PS>Attack is currently available as an beta. You can also download the beta for PS>Punch (the portable environment that PS>Attack customizes) here.
These projects are under heavy, active development and should gain features quickly. I'm planning to have "1.0" ready to go early 2016. I'm writing an ongoing series of articles about where this project is at here
If you have any questions or suggestions for PS>Attack and PS>Punch, feel free to reachout on twitter or via email: jaredhaight at
prontonmail.com
A platform for generating a portable powershell attack environment (from PS>Punch). The generated environment is a self contained exe and comes with a lot of the latest and greatest offensive PowerShell tools.
PS>Attack handles downloading PS>Punch, downloading updated versions of the modules that it uses (PowerSploit, PowerTools, etc), encrypts them with a unique key and then packages everything up into a self contained exe.
PS>Punch is used by PS>Attack to generate the portable attack environment. PS>Punch combines some of the best projects in the offensive powershell community into a self contained executable. It uses a couple of techinques to evade antivirus and Incident Response teams.
- It doesn't rely on powershell.exe. Instead it calls powershell directly through the dotNet framework.
- The modules that are bundled with the exe are encrypted. When PS>Punch starts, they are decrypted into memory. The unencrypted payloads never touch disk, making it difficult for most antivirus engines to them.
- When generated by PS>Attack, the payloads are encrypted with a unique key. This means that the generated executable's signature changes each time it's created.
Offensively, PS>Punch contains commands for Privilege Escalation, Recon and Data Exfilitration. It does this by including the following modules and commands:
- Powersploit
- Invoke-Mimikatz
- Invoke-GPPPassword
- Invoke-NinjaCopy
- Invoke-Shellcode
- Invoke-WMICommand
- VolumeShadowCopyTools
- PowerTools
- PowerUp
- PowerView
- Nishang
- Gupt-Backdoor
- Do-Exfiltration
- DNS-TXT-Pwnage
- Get-Infromation
- Get-WLAN-Keys
- Invoke-PsUACme
- Powercat
- Inveigh
It also comes bundled with get-attack
, a command that allows you to search through the included commands and find the attack that you're looking for.
PS>Attack was inspired by and benefits from a lot of incredible people in the PowerShell community. Particularly mattifiestation of PowerSploit and sixdub, engima0x3 and harmj0y of Empire. Besides writing the modules and commands that give PS>Punch it's.. punch, their various projects have inspired alot of my approach to PS>Attack and PS>Punch as well as my decision to try and contirbute something back to the community.
A huge thank you to Ben0xA, who's PoshSecFramework was used to figure out a lot of things about how to build a powershell console.