2
2013-11-03Adding Invoke-TokenManipulationclymb3r2-1/+1774
2013-10-01Switching to ANSI from UTF8 encodingclymb3r2-6/+6
Scripts now work in 2008r2. I thought I tested before uploading but something broke somehow... Now the scripts work in 2008r2 and win8+
2013-10-01Adding Invoke-Mimikatz and Invoke-Ninjacopyclymb3r318-1/+29481
2013-08-17Get-Keystrokes now accepts relative pathsMatt Graeber1-1/+3
2013-08-17Out-Minidump now provides descriptive outputMatt Graeber1-2/+2
Out-Minidump now outputs a FileInfo object (i.e. the same output as Get-ChildItem) upon successfully creating a dump file.
2013-08-17Added additional error handling to Get-GPPPasswordMatt Graeber1-3/+10
2013-08-12added ErrorAction SilentlyContinue to Get-ChildItemhajdbo1-2/+2
Sometimes you will have a denied access to a directory. "ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied.
2013-07-03Update Get-TimedScreenshot.ps1Chris Campbell1-5/+5
Fix error handling and various style problems
2013-07-03Fix improper use of $Error[0]Chris Campbell1-1/+1
2013-07-03Terminating Errors AddedChris Campbell1-1/+5
Added checks to ensure that the script is being ran on a domain-joined machine and with a domain account.
2013-07-03Updated Get-GPPPasswordMatt Graeber2-1/+127
2013-06-30Added Get-KeystrokesMatt Graeber2-1/+248
Get-Keystrokes is a PowerShell keylogger
2013-05-18"Best practice" improvements to Out-MinidumpMatt Graeber1-42/+39
2013-05-15Added Out-MinidumpMatt Graeber2-1/+135
Out-Minidump writes a process dump file with all process memory to disk. This is similar to running procdump.exe with the '-ma' switch.
2013-01-21Consistency improvements in comment-based helpbitform1-70/+72
2013-01-20Added 'Exfiltration' Modulebitform4-0/+199
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 02:44:45 +0000