{"id":4247,"date":"2016-08-20T15:53:59","date_gmt":"2016-08-20T07:53:59","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4247"},"modified":"2017-10-29T20:20:01","modified_gmt":"2017-10-29T12:20:01","slug":"powerops-powershell-runspace-portable-post-exploitation-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/08\/powerops-powershell-runspace-portable-post-exploitation-tool\/","title":{"rendered":"PowerOPS &#8211; PowerShell Runspace Portable Post Exploitation Tool"},"content":{"rendered":"<p>PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell &#8220;easier&#8221;. PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/08\/PowerOPS-PowerShell-Runspace-Portable-Post-Exploitation-Tool-640x451.jpg\" alt=\"PowerOPS - PowerShell Runspace Portable Post Exploitation Tool\" width=\"640\" height=\"451\" class=\"aligncenter size-medium wp-image-4251\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/08\/PowerOPS-PowerShell-Runspace-Portable-Post-Exploitation-Tool-640x451.jpg 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/08\/PowerOPS-PowerShell-Runspace-Portable-Post-Exploitation-Tool.jpg 977w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>It tries to follow the KISS principle, being as simple as possible. The main goal is to make it easy to use PowerShell offensively and help to evade antivirus and other mitigations solutions. It does this by:<\/p>\n<ol>\n<li>Doesn&#8217;t rely on powershell.exe, it calls PowerShell directly through the .NET framework, which might help bypassing security controls like GPO, SRP and App Locker.<\/li>\n<li>The payloads are executed from memory and never touch disk, evading most antivirus engines.<\/li>\n<\/ol>\n<p>Since PowerOPS offers basically an interactive PowerShell command prompt you are free to use the PowerShell tools included the way you want, and additionally execute any valid PowerShell command.<\/p>\n<h3>What&#8217;s Inside The Runspace<\/h3>\n<ul>\n<li>PowerShellMafia\/Powersploit\n<ul>\n<li>Get-Keystrokes<\/li>\n<li>Invoke-DllInjection<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2015\/07\/mimikatz-gather-windows-credentials\/\">Invoke-Mimikatz<\/a><\/li>\n<li>Invoke-NinjaCopy<\/li>\n<li>Invoke-Shellcode<\/li>\n<li>Invoke-ReflectivePEInjection<\/li>\n<li>Invoke-TokenManipulation<\/li>\n<li>Invoke-WMICommand<\/li>\n<li>PowerUp<\/li>\n<li>PowerView<\/li>\n<\/ul>\n<li>Nishang\n<ul>\n<li>Get-Information<\/li>\n<li>Get-PassHashes<\/li>\n<li>Port-Scan<\/li>\n<\/ul>\n<li>Auto-GPPPassword<\/li>\n<li>PowerCat<\/li>\n<li>Empire\n<ul>\n<li>Invoke-Psexec<\/li>\n<li>Invoke-SSHCommand<\/li>\n<\/ul>\n<li>mimikittenz<\/li>\n<li>SMBAutoBrute<\/li>\n<li>PowerUpSQL<\/li>\n<\/ul>\n<p>Additionally you can run any valid PowerShell command.<\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>Powershell functions within the Runspace are loaded in memory from Base64 Encoded Strings.<\/p>\n<h3>Usage<\/h3>\n<p>Just run the binary and type &#8216;show&#8217; to list available modules.<\/p>\n<pre>PS > show\r\n\r\n[-] This computer is not part of a Domain! Some functions will not work!\r\n\r\n[+] Nishang\r\n\r\n Get-Information    Get-PassHashes             Port-Scan\r\n\r\n[+] PowerSploit\r\n\r\n Get-KeyStrokes     Invoke-DllInjection        Invoke-Mimikatz     Invoke-NinjaCopy\r\n Invoke-Shellcode   Invoke-TokenManipulation   Invoke-WmiCommand   Invoke-ReflectivePEInjection\r\n PowerView          PowerUp\r\n\r\n[+] Empire\r\n\r\n Invoke-PsExec      Invoke-SSHCommand\r\n\r\n[+] Others\r\n\r\n Auto-GPPPassword   Invoke-SMBAutoBrute        Invoke-mimikittenz  PowerCat\r\n PowerUpSQL\r\n\r\nPS ><\/pre>\n<p>You can download PowerOPS here:<\/p>\n<p><a href=\"https:\/\/github.com\/fdiskyou\/PowerOPS\/archive\/v1.0-beta.zip\">PowerOPS-v1.0-beta.zip<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/github.com\/fdiskyou\/PowerOPS\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell &#8220;easier&#8221;. PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier. [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell \"easier\" - doesn't require powershell.exe.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9],"tags":[9702,2129,9452],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4247"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4247"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4247\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}