Skip to content

TechByTom/PowerLessShell

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
examples
examples
 
 
include
include
 
 
setup
setup
 
 
LICENSE.md
LICENSE.md
 
 
PowerLessShell.py
PowerLessShell.py
 
 
README.md
README.md
 
 

Repository files navigation

PowerLessShell

PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawing powershell.exe

Usage

Attacker side

$ python PowerLessShell.py


PowerLessShell - Remain Stealth
         More PowerShell Less Powershell.exe - Mr.Un1k0d3r RingZer0 Team
            ___
        .-"; ! ;"-.
      .'!  : | :  !`.
     /\  ! : ! : !  /\
    /\ |  ! :|: !  | /\
   (  \ \ ; :!: ; / /  )
  ( `. \ | !:|:! | / .' )
  (`. \ \ \!:|:!/ / / .')
   \ `.`.\ |!|! |/,'.' /
    `._`.\\!!!// .'_.'
       `.`.\|//.'.'
        |`._`n'_.'|
        `----^----"



(Path to the PowerShell script)>>> powershell.ps1

(Path for the generated MsBuild out file)>>> payload.csproj


[+] payload.csproj was generated.
[+] payload.csproj.cmd was generated.
[+] Run the command inside of payload.csproj.cmd on the target system using WMI.

Example

The following example is running the RC4 RAT https://github.com/Mr-Un1k0d3r/RC4-PowerShell-RAT without running a single instance of PowerShell

PowerLessShell

TODO

Use impacket library to automate the file push and execution of the msbuild command.

Credit

Mr.Un1k0d3r RingZer0 Team 2017

About

Run PowerShell command without invoking powershell.exe (Designed to be used with Cobalt Strike)

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.1%
  • Shell 4.9%