|
|
||
|---|---|---|
| .. | ||
| Antak-WebShell | ||
| Backdoors | ||
| Escalation | ||
| Execution | ||
| Gather | ||
| Misc | ||
| Pivot | ||
| powerpreter | ||
| Prasadhak | ||
| Scan | ||
| Utility | ||
| .gitattributes | ||
| .gitignore | ||
| CHANGELOG.txt | ||
| nishang.psm1 | ||
| README.md | ||
#Nishang
###Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security usage and during Penetraion Tests. Nishang is useful during various phases of a penetration test and is most powerful for post exploitation usage.
####Scripts Nishang currently contains following scripts and payloads.
#####Antak - the Webshell Antak
Execute powershell scripts in-memory, commands, download and upload files using this webshell.
#####Backdoors HTTP-Backdoor
A backdoor which is capable to recieve instructions from third party websites and could execute powershell scripts in memory.
A Backdoor which could recieve commands and powershell scripts from DNS TXT queries and execute those on target and could be controlled remotely using the queries.
A Backdoor which could execute powershell scripts on a given time on a target.
#####Escalation Enable-DuplicateToken
When SYSTEM privileges are required.
Introduce vulnerabilites by removing patches.
#####Execution Download-Execute-PS
Download and execute a powershell script in memory.
Download an executable in text format, convert to executable and execute.
Run powershell commands, native commands or SQL commands on a MSSQL Server with sufficient privileges.
Execute shellcode in memeory using DNS TXT queries.
#####Gather Check-VM
Check for Virtual Machine
Copy the SAM file using Volume Shadow Service.
Fool a user to give credentials in plain text.
A pair of scripts for Egress Testing
Get juicy information from a target.
Get LSA Secret from a target.
Get password hashes from a target.
Get WLAN keys in plain from a target.
Log keys from a target.
#####Pivot Create-MultipleSessions
Check credentials on multiple computers and create PSSessions.
Run-EXEonRemote Copy and execute an executable on multiple machines.
#####Prasadhak Prasadhak
Check running hashes of running process against Virus Total database.
#####Scan Brute-Force
Brute force FTP, Active Directory, MS SQL Server and Sharepoint.
A handy port scanner.
#####Powerpreter Powerpreter
All the functionality of nishang in a single script module.
#####Utility Add-Exfiltration
Add data exfiltration capability to gmail,pastebin, webserver and DNS to any script.
Add Reboot persistence capability to a script.
Remoce persistence added by the Add-Persistence script.
Pipe (|) this to any script to exfiltrate the output.
Download a file to the target.
Parse keys logged by the Keylogger.
Encode and Compress a script or string.
Decode and Decompress a script or string from Invoke-Encode.
[Base64ToString] [StringToBase64] [ExetoText] [TexttoExe]
####Usage
Use the individual scripts with dot sourcing
PS > . .\Get-Information PS > Get-Information
To get help about any script or payload, use
PS > Get-Help [scriptname.ps1] -full
Import all the scripts in current powershell session
PS > Import-Module .\nishang.psm1
####Updates
Updates about Nishang could be found at my blog http://labofapenetrationtester.com/ and my twitter feed @nikhil_mitt
####Bugs, Feedback and Feature Requests Please raise an issue if you encounter a bug or have a feature request or mail me at nikhil [dot] uitrgpv at gmail.com
#####Mailing List For feedback, discussions and feature requests join http://groups.google.com/group/nishang-users
#####Contributing I am always looking for contributors to Nishang. Please submit requests or drop me email.
#####Blog Posts
Some blog posts to check out for beginners:
http://www.labofapenetrationtester.com/2014/06/nishang-0-3-4.html
http://labofapenetrationtester.com/2012/08/introducing-nishang-powereshell-for.html
http://labofapenetrationtester.com/2013/08/powerpreter-and-nishang-Part-1.html
http://www.labofapenetrationtester.com/2013/09/powerpreter-and-nishang-Part-2.html
All posts about Nishang: