From 1980f403ee78234eae4d93b50890d02f827a099f Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Wed, 14 Dec 2016 17:50:37 -0500 Subject: For ./CodeExecution/ : -PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs --- docs/CodeExecution/Invoke-Shellcode.md | 116 +++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100755 docs/CodeExecution/Invoke-Shellcode.md (limited to 'docs/CodeExecution/Invoke-Shellcode.md') diff --git a/docs/CodeExecution/Invoke-Shellcode.md b/docs/CodeExecution/Invoke-Shellcode.md new file mode 100755 index 0000000..7240a4c --- /dev/null +++ b/docs/CodeExecution/Invoke-Shellcode.md @@ -0,0 +1,116 @@ +# Invoke-Shellcode + +## SYNOPSIS +Inject shellcode into the process ID of your choosing or within the context of the running PowerShell process. + +PowerSploit Function: Invoke-Shellcode +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: None + +## SYNTAX + +``` +Invoke-Shellcode [-ProcessID ] [-Shellcode ] [-Force] +``` + +## DESCRIPTION +Portions of this project was based upon syringe.c v1.2 written by Spencer McIntyre + +PowerShell expects shellcode to be in the form 0xXX,0xXX,0xXX. +To generate your shellcode in this form, you can use this command from within Backtrack (Thanks, Matt and g0tm1lk): + +msfpayload windows/exec CMD="cmd /k calc" EXITFUNC=thread C | sed '1,6d;s/\[";\]//g;s/\\\\/,0/g' | tr -d '\n' | cut -c2- + +Make sure to specify 'thread' for your exit process. +Also, don't bother encoding your shellcode. +It's entirely unnecessary. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +Invoke-Shellcode -ProcessId 4274 +``` + +Description +----------- +Inject shellcode into process ID 4274. + +### -------------------------- EXAMPLE 2 -------------------------- +``` +Invoke-Shellcode +``` + +Description +----------- +Inject shellcode into the running instance of PowerShell. + +### -------------------------- EXAMPLE 3 -------------------------- +``` +Invoke-Shellcode -Shellcode @(0x90,0x90,0xC3) +``` + +Description +----------- +Overrides the shellcode included in the script with custom shellcode - 0x90 (NOP), 0x90 (NOP), 0xC3 (RET) +Warning: This script has no way to validate that your shellcode is 32 vs. +64-bit! + +## PARAMETERS + +### -ProcessID +Process ID of the process you want to inject shellcode into. + +```yaml +Type: UInt16 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: 0 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Shellcode +Specifies an optional shellcode passed in as a byte array + +```yaml +Type: Byte[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Injects shellcode without prompting for confirmation. +By default, Invoke-Shellcode prompts for confirmation before performing any malicious act. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + -- cgit v1.2.3