Skip to content
This repository was archived by the owner on Jan 21, 2021. It is now read-only.

Merge 3.0 release changes #102

Merged
merged 58 commits into from
Dec 19, 2015
Merged

Merge 3.0 release changes #102

merged 58 commits into from
Dec 19, 2015

Conversation

PowerShellMafia
Copy link
Collaborator

No description provided.

FixTheExchange and others added 30 commits October 30, 2015 11:38
@FixTheExchange
Update Invoke-TokenManipulation.ps1
17dd683 
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes.  Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
@FixTheExchange
Update Invoke-TokenManipulation.ps1
e179b2e 
Removed 2 unnecessary lines.
Normalizing all files to ascii encoding
5a812ce
Revert "Normalizing all files to ascii encoding"
2dd1f59 
This reverts commit 5a812ce.
Normalizing all files to ascii encoding
12ce71b
Migrating everything back to Invoke-Shellcode.ps1. I'm done making my…
d0fff7b 
… point now. :P
Removing Metasploit integration from Invoke-Shellcode
5065810 
This should have only ever been a shellcode runner. Those wishing to
integrate this with Metasploit should generate a shellcode payload with
msfvenom.
Adding Visual Studio 2015 project file
81b5773 
Those who wish to load this project into VS 2015 with Adam Driscoll's
PowerShell VS extension may now do so.
Re-import Invoke-Shellcode.ps1
d1145e0
Test: Ensure all scripts are not LE Unicode encoded
641eff7
Removing Invoke-ShellcodeMSIL
18b7a10 
This was only ever intended to be a PoC. I'll bring this back if
requested but it exhibits duplicate functionality.
Fixed a casting bug
17bfa4e
Removed extraneous parameters
0eb520e 
Removed the following extraneous parameters:
-PEPath
-PEUrl
-ComputerName

The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
Revert "Removed extraneous parameters"
b8e831e 
This reverts commit 0eb520e.
Removed extraneous parameters
992f980 
Removed extraneous parameters

Removed the following extraneous parameters:
-PEPath
-PEUrl

The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
Adding -DoNotZeroMZ for testing
aae81dd
Excluding the Tests folder from being loaded as a module
a0ab599
Revert "Excluding the Tests folder from being loaded as a module"
a78b404 
This reverts commit a0ab599.
Adding Pester tests for CodeExecution module
c03965c
Excluding the Tests folder from being loaded as a module
62bb142
Removing Invoke-ShellcodeMSIL from psproj file
729e9ca
@HarmJ0y
Integration of PowerView into ./Recon/
5fb6905
@HarmJ0y
Added ./Privesc/ folder that integrates PowerUp.ps1
8ab8c49 
Updated README.md's
@HarmJ0y
Privesc/PowerUp Pester tests
c143dc6
@HarmJ0y
Start of Recon/PowerView Pester tests
e44df18
@HarmJ0y
Domain local group query fix.
a0b95c3 
Added ConvertFrom-UACValue to convert binary UAC values to human readable format.
Corrected logic in Set-ADObject.
@HarmJ0y
Added Invoke-DowngradeAccount to set an account to use reversible enc…
a336562 
…ryption.
@ICanHazDonuts
Adding PollingInterval param to Get-Keystrokes
93a71b0 
Incorporates idea from @obscuresec in issue #50.
@ICanHazDonuts
Fix Invoke-Shellcode OS architecture detection
7f6d3a4 
Fixes issue #70
@HarmJ0y
Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left …
a235313 
…on disk.
HarmJ0y and others added 23 commits December 14, 2015 21:53
@HarmJ0y
Removed C# enum for Test-ServiceDaclPermission
0181ff0
@HarmJ0y
Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit
dae9d91 
…into dev
@HarmJ0y
Removed commented blocks.
55fabd7
@ICanHazDonuts
Invoke-Mimkatz: Incorporated latest 2.0 alpha build
e144be7 
Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](gentilkiwi/mimikatz@1b13057)

This update addresses issue #94.
@ICanHazDonuts
Invoke-DllInjection Pester test improvement
924103a 
The test dll I now use is advpack.dll since that is present in all
versions of windows.
@ICanHazDonuts
Invoke-WmiCommand now obtains full powershell path
f6e032c 
Addresses issue #95.
@ICanHazDonuts
Invoke-WmiCommand is now PSv2 compatible
f70c63f 
This bug fix addresses issue #96. As much as a hate dropping files to
disk, this was the easiest way to preserve objects in PSv2+. If someone
want to implement the [de]serialization themselves and keep everything
in memory, please submit a PR.
Merge pull request #91 from FixTheExchange/patch-1
fef09e6 
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
@ICanHazDonuts
Fixed Invoke-WmiCommand credential popup issue
fdcdeab 
Easy fix to issue #97
@ICanHazDonuts
Fixed mangled decrypted script output
9a2dfad 
Addresses issue #80. This was a tricky fix because the script should
ideally handle Unicode and Ascii encoded scripts. I haven't tested
scripts with international characters but I would imagine those script
would get mangled since the decrypted output is ultimately normalized to
ascii.
@ICanHazDonuts
Fixed Add-Persistence. Issue #98
ef37a13
@ICanHazDonuts
Invoke-DllInjection detects OS arch on all OSes
f5d9b25 
This fix addresses issue #99. While I'm not the biggest fan of
performing tests based on environment variables, I felt that making
additional Win32 API calls would have been overkill.
@ICanHazDonuts
Added a slight delay to Invoke-DllInjection validation
1cdad58 
In some cases, the loaded module would show up as loaded after the check
occurred.
Update README.md
70f25c9
Added volume shadow copy functions to README.md
b01a812
@ICanHazDonuts
Removed all version numbers from scripts
c2a7092 
Scripts in a module should not be individually versioned. Only the
module should be versioned.
@ICanHazDonuts
Removed version numbers from scripts
55098d5 
A module should maintain a version number not the individual scripts.
@ICanHazDonuts
Invoke-ReflectivePEInjection test harnesses updated
98ebc1b 
Affected test harness PEs were updated to work in XP. Addresses issue
#100
@ICanHazDonuts
Revert "Invoke-ReflectivePEInjection test harnesses updated"
52c46b1 
This reverts commit 98ebc1b.
@ICanHazDonuts
Updated .psproj to reflect additions/removals
2a8da71
@ICanHazDonuts
Added manifest info for the PowerShell Gallery
26e0b29
@ICanHazDonuts
Improved root module manifest for PS Gallery
29ae830
@ICanHazDonuts
Set all module versions to 3.0
9f183e3 
Also cleaned up some module manifest cruft.
@PowerShellMafia PowerShellMafia self-assigned this Dec 19, 2015
@PowerShellMafia PowerShellMafia added this to the 3.0 release milestone Dec 19, 2015
PowerShellMafia pushed a commit that referenced this pull request Dec 19, 2015
Merge pull request #102 from PowerShellMafia/dev
9e771d1 
Merge 3.0 release changes
@PowerShellMafia PowerShellMafia merged commit 9e771d1 into master Dec 19, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
antiforensics
Projects
None yet
Milestone
3.0 release
Development

Successfully merging this pull request may close these issues.
4 participants
@PowerShellMafia @FixTheExchange @HarmJ0y @ICanHazDonuts