#Nishang
###Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and during Penetraion Tests. Nishang is useful during various phases of a penetration test and is most powerful for post exploitation usage. By nikhil_mitt ####Scripts Nishang currently contains following scripts and payloads.
#####Antak - the Webshell Antak
Execute powershell scripts in-memory, commands, download and upload files using this webshell.
#####Backdoors HTTP-Backdoor
A backdoor which is capable to recieve instructions from third party websites and could execute powershell scripts in memory.
A Backdoor which could recieve commands and powershell scripts from DNS TXT queries and execute those on target and could be controlled remotely using the queries.
A Backdoor which could execute powershell scripts on a given time on a target.
A Backdoor which could receive commands and scripts from a WLAN name without connecting to it.
#####Client Out-CHM
Create infected CHM files which could execute PowerShell commands and scripts.
Create Excel files and infect existing ones to run PowerShell commands and scripts.
Create HTA file which could be deployed on a web server and used in phising campaigns.
Create signed JAR files which could be used with applets for script and command execution.
Create shortcut files capable of executing commands and scirpts.
Create Word files and infect existing ones to run PowerShell commands and scripts.
#####Escalation Enable-DuplicateToken
When SYSTEM privileges are required.
Introduce vulnerabilites by removing patches.
#####Execution Download-Execute-PS
Download and execute a powershell script in memory.
Download an executable in text format, convert to executable and execute.
Run powershell commands, native commands or SQL commands on a MSSQL Server with sufficient privileges.
Execute shellcode in memeory using DNS TXT queries.
#####Gather Check-VM
Check for Virtual Machine
Copy the SAM file using Volume Shadow Service.
Fool a user to give credentials in plain text.
A pair of scripts for Egress Testing
Get juicy information from a target.
Get LSA Secret from a target.
Get password hashes from a target.
Get WLAN keys in plain from a target.
Log keys from a target.
#####Pivot Create-MultipleSessions
Check credentials on multiple computers and create PSSessions.
Run-EXEonRemote Copy and execute an executable on multiple machines.
#####Prasadhak Prasadhak
Check running hashes of running process against Virus Total database.
#####Scan Brute-Force
Brute force FTP, Active Directory, MS SQL Server and Sharepoint.
A handy port scanner.
#####Powerpreter Powerpreter
All the functionality of nishang in a single script module.
#####Utility Add-Exfiltration
Add data exfiltration capability to gmail,pastebin, webserver and DNS to any script.
Add Reboot persistence capability to a script.
Remoce persistence added by the Add-Persistence script.
Pipe (|) this to any script to exfiltrate the output.
Download a file to the target.
Parse keys logged by the Keylogger.
Encode and Compress a script or string.
Decode and Decompress a script or string from Invoke-Encode.
[Base64ToString] [StringToBase64] [ExetoText] [TexttoExe]
####Usage
Use the individual scripts with dot sourcing
PS > . .\Get-Information
PS > Get-Information
To get help about any script, use
PS > Get-Help [scriptname] -full
Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all the cases the function name is same as the script name.
For example, to see the help about Get-WLAN-Keys.ps1, use
PS> . C:\nishang\Get-WLAN-Keys.ps1
PS> Get-Help Get-WLAN-Keys
Import all the scripts in current powershell session (Powershell v3 onwards)
PS > Import-Module .\nishang.psm1
####Updates
Updates about Nishang could be found at my blog http://labofapenetrationtester.com/ and my twitter feed @nikhil_mitt
####Bugs, Feedback and Feature Requests Please raise an issue if you encounter a bug or have a feature request or mail me at nikhil [dot] uitrgpv at gmail.com
#####Mailing List For feedback, discussions and feature requests join http://groups.google.com/group/nishang-users
#####Contributing I am always looking for contributors to Nishang. Please submit requests or drop me email.
#####Blog Posts
Some blog posts to check out for beginners:
http://www.labofapenetrationtester.com/2014/06/nishang-0-3-4.html
http://labofapenetrationtester.com/2012/08/introducing-nishang-powereshell-for.html
http://labofapenetrationtester.com/2013/08/powerpreter-and-nishang-Part-1.html
http://www.labofapenetrationtester.com/2013/09/powerpreter-and-nishang-Part-2.html
All posts about Nishang: