Monday, August 20, 2012

PowerSploit - Invoke-Shellcode Update



I just released an updated version of Invoke-Shellcode. Significant portions of the code have been cleaned up and its parameters were simplified. While I hate to change the original interface, there were several redundancies in the original parameters that didn't make any sense. Here is the changelog for this release:

New Features/Changes:
  • Dramatically simplified parameters. Removed redundancies and named parameter sets more appropriately
  • Added 'Shellcode' parameter. Now, you can optionally specify shellcode as a byte array rather than having to copy and paste shellcode into the $Shellcode32 and/or $Shellcode64 variables
  • Added 'Payload' parameter. Naming is now consistant with Metasploit payloads. Currently, only 'windows/meterpreter/reverse_http' and 'windows/meterpreter/reverse_https' payloads are supported.
  • Invoke-Shellcode will now prompt the user to continue the 'dangerous' action unless the -Force switch is provided. Hopefully, this will prevent some people from carrying out stupid/regrettable actions.
  • Added the 'ListMetasploitPayloads' switch to display the Metasploit payloads supported by Invoke-Shellcode

Bug fixes/Miscellaneous:

  • Added UserAgent parameter to help documentation
  • Code is much more readable now
  • Changed internal helper functions to 'local' scope
  • Now using proper error handling versus Write-Warning statements
  • Added a subtle warning to the built-in shellcode...

Here is the updated help documentation:

Enjoy and let me know if you have any suggestions for improvements!

3 comments:

  1. Hello, was the updated version of this script removed from github? I checked the code of the current Inject-Shellcode.ps1, but could not find the Payload parameter ".PARAMETER Payload" instruction. When trying to execute the code it warns about not knowing about this parameter. Thanks.

    ReplyDelete
    Replies
    1. See the latest PowerSploit release notes. It explains the justification for removing -Payload. https://github.com/PowerShellMafia/PowerSploit/releases

      Delete
    2. but the work you (Matt) did in launching a meterpreter payload from a powershell script is useful - it should be copied somewhere.

      Here's a link to the Invoke-Shellcode.ps1 just before the meterpreter stuff was removed. https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/12ce71b9f4b0428d9425e001e5988f91eb2b8b87/CodeExecution/Invoke--Shellcode.ps1

      Delete