PowerHub: transfer PowerShell modules, executables, snippets and files

PowerHub

PowerHub is a web application which aids a pentester in transferring files, in particular, code which may get flagged by endpoint protection.

The web application is made with Flask and consists of three parts.

The Hub

The hub uses PowerShell to load modules and binaries in memory. The binaries can be executed directly from memory with PowerSploit’s Invoke-ReflectivePEInjection.

Modules have to be placed in ./modules and can be either PowerShell scripts, PE executables, or shellcode. You can load them on the target via PowerShell with Load-HubModule. Run Help-PowerHub for more information.

PowerHub on the attacker system simply looks for *.ps1 or *.exe files. They need to be in their respective directory, though, so exe files need to be in modules/exe (or at least symlinked), and so forth. The *.ps1 files are imported on the target via [Scriptblock]::Create().

The Clipboard

The clipboard functionality is meant for exchanging small snippets, such as hashes, passwords, one liners, and so forth. It’s like an extremely basic etherpad.

File Exchange

The file exchange offers a way to transfer files via HTTP back to the host. Think Droopy.

Download

git clone https://github.com/AdrianVollmer/PowerHub.git

Use

PowerHub has one mandatory argument: the callback host (can be an IP address). This hostname is used by the stager to download the payload. If the callback port or path differs from the default, it can also be changed.

Copyright (c) 2018-2019, Adrian Vollmer

Source: https://github.com/AdrianVollmer/

Share