Offensive Powershell Console: PSPunch

ID N0WHERE:75977
Type n0where
Reporter N0where
Modified 2015-12-07T18:18:17


PS>Punch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams.

  1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework.
  2. The modules that are bundled with the exe are encrypted. When PS>Punch starts, they are decrypted into memory. The unencrypted payloads never touch disk, making it difficult for most antivirus engines to catch them.

Offensively, PS>Punch contains commands for Privilege Escalation, Recon and Data Exfilitration. It does this by including the following modules and commands:

  • Powersploit
    • Invoke-Mimikatz
    • Invoke-GPPPassword
    • Invoke-NinjaCopy
    • Invoke-Shellcode
    • Invoke-WMICommand
  • PowerTools
    • PowerUp
    • PowerView
  • Nishang
    • Gupt-Backdoor
    • Do-Exfiltration
    • DNS-TXT-Pwnage
    • Get-Infromation
    • Get-WLAN-Keys
  • Powercat

An portable console aimed at making pentesting with PowerShell a little easier

PS>Punch is in a super limited Proof of Concept state ATM.

Offensive Powershell Console: PSPunch documentation

Source && Download

Offensive Powershell Console: PSPunch download