Advertisement
Check these out next
Powerpreter: Post Exploitation like a Boss
Aug. 3, 2013•0 likes•8,699 views
2 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Business
Technology
Slides of my talk at Defcon 21
Nikhil MittalFollow
HackerAdvertisement
Advertisement
Advertisement
Recommended
Workshop: PowerShell for Penetration TestersNikhil Mittal
Owning windows 8 with human interface devicesNikhil Mittal
More fun using KautilyaNikhil Mittal
Client side attacks using PowerShellNikhil Mittal
PowerShell for Practical Purple TeamingNikhil Mittal
Continuous intrusion: Why CI tools are an attacker’s best friendsNikhil Mittal
Powerpreter: Post Exploitation like a Boss
- PowerPreter: Post Exploitation like a boss Nikhil “SamratAshok” Mittal
- Get-Host • Hacker who goes by the handle SamratAshok • Twitter - @nikhil_mitt • Blog – http://labofapenetrationtester.blogspot.com • Creator of Kautilya and Nishang • Interested in Offensive Information Security, new attack vectors and methodologies to pwn systems. • Freelance penetration tester *hint* • Spoken at BlackHat, Troopers, PHDays and more 2Powerpreter by Nikhil Mittal
- Get-Content • Need for Post Exploitation • PowerShell • Why PowerShell? • Introducing – Powerpreter – Architecture – Usage – Payloads – Capabilities – Deployment • Antak – The WebShell • Limitations • Conclusion 3Powerpreter by Nikhil Mittal
- Need for Post Exploitation • The most important part of a penetration test. • Guy who will pay you $$$ do not understand technology (neither he wants to). A “shell” is not what he wants from you. • IMHO, this differentiates a good pen tester and one-click-i-pwn-you-omg pen tester. • Etc Etc 4Powerpreter by Nikhil Mittal
- PowerShell • A shell and scripting language present by default on new Windows machines. • Designed to automate things and make life easier for system admin. • Based on .Net framework and is tightly integrated with Windows. 5Powerpreter by Nikhil Mittal
- 6Powerpreter by Nikhil Mittal
- Why PowerShell? • Provides access to almost everything in a Windows platform which could be useful for an attacker. • Easy to learn and really powerful. • Trusted by the countermeasures and system administrators. • Consider it bash of Windows. • Less dependence on msf and <insert_linux_scripting>-to-executable libraries. 7Powerpreter by Nikhil Mittal
- Powerpreter - Introduction • A post exploitation tool written completely in powershell. • To be a part of Nishang, powershell based post exploitation framework, written by the speaker. • The name is similar to meterpreter. Powerpreter wants to be like meterpreter after growing up :) 8Powerpreter by Nikhil Mittal
- Powerpreter - Architecture • Powerpreter is a powershell module and/or script depending on the usage. • Payloads and features in powerpreter are structured as functions. Separate function for each functionality. • It could be easily extended to include new scripts, just add a new function and it would be used with other options. 9Powerpreter by Nikhil Mittal
- Powerpreter – Usage • Powerpreter is best used from a Powershell Remote Session. • It could be imported as a module and the functionalities get loaded in the current session. • It could also be used with meterpreter and “possibly” other shells as well. 10Powerpreter by Nikhil Mittal
- Powerpreter – Payloads • Payloads depend on the privileges available. • Many useful payloads. • Better seen in the demo. 11Powerpreter by Nikhil Mittal
- Powerpreter – Capabilities • Persistence • Pivoting • Admin to SYSTEM • Helper functionalities • Etc Etc 12Powerpreter by Nikhil Mittal
- Powerpreter – Deployment • From a powershell session • Using meterpreter. • Using psexec. • Drive-by-download • Human Interface Device (Bare bones preferred) 13Powerpreter by Nikhil Mittal
- Powerpreter - DEMO 14Powerpreter by Nikhil Mittal
- Antak- The Webshell • Named after God of Death (Yamraj) in Indian mythology….muhahaha • Written in C#.Net (that is what I call it). • The UI is designed to look like a powershell prompt. • Ability to upload & download files, executing commands. • Scripts can be executed by using the “Encode and Execute” option. • If remoting is enabled, commands/scripts on remote systems can be executed. 15Powerpreter by Nikhil Mittal
- BTW meet Yamraj Powerpreter by Nikhil Mittal 16
- Limitations • Yet to undergo community testing. • Keylogger does not work from powershell remoting session. • Backdoors can be detected with careful traffic analysis. • Pivot depends upon powershell remoting. 17Powerpreter by Nikhil Mittal
- Conclusion • Powershell provides much control over a Windows system and Windows based network • Powerpreter has been designed to derive its power from above fact and provides (or at least attempts to) a useful set of features for penetration testers. • Obviously, there are other ways to achieve similar things. Powerpreter just makes it easier. 18Powerpreter by Nikhil Mittal
- Thanks/Credit/Greetz • Thanks to my friend Arthur Donkers for helping me to come to Defcon. • Thanks/Credit/Greetz/Shoutz to powershell hackers (in no particular order) @obscuresec, @mattifestation, @Carlos_Perez, @Lee_Holmes, @ScriptingGuys, @BrucePayette, @adamdiscroll, @JosephBialek, @dave_rel1k and all bloggers and book writers. • Go see another awesome powershell talk in Track- 2 tomorrow – “PowerPwning: Post-Exploiting By Overpowering PowerShell by Joe Bialek“ 19Powerpreter by Nikhil Mittal
- Thank You • Questions? • Insults? • Feedback? • Powerpreter would be available at http://code.google.com/p/nishang/ • Follow me @nikhil_mitt • Latest slides for this preso could be found at: http://labofapenetrationtester.blogspot.in/p/blog- page.html 20Powerpreter by Nikhil Mittal
Advertisement