Search the Community

Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27. Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we’ve interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at [email protected]. Changelog v5.1.2 Updated Starkiller to v2.1.1 Removed thread from IronPython agent (@Hubbl3) Fixed foreign listener issue with cookies (@Hubbl3) Fixed error message handling for port forward pivot (@Cx01N) Fixed upload not reporting error in PowerShell agent (@Cx01N) Fixed client not giving option to select upload directory (@Cx01N) Fixed persistence/powerbreach/eventlog launcher generation (@Cx01N) [hide][Hidden Content]]

Description Learning about PowerShell exploitation techniques and tools is of vital importance for successfully running red team operations or penetration tests in Windows environments. The ability to make use of readily available tools such as PowerShell when targeting Windows operating systems during red teaming exercises is crucial to guarantee a successful outcome. In this course, Exploitation with PowerShell, you’ll learn to leverage PowerShell to your advantage when targeting Windows operating systems. First, you’ll explore various types of tools that you can work with to build evasive payloads. Next, you’ll discover how to embed these payloads into client-side exploits. Finally, you’ll learn about the various security mitigations which you may be confronted with during security operations and how to evade them. When you’re finished with this course, you’ll have the skills and knowledge required to successfully conduct pentests and red team exercises using PowerShell. [Hidden Content] [hide][Hidden Content]]

The premier PowerShell integrated scripting and tool-making environment. Fully-featured PowerShell editor. Visually create PowerShell GUI tools. Convert scripts into executable (.exe) files. Create MSI installers. Create modules from your existing functions or help files. Create advanced functions using the Function Builder. Create windows services using PowerShell. Monitor script performance and memory usage. Script with cmdlets from a remote machine. Universal Version Control with Git integration. Integrated PowerShell consoles (32-bit & 64-bit). Comprehensive script debugger. Remote debugging. Multi-file and module debugging. 32-bit and 64-bit PowerShell integration. Built-in PowerShell help. Supports Windows PowerShell and PowerShell 7. Code Formatting. Prevent loss of work with the File Recovery feature. [Hidden Content] [hide][Hidden Content]]

Invoke-PSObfuscation v1.0.0 - obfuscating the individual components of a PowerShell payload Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially introduces chokepoints. The approach this tool introduces is a methodology where you can target and obfuscate the individual components of a script with randomized variations while achieving the same intended logic, without encapsulating the entire payload within a single layer. Due to the complexity of the obfuscation logic, the resulting payloads will be very difficult to signature and will slip past heuristic engines that are not programmed to emulate the inherited logic. While this script can obfuscate most payloads successfully on its own, this project will also serve as a standing framework that I will use to produce future functions that will utilize this framework to provide dedicated obfuscated payloads, such as one that only produces reverse shells. Dedicated Payloads As part of my ongoing work with PowerShell obfuscation, I am building out scripts that produce dedicated payloads that utilize this framework. These have helped to save me time and hope you find them useful as well. You can find them within their own folders at the root of this repository. Get-ReverseShell Get-DownloadCradle Get-Shellcode v1.0.0 This project has been live for a while, but publishing a release for some versioning history. [hide][Hidden Content]]

Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27. Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we’ve interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at [email protected]. Changelog v5.0.4 Fix module error in PSRansom (@Cx01N) Update the install script to set up a new db user instead of overwriting the root user (@vinnybod) Update the Starkiller syncer to skip updating if not in a git repo (@vinnybod) Update the Docker CI action to publish latest on ‘main’ branch (@vinnybod) Fix install of Poetry for Debian based systems (@vinnybod) [hide][Hidden Content]]

Powershell Backdoor Generator Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. Features Hak5 Rubber Ducky payload Flipper Zero payload Download Files from remote system Fetch target computers public IP address List local users Find Intresting Files Get OS Information Get BIOS Information Get Anti-Virus Status Get Active TCP Clients Checks for common pentesting software installed usage: listen.py [-h] [--ip-address IP_ADDRESS] [--port PORT] [--random] [--out OUT] [--verbose] [--delay DELAY] [--flipper FLIPPER] [--ducky] [--server-port SERVER_PORT] [--payload PAYLOAD] [--list--payloads] [-k KEYBOARD] [-L] [-H] Powershell Backdoor Generator options: -h, --help show this help message and exit --ip-address IP_ADDRESS, -i IP_ADDRESS IP Address to bind the backdoor too (default: 192.168.X.XX) --port PORT, -p PORT Port for the backdoor to connect over (default: 4444) --random, -r Randomizes the outputed backdoor's file name --out OUT, -o OUT Specify the backdoor filename (relative file names) --verbose, -v Show verbose output --delay DELAY Delay in milliseconds before Flipper Zero/Ducky-Script payload execution (default:100) --flipper FLIPPER Payload file for flipper zero (includes EOL conversion) (relative file name) --ducky Creates an inject.bin for the http server --server-port SERVER_PORT Port to run the HTTP server on (--server) (default: 8080) --payload PAYLOAD USB Rubber Ducky/Flipper Zero backdoor payload to execute --list--payloads List all available payloads -k KEYBOARD, --keyboard KEYBOARD Keyboard layout for Bad Usb/Flipper Zero (default: us) -A, --actually-listen Just listen for any backdoor connections -H, --listen-and-host Just listen for any backdoor connections and host the backdoor directory [Hidden Content]

Table of Contents Steps and key information of PowerShell Process and feature in PowerShell A fundamental information of PowerShell Functions, switches, and looping structures of PowerShell How to utilize .NET WHAT IS POWERSHELL? Windows PowerShell is an item situated robotization motor and scripting language. It is primarily aimed at system administrators. It causes IT experts, to control and mechanize the administration of the Windows operating system and other applications. While many casual users know about the Command Prompt, only a few have heard about Windows PowerShell. PowerShell is a much more powerful tool than the Command Prompt. It is also intended to replace the Command Prompt, as it delivers more power and control over the Windows operating system. Windows PowerShell is a shell initially developed by Microsoft for the purposes of task automation and configuration management. PowerShell is now an open source project, and it can be installed on Windows, macOS, and Linux platforms. This shell is based on the .NET framework, and it includes a command-line shell and a scripting language. .epub File [hide][Hidden Content]]

Obfuscated powershell reverse backdoor with Flipper Zero and USB Rubber Ducky payloads. Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. Features Hak5 Rubber Ducky payload Flipper Zero payload Download Files from remote system Fetch target computers public IP address List local users Find Intresting Files Get OS Information Get BIOS Information Get Anti-Virus Status Get Active TCP Clients Checks for common pentesting software installed [hide][Hidden Content]]

This module offers a unique solution for remotely controlling one or multiple screens using only PowerShell. Unlike other remote desktop tools that rely on external protocols and software, our module utilizes its own remote desktop protocol. The module consists of both a client and a server component, both of which are written entirely in PowerShell. Our protocol provides secure, encrypted communication using TLS and offers both challenge-based password authentication and certificate-based authentication. In addition to providing full mouse and keyboard control over the remote desktop, our module also replicates the mouse cursor icon for the viewer, synchronizes the clipboard between the local and remote systems, and more. Despite the limitations of PowerShell, we have implemented techniques to optimize network traffic and improve the streaming experience, resulting in a smooth and efficient remote desktop experience. Tested on: Windows 10 Windows 11 Remote Desktop Streaming: This feature allows you to stream the desktop of the remote computer to your own device. The streaming supports HDPI and scaling, providing a high-quality display on various screens and resolutions. Remote Control: With this feature, you can control the mouse (including moves, clicks, and wheel) and keyboard of the remote computer as if you were sitting in front of it. Secure: To protect the privacy and security of your remote desktop sessions, the module uses TLSv1.2 or 1.3 to encrypt the network traffic. Access to the server is granted through a challenge-based authentication mechanism that requires a user-defined complex password. Network Traffic Encryption: The module supports encrypting the network traffic using either a default X509 certificate (which requires administrator privileges) or your own custom X509 certificate. Server Certificate Fingerprint Validation: To ensure the authenticity of the server, the module allows you to validate the fingerprint of the server certificate and optionally persist this validation between sessions. Clipboard Synchronization: This feature allows you to synchronize the clipboard text between the viewer (your device) and the server (the remote computer). You can easily copy and paste text between the two systems. Mouse Cursor Icon Synchronization: The module also synchronizes the state of the mouse cursor icon between the viewer (virtual desktop) and the server, providing a more seamless and intuitive remote desktop experience. Multi-Screen Support: If the remote computer has more than one desktop screen, you can choose which screen to capture and stream to your device. View Only Mode: This feature allows you to disable remote control abilities and simply view the screen of the remote computer. It can be useful for demonstrations or presentations. Session Concurrency: Multiple viewers can connect to a single server at the same time, allowing multiple users to collaborate on the same remote desktop. Sleep Mode Prevention: To ensure that the remote desktop remains active and responsive, the module prevents the remote computer from entering sleep mode while it is waiting for viewers to connect. Streaming Optimization: To improve the streaming speed, the module only sends updated pieces of the desktop to the viewer, reducing the amount of data transmitted over the network. [Hidden Content]

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post-exploitation and lateral movement even. Please use it at your own risk I am not and will not be responsible for your actions. Also, this reverse shell currently is not detected by Windows Defender. If you want to use this make sure to set up a Digital Ocean VPS and have the script connect back there or your C2. Happy Hacking! Key Features Reverse Shell Simply Change The IP & Port & Let It Do Its Magic Blue Screen Of Death (BSOD) Basically will call winit.exe and give a blue screen and shutdown the computer Disable Windows Defender (Needs Admin Priv Of Course) Get Computer Information Disable Input (Needs Admin Priv) Disable Monitor Exclude File Extensions (Needs Admin Priv) Exclude Folder (Needs Admin Priv) Exclude Process (Needs Admin Priv) Get USB History GPS Location (Gets The Lat & Long Then Performs A Reverse GEO Lookup & Spits Out The Exact Address) Grab Wifi Credentials Ifconfig List Antivirus Running List External IP Logoff Mayhem Window Popup Send A Message Box Network Scan (Internal Scan The Network For Open Ports & IPs) Restart Rickroll Scare Window Screenshot The Screen System Time Webcam List [hide][Hidden Content]]

Original Features Bypasses All modern AVs in use on VirusTotal Compresses and encrypts powershell scripts Has a minimal and often even negative (thanks to the compression) overhead Randomizes variable names to further obfuscate the decrypter stub Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy! Super easy to modify to create your own crypter variant Supports recursive layering (crypter crypting the crypted output) Supports Import-Module as well as standard running as long as the input script also supported it GPLv3 -- Free and open-source! All features in a single file so you can take it with you anywhere! Added Features AMSI Bypass Unicode Encoding HTML Encoding URL Encoding DISCLAIMER !!! This tool is for educational use only, the author will not be held responsible for any misuse of this tool. [hide][Hidden Content]]

[Hidden Content] [Hidden Content]

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP. All communication between the two elements is encrypted or encoded so as to be undetected by traffic inspection mechanisms, although at no time is HTTPS used at any time. Requirements PowerShell 4.0 or greater This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it. [hide][Hidden Content]]

SAPIEN PowerShell ModuleManager – Whether you are a PowerShell beginner or expert, PowerShell modules are an important resource for your script development. PowerShell ModuleManager makes it easy to search and manage modules installed on your local or remote machine, ensuring that your modules are always up to date. Features • Search the PowerShell Gallery or any other repository for new modules. • Install, remove or temporarily disable modules. • Keep modules up-to-date. • Remove duplicate and outdated versions of modules to prevent version confusion. • Filter and find specific modules on your machine. • View detailed module information at a glance. • Move and organize module locations. • Manage modules on remote machines. • Publish modules to a repository. [Hidden Content] [hide][Hidden Content]]

SAPIEN PowerShell HelpWriter – PowerShell HelpWriter is the premier editor for Windows PowerShell XML help files. Create and edit help files for all command types, including cmdlets, functions, workflows, and CIM commands. Focus on your content and let PowerShell HelpWriter worry about the XML. Features • Generate help files for modules. • Create and edit about topics. • Real-time Spell checking. • Create and design module help from scratch. • Fully-featured editor helps you write accurate and complete help topics. • Edit help files using the designer or directly using the XML editor. • Supports all command types: cmdlets, functions, workflows, CIM commands. • Converts comment-based help to PSMAML files. • Generates starter help for any command or all commands in a module. • Export help to Markdown or HTML. • Refresh the content to reflect changes in the module. • Prevent loss of work with the File Recovery feature. [Hidden Content] [hide][Hidden Content]]

SAPIEN PowerShell ModuleManager – Whether you are a PowerShell beginner or expert, PowerShell modules are an important resource for your script development. PowerShell ModuleManager makes it easy to search and manage modules installed on your local or remote machine, ensuring that your modules are always up to date. Features • Search the PowerShell Gallery or any other repository for new modules. • Install, remove or temporarily disable modules. • Keep modules up-to-date. • Remove duplicate and outdated versions of modules to prevent version confusion. • Filter and find specific modules on your machine. • View detailed module information at a glance. • Move and organize module locations. • Manage modules on remote machines. • Publish modules to a repository. [Hidden Content] [hide][Hidden Content]]

SAPIEN PowerShell Studio – PowerShell Studio is the premier editor and tool-making environment for PowerShell. This single tool will meet all your scripting needs. Work the way YOU want with PowerShell. Features • Visually create PowerShell GUI tools. • Convert scripts into executable (.exe) files. • Create MSI installers. • Create modules from your existing functions or help files. • Create advanced functions using the Function Builder. • Create windows services using PowerShell. • Monitor script performance and memory usage. • Script with cmdlets from a remote machine. • Universal Version Control with Git integration. • Integrated PowerShell consoles (32-bit & 64-bit). • Comprehensive script debugger. • Remote debugging. • Multi-file and module debugging. • 32-bit and 64-bit PowerShell integration. • Built-in PowerShell help. • Supports Windows PowerShell and PowerShell 7. • Code Formatting. • Prevent loss of work with the File Recovery feature. [Hidden Content] [hide][Hidden Content]]

Description THIS COURSE IS FREQUENTLY UPDATED. LAST UPDATED IN NOVEMBER 2020 *** This Course purchase includes video lectures, practice files, quizzes, & assignments, 1-on-1 instructor support, LIFETIME access and a 100%MONEY-BACK GUARANTEE*** Please note that this course will be continuously getting updated with more videos to keep you up to date on Windows PowerShell. You may see here a lot of production ready automation scripts very soon. Please encourage by enrolling and providing your honest reviews & ratings. You can also demand a lecture on a specific topic of PowerShell which comes under scope of this course. The course is designed to help IT Professionals in starting with Windows PowerShell scripting. You might not find an extremely advanced PowerShell topic in the lectures. Here, prime focus is on the IT professionals who want to learn PowerShell scripting but are hesitating due to less or no knowledge of programming. Topics which may not be Windows PowerShell concepts but are important for developing PowerShell understanding are included which comes as bonus. The course is intend to make people think in terms of automating small daily tasks using PowerShell and improve work efficiency and then gradually move towards complex logical tasks. Once you have completed this course, you will be should be able to fully control even the modules which are not part of our discussion. Important Content: PowerShell Automation Solution for File Purging PowerShell Automation for Scheduled Service restarts Windows Task Scheduler and scheduling PowerShell scripts to run PowerShell Basic Fundamentals PowerShell Programming basics for Absolute Beginners File Handling in PowerShell Scripting PowerShell for Daily life Automation All of the basic concepts of PowerShell have been explained in simple terminology. You will start falling for PowerShell, that is a promise. so Lets start this scripting journey Who this course is for: Students/IT Professionals who desire to automate their or team’s day to day life manual work System Administrator (Beginners ) Aspirants seeking carrier in IT Automation Anyone who want to get basic understanding of coding/scripting Requirements Desire to Automate manual tasks PC/Laptop installed with Windows OS. You should be able to use PC/laptop comfortably. Some basic understanding of command line (Win CMD/Unix Shell) will help quickly picking up [Hidden Content] [hide][Hidden Content]]

About Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised app that is part of a managed identity. Azur3Alph4 is currently in development. Modules are being worked on and updated. Most of this is still untested. Scripts are in repo for individual use and easy identification, but the .psm1 file is what will be consistently updated. [hide][Hidden Content]]

PowerShell for Pentesters is a basic introduction to using PowerShell on internal penetration tests. This course is essentially the PowerShell module from my popular Movement, Pivoting, and Persistence course on TCM Academy and Udemy. In the course we will cover: User, group, and workstation enumeration Domain enumeration Downloading with PowerShell Group Policy Enumeration ACL Enumeration PowerShell Remoting PowerView and other popular offensive PowerShell scripts Mimikatz exploitation Scripts are provided for easy installation of Active Directory functionality, however, no instruction will be given on installing virtual machines in the video. A lab guide provided in this repo will outline the basics for installing your network on Virtualbox. The process is similar on VMWare Workstation and Workstation Pro. You will need Hashcat for the course, which is accessible at [Hidden Content]. You can also access Hashcat through Kali Linux if you have it installed. A course wordlist is included in the repo which contains user passwords when necessary, and will not require a GPU to crack. [Hidden Content]

Unmanaged PowerShell execution using DLLs or a standalone executable. Introduction PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe. Run Powershell without powershell.exe or powershell_ise.exe AMSI Bypass features. Run Powershell scripts directly from the command line or Powershell files Import Powershell modules and execute Powershell Cmdlets. [hide][Hidden Content]]

Learn Windows PowerShell by hands on practice exercises | A Short & Crisp Introduction to Scripting. What you'll learn Full of hands-on instructions, interesting and illustrative examples, clear explanations Learn an important and mandatory skill for Windows Server Administration Introduction to scripting world using Windows PowerShell scripting Introductory concepts of PowerShell Requirements Some basic understanding of command line (Win CMD/Unix Shell) will help quickly picking up PC/Laptop installed with Windows OS. You should be able to use PC/laptop comfortably. Description This course is designed to take the system administrators to an advanced level and make them more efficient at their work. You will find ways to automate your daily work using the advantages of Windows PowerShell scripting. PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS. This course is a short & crisp introduction to those who do not have any prior knowledge of scripting or any programming basics. The instructor has tried to explain the concepts in such a simple terminology that even non-technical people will find very easy to grasp the various PowerShell concepts. The course is intended to make people think in terms of automating small daily tasks using PowerShell and improve work efficiency and then gradually move towards complex logical tasks. Once you have completed this course, you will be should be able to use even the modules which are not part of our discussion. Topics which may not be Windows PowerShell concepts but are important for developing PowerShell understanding are included which comes as bonus. Important Content: Why Automation How Launch PowerShell as Admin and Non-Admin What is Execution Policy PowerShell Help PowerShell File Read Operations PowerShell , Windows PowerShell , Microsoft scripting language PowerShell Modules Introduction & Benefits Who this course is for: Anyone who is working in IT and uses Windows Operating System Aspirants seeking carrier in IT Automation [Hidden Content] [hide][Hidden Content]]

Description ــــــــــــــــــــــــــ The PowerShell For Penetration Testers (PFPT) is an online course designed for teaching PowerShell to penetration testers, system administrators and other security professionals. You will be able to use and write tools in PowerShell which is installed by default of all modern Windows operating systems. The course will be of interest for anyone who wants to know more about using PowerShell for security research, penetration testing and red teaming. The course covers various phases of a penetration testing and PowerShell is used to enhance techniques in the each phase. What You Will Learn ـــــــــــــــــــــــــــــــــــــــــــ -Introduction to PowerShell -Basics of PowerShell -Scripting -Advanced Scripting Concepts -Modules -Jobs -PowerShell with .Net -Using Windows API with PowerShell -PowerShell and WMI -Working with COM objects -Interacting with the Registry -Recon and Scanning -Exploitation -Brute Forcing -Client Side Attacks -Using existing exploitation techniques -Porting exploits to PowerShell – When and how -Human Interface Device -PowerShell and Metasploit -Running PowerShell scripts -Using PowerShell in Metasploit exploits -Post Exploitation -Information Gathering and Exfiltration -Backdoors -Privilege Escalation -Getting system secrets -Post Exploitation -Passing the hashes/credentials -PowerShell Remoting -WMI and WSMAN for remote command execution -Web Shells -Achieving Persistence -Using PowerShell with other security tools -Defense against PowerShell attacks Who this course is for ــــــــــــــــــــــــــــــــــــــــــــــ It is for Novices and Experts. The language basics and PowerShell programming, which form almost half of the course, are covered with patiently and keeping in mind students with no or very little prior programming experience. During the part where application of PowerShell in penetration testing is discussed, the course gathers speed and even expert users will learn new concepts and applications of Offensive PowerShell. [Hidden Content]

Invoke-Stealth Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together, or all of them sequentially with ease, from Windows or Linux. Technique · Chimera: Substitute strings and concatenate variables · BetterXencrypt: Compresses and encrypts with random iterations · PyFuscation: Obfuscate functions, variables and parameters · PSObfuscation: Convert content to bytes and encode with Gzip · ReverseB64: Encode with base64 and reverse it to avoid detections [hide][Hidden Content]]

[Hidden Content]