{"id":4002,"date":"2015-12-22T00:57:29","date_gmt":"2015-12-21T16:57:29","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4002"},"modified":"2017-10-29T20:18:39","modified_gmt":"2017-10-29T12:18:39","slug":"powersploit-powershell-post-exploitation-framework","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/12\/powersploit-powershell-post-exploitation-framework\/","title":{"rendered":"PowerSploit &#8211; A PowerShell Post-Exploitation Framework"},"content":{"rendered":"<p>PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. Basically, it is a PowerShell Post-Exploitation Framework that helps you with various tasks like DLL injection, invoking shellcode and setting up script persistence.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/12\/PowerSploit-A-PowerShell-Post-Exploitation-Framework-640x391.jpg\" alt=\"PowerSploit - A PowerShell Post-Exploitation Framework\" width=\"640\" height=\"391\" class=\"aligncenter size-medium wp-image-4774\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/12\/PowerSploit-A-PowerShell-Post-Exploitation-Framework-640x391.jpg 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2015\/12\/PowerSploit-A-PowerShell-Post-Exploitation-Framework.jpg 677w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>It also includes reflective PE injection and can reflectively load <a href=\"https:\/\/www.darknet.org.uk\/2015\/07\/mimikatz-gather-windows-credentials\/\">Mimikatz<\/a> into memory allowing you to dump credentials without writing anything to disk.<\/p>\n<h2>PowerSploit Features<\/h2>\n<p>PowerSploit has the modules categorised in the following groups:<\/p>\n<ul>\n<li><strong>Antivirus Bypass\t<\/strong>Find bytes of a file which has a matching signature in antivirus.<\/li>\n<li><strong>Code Execution\t<\/strong>Execute code on a target machine.<\/li>\n<li><strong>Exfiltration<\/strong>\tCreate logons, get keystrokes, grab passwords, make a volume shadow copy etc.<\/li>\n<li><strong>Mayhem<\/strong> Cause general mayhem with PowerShell.\n<li><strong>Persistence\t<\/strong> Maintain control to machine by adding persistence to scripts.<\/li>\n<li><strong>Privesc\t<\/strong> Tools to help with escalating privileges on a target.<\/li>\n<li><strong>Recon<\/strong>\tTools to aid in the reconnaissance phase of a penetration test.<\/li>\n<li><strong>Script Modification<\/strong>\tModify and\/or prepare scripts for execution on a compromised machine..<\/li>\n<\/ul>\n<h3>How to use PowerSploit<\/h3>\n<p>Refer to the comment-based help in each individual script for detailed usage information.<\/p>\n<p>To install this module, drop the entire PowerSploit folder into one of your module directories. The default PowerShell module paths are listed in the <code>$Env:PSModulePath<\/code> environment variable.<\/p>\n<p>The default per-user module path is:<\/p>\n<pre>$Env:HomeDrive$Env:HOMEPATH\\Documents\\WindowsPowerShell\\Modules<\/pre>\n<p>The default computer-level module path is:<\/p>\n<pre>$Env:windir\\System32\\WindowsPowerShell\\v1.0\\Modules<\/pre>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>To use the module, type:<\/p>\n<pre>Import-Module PowerSploit<\/pre>\n<p>To see the commands imported, type:<\/p>\n<pre>Get-Command -Module PowerSploit<\/pre>\n<p>If you&#8217;re running PowerShell v3 and you want to remove the annoying &#8216;Do you really want to run scripts downloaded from the Internet&#8217; warning, once you&#8217;ve placed PowerSploit into your module path, run the following one-liner:<\/p>\n<pre>$Env:PSModulePath.Split(';') | % { if ( Test-Path (Join-Path $_ PowerSploit) ) {Get-ChildItem $_ -Recurse | Unblock-File} }<\/pre>\n<p>For help on each individual command, Get-Help is your friend.<\/p>\n<p>Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.<\/p>\n<p>You can download PowerSploit v3.0.0 here:<\/p>\n<p><a href=\"https:\/\/github.com\/PowerShellMafia\/PowerSploit\/archive\/v3.0.0.zip\">PowerSploit-v3.0.0.zip<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/github.com\/mattifestation\/PowerSploit\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. Basically, it is a PowerShell Post-Exploitation Framework that helps you with various tasks like DLL injection, invoking shellcode and setting up script persistence. It also includes reflective PE injection and can reflectively load [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"PowerSploit is a PowerShell Post-Exploitation Frameworks that can be used to aid penetration testers during all phases of an assessment.\u00a0","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9],"tags":[2129,8981],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4002"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4002"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4002\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}