Skip to content
/ PowershellWebDelivery Public

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk

License

MIT license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maxDcb/PowershellWebDelivery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

ressources

ressources

 
 

web

web

 
 

AmsiBypass.template

AmsiBypass.template

 
 

AmsiBypass.template.old

AmsiBypass.template.old

 
 

GeneratePowershellLauncher.ps1

GeneratePowershellLauncher.ps1

 
 

GeneratePowershellLauncher.py

GeneratePowershellLauncher.py

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

ShellcodeLoader.template

ShellcodeLoader.template

 
 

oneLinerToExec.template

oneLinerToExec.template

 
 

oneLinerToExec.template.old

oneLinerToExec.template.old

 
 

Repository files navigation

GeneratePowershellLauncher

pip3 install pycryptodome

Generate a powershell dropper for any DLL or EXE. The shellcode of the payload is generated with Donut. Two powershell script are generated, the first is an AMSI bypass (credit to rasta-mouse) the second is the injector (credit to Metasploit web-delivery PSH). The output is store on ./web, the final command to launch on the victime host is display on the console.

See AMSITrigger and Invoke-Obfuscation for AMSI bypass.

Compatible with linux (GeneratePowershellLauncher.py) and windows (GeneratePowershellLauncher.ps1).

alt text

About

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk

Topics

cybersecurity malware-research c2 redteam

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages