PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. --- The Why Why writing such a tool, you might ask. Well, for starters, I...

Powershell Exec, Windows shellcode stage, Windows Reverse HTTP Stager (wininet)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/powershell/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...

Powershell Exec, Windows shellcode stage, Reverse All-Port TCP Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/powershell/custom/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

Powershell Exec, Windows shellcode stage, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...sho...

Powershell Exec, Windows shellcode stage, Reverse TCP Stager (DNS)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/custom/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns sh...

Powershell Exec, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...

Powershell Exec, Windows shellcode stage, Reverse TCP Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...

Powershell Exec, Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/custom/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp sh...

Powershell Exec, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/powershell/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...

Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/powershell/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

Powershell Exec, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuu...

Powershell Exec, Windows shellcode stage, Bind TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection No NX Module Options msf use payload/cmd/windows/powershell/custom/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show...

Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTP Stager (winhttp)

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/powershell/x64/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTIO...

Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

Powershell Exec, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection Module Options msf use payload/cmd/windows/powershell/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...sho...

Powershell Exec, Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support Module Options msf use payload/cmd/windows/powershell/custom/reversehttpsproxy msf payloadreversehttpsproxy show actions ...actions... msf...

Powershell Exec, Windows shellcode stage, Windows x64 Reverse TCP Stager

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetc...

Powershell Exec, Windows shellcode stage, Hidden Bind Ipknock TCP Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcod...

Powershell Exec, Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. Module Options msf use...