PSPunch: Offensive Powershell Console

PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. It’s designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.

  1. It features powerful tab-completion covering commands, parameters and file paths.
  2. A custom command “get-attack” is included that helps you find the attack that you’re looking for.
  3. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the .NET framework. This makes it harder for enterprieses to block.
  4. The modules that are bundled with the exe are encrypted. When PS>Attack starts, they are decrypted into memory. The unencrypted payloads never touch disk, making it difficult for most antivirus engines to catch them.

PS>Attack contains over 100 commands for Privilege Escalation, Recon and Data Exfilitration. It does this by including the following modules and commands:

  • Powersploit
    • Invoke-Mimikatz
    • Get-GPPPassword
    • Invoke-NinjaCopy
    • Invoke-Shellcode
    • Invoke-WMICommand
    • VolumeShadowCopyTools
  • PowerTools
    • PowerUp
    • PowerView
  • Nishang
    • Gupt-Backdoor
    • Do-Exfiltration
    • DNS-TXT-Pwnage
    • Get-Infromation
    • Get-WLAN-Keys
    • Invoke-PsUACme
  • Powercat
  • Inveigh

It also comes bundled with get-attack, a command that allows you to search through the included commands and find the attack that you’re looking for.

You can find a list of commands included in PS>Attack here

How to use it

PS>Attack is available as a pre-compiled binary on the releases tab. No setup or install is required, you can just download it and run.

Another option is to use the PS>Attack Build Tool. The build tool handles downloading PS>Attack, updating the modules to the latest versions, encrypting them with a unique key and then compiling the whole thing. The end result is a custom version of PS>Attack that has all the latest tools and a custom file signature thanks to the unique key.

Of course, you can also just clone the repo and compile the code yourself. You can use Visual Studio Community Edition to work with it and compie it.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s