Successfully reported this slideshow.

More Related Content

Slideshows for you

PSConfEU - Building an Empire with PowerShell
Will Schroeder
Forging Trusts for Deception in Active Directory
Nikhil Mittal
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
RACE - Minimal Rights and ACE for Active Directory Dominance
Nikhil Mittal
Kautilya: Teensy beyond shell
Nikhil Mittal
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
Nikhil Mittal
Power on, Powershell
Roo7break
Evading Microsoft ATA for Active Directory Domination
Nikhil Mittal
Defending Your "Gold"
Will Schroeder
Pwnstaller
Will Schroeder
Building an Empire with PowerShell
Will Schroeder
Red Team Revenge - Attacking Microsoft ATA
Nikhil Mittal
Lateral Movement with PowerShell
kieranjacobsen
Obfuscating The Empire
Ryan Cobb
SANS DFIR Prague: PowerShell & WMI
Joe Slowik
Harness: PowerShell Weaponization Made Easy (or at least easier)
RGKelley5
Get-Help: An intro to PowerShell and how to Use it for Evil
jaredhaight
Adventures in Asymmetric Warfare
Will Schroeder

Viewers also liked

Teensy Programming for Everyone
Nikhil Mittal
How to hack anywhere
Muhammad Zubair
BlueMaemo - Bluetooth HID mouse & keyboard for Maemo
VDVsx
Raspberry Pi
A. Faruk ÜNAL
Trusts You Might Have Missed - 44con
Will Schroeder
I Hunt Sys Admins
Will Schroeder
Hacking the future with USB HID
Nikhil Mittal
Honeypots - Tracking the Blackhat Community
amiable_indian
Interfacing bluetooth with arduino
Jairaj Jangle
I Have the Power(View)
Will Schroeder
Derbycon - Passing the Torch
Will Schroeder
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Andy Robbins
Bridging the Gap
Will Schroeder
Wielding a cortana
Will Schroeder
Honey pots
Divya korrapati
PowerUp - Automating Windows Privilege Escalation
Will Schroeder
I hunt sys admins 2.0
Will Schroeder
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
A Year in the Empire
Will Schroeder
Building an EmPyre with Python
Will Schroeder

Similar to Powerpreter: Post Exploitation like a Boss

Twitterbootstrap4 succinctly
imdurgesh
Automated Penetration Testing With Core Impact
Tom Eston
Metasploit
Lalith Sai
teste
cirandaglobal
Ethical hacking firefox plugin6
Srikanta Sen
paper review about botnet
Jhang Raymond
Practical exploitation and social engineering
Tiago Henriques
Malewareanalysis
ahmad abdelhafeez
Post Metasploitation
egypt
teste
cirandaglobal
CSCAMP2013 - Introduction to pwnCore
Anwar Mohamed
Hacking for Beginners The Ultimate Guide For Newbie Hackers
JahaSoft
The Veil-Framework
VeilFramework
Pwning with powershell
jaredhaight
Making the case for sandbox v1.1 (SD Conference 2007)
Dinis Cruz
kali linux
Darshan Dalwadi
Metasploit
Institute of Information Security (IIS)
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
PROIDEA
Automated Penetration Testing With The Metasploit Framework
Tom Eston
Online shopping report-6 month project
Ginne yoffe

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 30 day trial from Scribd

See all
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Hot Seat: What I Learned Leading a Great American Company Jeff Immelt
(4.5/5)
Free
Authentic: A Memoir by the Founder of Vans Louise Maclellan
(4.5/5)
Free
We Should All Be Millionaires: A Woman’s Guide to Earning More, Building Wealth, and Gaining Economic Power Rachel Rodgers
(4/5)
Free
Believe IT: How to Go from Underestimated to Unstoppable Jamie Kern Lima
(4.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4.5/5)
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(3/5)
Free
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Blockchain: The Next Everything Stephen P Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free

Powerpreter: Post Exploitation like a Boss

  1. 1. PowerPreter: Post Exploitation like a boss Nikhil “SamratAshok” Mittal
  2. 2. Get-Host • Hacker who goes by the handle SamratAshok • Twitter - @nikhil_mitt • Blog – http://labofapenetrationtester.blogspot.com • Creator of Kautilya and Nishang • Interested in Offensive Information Security, new attack vectors and methodologies to pwn systems. • Freelance penetration tester *hint* • Spoken at BlackHat, Troopers, PHDays and more 2Powerpreter by Nikhil Mittal
  3. 3. Get-Content • Need for Post Exploitation • PowerShell • Why PowerShell? • Introducing – Powerpreter – Architecture – Usage – Payloads – Capabilities – Deployment • Antak – The WebShell • Limitations • Conclusion 3Powerpreter by Nikhil Mittal
  4. 4. Need for Post Exploitation • The most important part of a penetration test. • Guy who will pay you $$$ do not understand technology (neither he wants to). A “shell” is not what he wants from you. • IMHO, this differentiates a good pen tester and one-click-i-pwn-you-omg pen tester. • Etc Etc 4Powerpreter by Nikhil Mittal
  5. 5. PowerShell • A shell and scripting language present by default on new Windows machines. • Designed to automate things and make life easier for system admin. • Based on .Net framework and is tightly integrated with Windows. 5Powerpreter by Nikhil Mittal
  6. 6. 6Powerpreter by Nikhil Mittal
  7. 7. Why PowerShell? • Provides access to almost everything in a Windows platform which could be useful for an attacker. • Easy to learn and really powerful. • Trusted by the countermeasures and system administrators. • Consider it bash of Windows. • Less dependence on msf and <insert_linux_scripting>-to-executable libraries. 7Powerpreter by Nikhil Mittal
  8. 8. Powerpreter - Introduction • A post exploitation tool written completely in powershell. • To be a part of Nishang, powershell based post exploitation framework, written by the speaker. • The name is similar to meterpreter. Powerpreter wants to be like meterpreter after growing up :) 8Powerpreter by Nikhil Mittal
  9. 9. Powerpreter - Architecture • Powerpreter is a powershell module and/or script depending on the usage. • Payloads and features in powerpreter are structured as functions. Separate function for each functionality. • It could be easily extended to include new scripts, just add a new function and it would be used with other options. 9Powerpreter by Nikhil Mittal
  10. 10. Powerpreter – Usage • Powerpreter is best used from a Powershell Remote Session. • It could be imported as a module and the functionalities get loaded in the current session. • It could also be used with meterpreter and “possibly” other shells as well. 10Powerpreter by Nikhil Mittal
  11. 11. Powerpreter – Payloads • Payloads depend on the privileges available. • Many useful payloads. • Better seen in the demo. 11Powerpreter by Nikhil Mittal
  12. 12. Powerpreter – Capabilities • Persistence • Pivoting • Admin to SYSTEM • Helper functionalities • Etc Etc 12Powerpreter by Nikhil Mittal
  13. 13. Powerpreter – Deployment • From a powershell session • Using meterpreter. • Using psexec. • Drive-by-download • Human Interface Device (Bare bones preferred) 13Powerpreter by Nikhil Mittal
  14. 14. Powerpreter - DEMO 14Powerpreter by Nikhil Mittal
  15. 15. Antak- The Webshell • Named after God of Death (Yamraj) in Indian mythology….muhahaha • Written in C#.Net (that is what I call it). • The UI is designed to look like a powershell prompt. • Ability to upload & download files, executing commands. • Scripts can be executed by using the “Encode and Execute” option. • If remoting is enabled, commands/scripts on remote systems can be executed. 15Powerpreter by Nikhil Mittal
  16. 16. BTW meet Yamraj Powerpreter by Nikhil Mittal 16
  17. 17. Limitations • Yet to undergo community testing. • Keylogger does not work from powershell remoting session. • Backdoors can be detected with careful traffic analysis. • Pivot depends upon powershell remoting. 17Powerpreter by Nikhil Mittal
  18. 18. Conclusion • Powershell provides much control over a Windows system and Windows based network • Powerpreter has been designed to derive its power from above fact and provides (or at least attempts to) a useful set of features for penetration testers. • Obviously, there are other ways to achieve similar things. Powerpreter just makes it easier. 18Powerpreter by Nikhil Mittal
  19. 19. Thanks/Credit/Greetz • Thanks to my friend Arthur Donkers for helping me to come to Defcon. • Thanks/Credit/Greetz/Shoutz to powershell hackers (in no particular order) @obscuresec, @mattifestation, @Carlos_Perez, @Lee_Holmes, @ScriptingGuys, @BrucePayette, @adamdiscroll, @JosephBialek, @dave_rel1k and all bloggers and book writers. • Go see another awesome powershell talk in Track- 2 tomorrow – “PowerPwning: Post-Exploiting By Overpowering PowerShell by Joe Bialek“ 19Powerpreter by Nikhil Mittal
  20. 20. Thank You • Questions? • Insults? • Feedback? • Powerpreter would be available at http://code.google.com/p/nishang/ • Follow me @nikhil_mitt • Latest slides for this preso could be found at: http://labofapenetrationtester.blogspot.in/p/blog- page.html 20Powerpreter by Nikhil Mittal

×