-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
CHANGELOG.txt
244 lines (242 loc) · 11.1 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
0.8.9
- Added Add-ConstrainedDelegationBackdoor to the ActiveDirectory directory.
0.8.2
- Restored PowerShell only payloads dependency for Out-SCT
- Out-Excel and Out-Word handle payloads a bit more intelligently now.
- Invoke-BruteForce can now detect SQL Server 2017 on success.
0.8.1
- Removed PowerShell only payloads dependency from Out-SCT
0.8.0
- Removed PowerShell only payloads dependency from Invoke-JSRatRegsvr and Invoke-JSRatRundll
0.7.7
- Removed Get-Unconstrained from the ActiveDirectory directory.
- Added Set-DCShadowPermissions to the ActiveDirectory directory.
0.7.6
- Added Set-RemotePSRemoting to the Backdoors directory.
- Added DDE techqniue to Out-Excel.
0.7.5
- Added Set-RemoteWMI.ps1 to Backdoors directory.
- Added download-exec persistence to Add-Persistence.
- Bug fixes in Add-Persistence
- Invoke-SessionGopher no longer needs password as a parameter.
- Minor changes in help section of Invoke-PowerShellWMI
- Modified Invoke-PowerShellWMI to allow execution of commands and scripts non-interactively.
- Bug fixes in Out-Word.
- Added a bit of DDE payload hiding in Out-Word.
- Added DDE payloads to Out-Word.
0.7.4
- Added Invoke-SessionGopher.ps1 by Brandon Arvanaghi with some usability modifications to the Gather directory.
0.7.3
- Updated mimikatz dll in Invoke-Mimikatz.ps1 to 2.1.1
- Updated Invoke-AmsiBypass to add another AMSI bypass by Matt Graeber.
- Bug fixes in Copy-VSS and Out-SCT.
- Minor improvements to Out-ShortCut.
0.7.2
- Added Invoke-PowershellTcpOnelineBind to the Shells directory.
0.7.1
- Added Invoke-AmsiBypass to the Bypass directory.
0.7.0
- Added Invoke-SSIDExfil to the Gather directory.
- Gupt-Backdoor can now receive commands from SSID names on targets having PowerShellv3 and above.
- Added ConverTo-ROT13 to the Utility directory.
0.6.9
- Get-PassHashes now uses Reflection. Thanks to Zer1t0 on GitHub.
- Added Invoke-Mimikittenz by Jamieson O'Reilly
0.6.8
- Added Out-SCF in the Client directory.
0.6.7
- Added Out-JS.ps1 in the Client directory.
- Added Out-SCT.ps1 in the Client directory.
- Added Invoke-JSRatRegsvr.ps1 in the Shells directory.
- Added Out-RundllCommand in the Execution directory.
0.6.6
- Added Invoke-JSRatRundll in the Shells directory.
0.6.5
- Updated Out-Word, Out-Excel, Out-HTA and Out-CHM. Now, scripts can directly be used as a payload.
- Updated Out-Word and Out-Excel. If a new document is now generated it tries to trick the target in enabling macros.
- Out-HTA uses inline VBScript now. A separate VBScirpt is not generated anymore.
0.6.4
- Added ActiveDirecotry directory.
- Added Get-UnConstrained.ps1 to the ActiveDirectory directory.
- Added Invoke-Mimikatz (mimikatz version 2.1 alpha 17/02//2016) to the Gather Directory.
0.6.3
- Added Invoke-Interceptor to the MITM directory.
0.6.2
- Added support for dumping cleartext credentials from RDP sessions for Invoke-MimikatzWfigestDowngrade.
0.6.1
- Added Show-TargetScreen to the Gather directory.
0.6.0
- Added Invoke-PsUACme to the Escalation directory.
0.5.9
- Added Get-PassHints to the Gather directory.
- Added Out-WebQuery and Get-PassHints to Powerpreter.
0.5.8
- Added Out-WebQuery to the Client directory.
- Added Start-CaptureServer to the Utility directory.
0.5.7
- Invoke-PoshRatHttps does not install root certificate anymore and certificate pinning is used.
- Added a disclaimer.
- Minor bugs in Powerpreter are fixed.
- Updates to Antak. Authentication and ability to execute SQL Queries added.
- Name of Do-Exfiltration changed in HTTP-Backdoor, DNS_TXT_Pwnage and Execute-On-Time
- Removed hard coded credentials from Invoke-PSGcat.ps1 and Invoke-PSGcat in Powerpreter. So embarrassing!
0.5.6
- Added Invoke-PowerShellIcmp to the Shells directory.
- Adjusted buffer for Invoke-PowerarShellTcp and Invoke-PowerShellUdp and one liners to show larger output.
0.5.5
- Added Invoke-PowerShellWmi to the Shells directory.
0.5.4
- Added Invoke-PoshRatHttps, Invoke-PosRatHttp and Remove-PoshRat to the Shells directory.
0.5.3
- Added Invoke-PowerShellUdp and Invoke-PowerShellUdpOneLiner to Shells directory.
0.5.2
- Added Invoke-PowerShellTcp and Invoke-PowerShellTcpOneLiner to Shells directory.
0.5.1
- Added Invoke-MimikatzWfigestDowngrade to Gather directory.
0.5.0.1
- Updated Powerpreter by adding Invoke_NetworkRelay and Gcat.
0.5.0
- Added Invoke-NetworkRelay to Pivot directory.
- Added Invoke-PsGcat and Invoke-PsGcatAgent to Shells directory.
0.4.4.2
- Brute-Force.ps1 renamed to Invoke-BruteForce.
- Brute-Force function renamed to Invoke-BruteForce in Powerpreter.
- Major changes to Invoke-BruteForce.
- Major changes to B
0.4.4.1
- Credentials script renamed to Invoke-CredentialsPhish.
- Bug fixes related to exfiltration in the Keylogger script.
- Execute-Command-MSSQL now supports Windows Authentication.
0.4.4
- Added Add-ScrnSaverBackdoor to the Backdoors directory.
- Download-Execute-PS now randomizes filename for the saved script.
- Added Invoke-ADSBackdoor (by Matt).
0.4.3
- Added Out-DnsTxt to Utility directory.
- Modifications to DNS_TXT_Pwnage and Execute-DNSTXT-Code to support multiple domains.
- Added Out-DnsTxt to Powerpreter.
- Updates to Powerpreter fucntions DNS_TXT_Pwnage and Execute-DNSTXT-Code.
0.4.2
- Powerpreter updated to include Client Side Attack functions and other bug fixes.
0.4.1
- Bug fixes to Out-Word and Out-Excel.
0.4.0
- Added scripts for Client Side Attacks
0.3.8.1
- Changes to Encoding and Compression methods acroos multiple scripts
- Bug fix in Get-LSASecrets.ps1
0.3.8
- Fixed help in all the scripts. Now, help is available for the loaded functions.
0.3.7
- Added Gupt-Backdoor to Backdoors.
0.3.6.6
- Changes to Download_Execute to make it work with authentication proxies.
0.3.6.5
- Minor changes to ExeToText.
0.3.6.4
- Get-PassHashes does not require SYSTEM privs anymore.
0.3.6.3
- Minor changes to Download-Execute-PS which now allows to pass arguments to scripts.
0.3.6.2
- Invoke-Encode can now output encoded command which could be used to execute scripts in a non-interactive shell.
0.3.6.1
- Powerpreter code made more readable.
- Powerpreter updated for recent changes done to other scripts in Nishang (Egress Testing, New Exfil methods, Bug fixes).
- Powerpreter persistence improved and bugs fixed.
- Bug fixes in HTTP-Backdoor and Execute_OnTime.
- Minor improvements to TextToExe and ExeToText scripts in Utility.
0.3.6
- Added Invoke-Encode.
- Changed compression and encoding methods used by Do-Exfitration, Backdoors, Invoke-Decode, Add-Exfiltration and Keylogger.
0.3.5
- Added Antak Webshell.
0.3.4
- Minor improvements in StringtoBase64.ps1
- Fixed a typo in Firelistener. Client port was not being displayed.
- All the scripts could be run using "dot source" now.
- All the scripts in Nishang could be loaded into current powershell session by importing Nishang.psm1 module.
- Added new exfiltration options, POST requests to Webserver and DNS txt queries.
- Removed exfiltration support for tinypaste.
- Exfiltration options have been removed from all scripts but Backdoors and Keylogger.
- Added Nishang.psm1
- Added Do-Exfiltration.ps1.
- Added Add-Exfiltration.ps1.
- Added Invoke-Decode.ps1.
- Removed Browse_Accept_Applet.ps1
0.3.3
- Minor bug fix in Copy-VSS.ps1
- Bug fix in Keylogger.ps1. It should log keys from a remote shell now (not powershell remoting).
0.3.2.2
- Download_Execute_PS.ps1 can now download and execute a Powershell script without writing it to disk.
- Execute_OnTime.ps1 and HTTP-Backdoor.ps1 executed the payload without downloading a file to disk.
- Fixed help in Brute-Force function in Powerpreter.
- Execute-OnTime, HTTP-Backdoor and Download-Execute-PS in Powerpreter now execute powershell scripts without downloading a file to disk.
- Added Firebuster.ps1 and Firelistener.ps1
0.3.2.1
- Fixed help and function name in Brute-Force.ps1
0.3.2
- Added Persistence to Keylogger, DNS_TXT_Pwnage, Execute_OnTime, HTTP-Backdoor and Powerpreter.
- Scirpts are now arranged in different directories.
- Added Add-Persistence.ps1 and Remove-Persistence.ps1
- Fixed minor bugs in scripts which use two parameterset.
- Invoke-NinjaCopy has been removed.
0.3.1
- Pivot now accepts multiple computers as input.
- Added Use-Session to interact with sessions created using Pivot.
0.3.0
- Added Powerpreter
- Added Execute-DNSTXT-Code
- Bug fix in Create-MultipleSessions.
- Changes to StringToBase64. It now supports Unicode encoding which makes it usable with -Encodedcommand.
- More Changes to StringToBase64. Now a file can be converted.
- Added Copy-VSS
- Information_Gather shows output in better format now.
- Information_Gather renamed to Get-Information.
- Wait for command renamed to HTTP-Backdoor.
- Time_Execution renamed Execute-OnTime
- Invoke-PingSweep renamed to Port-Scan
- Invoke-Medusa renamed to Brute-Force
0.2.9
- Run-EXEonRemote now accepts custom arguments for the executable.
- More examples added to the Keylogger.
0.2.8
- Fixed issues while using Get-LSASecret, Get-PassHashes, Get-WLAN-Keys and Information_Gather while using with Powershell v2
0.2.7
- DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now be stopped remotely. Also, these does not stop autmoatically after running a script/command now.
- DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now return results using selected exfiltration method.
- Fixed a minor bug in DNS_TXT_Pwnage.
- All payloads which could post data to the internet now have three options pastebin/gmail/tinypaste for exfiltration.
- Added Get-PassHashes payload.
- Added Download-Execute-PS payload.
- The keylogger logs only fresh keys after exfiltring the keys 30 times.
- A delay after success has been introduced in various payloads which connect to the internet to avoid generating too much traffic.
0.2.6
- Added Create-MultipleSessions script.
- Added Run-EXEonRemote script.
0.2.5
- Added Get-WLAN-Keys payload.
- Added Remove-Update payload.
- Fixed help in Credentials.ps1
- Minor changes in Donwload_Execute and Information_Gather.
0.2.1
- Added Execute-Command-MSSQL payload.
- Removed Get-SqlSysLogin payload
- Fixed a bug in Credentials.ps1
0.2.0
- Removed hard coded strings from DNS TXT Pwnage payload.
- Information Gather now pastes data base64 encoded, does not trigger pastebin spam filter anymore.
- Credentials payload now validates both local and AD crdentials. If creds entered could not be validated locally or at AD, credential prompt is shown again.
- Base64ToString now asks for a file containing base64 string. To provide a string in place of file use "-IsString" parameter.
- Browse_Accept_Applet now handles prompts for both 32 bit and 64 bit Internet Explorer. The wait time for the applet to load has also been increased .
- Added Enable_DuplicateToken payload.
- Added Get-LSASecret payload.
- Added Get-SqlSysLogin payload.
- Added Invoke-Medusa payload.
- Added Invoke-PingSweep payload.
0.1.1
- Fixed a bug in Parse_Keys. The function Parse_Keys was not being called.
- Changed help in Wait_For_Command.ps1
- Fixed a bug in Wait_For_Command. $MagicString was not being used instead a fixed string was matched to the result of $checkurl
- Removed delay in the credentials payload's prompt. Now the prompt asking for credentials will keep appearing instantly if nothing is entered.
- Added CHANGELOG to repo
- Removed hard coded credentials from Credentials.ps1 :| and edited the code to accept user input.