Monday, August 20, 2012

PowerSploit - Invoke-Shellcode Update

I just released an updated version of Invoke-Shellcode. Significant portions of the code have been cleaned up and its parameters were simplified. While I hate to change the original interface, there were several redundancies in the original parameters that didn't make any sense. Here is the changelog for this release:

New Features/Changes:
  • Dramatically simplified parameters. Removed redundancies and named parameter sets more appropriately
  • Added 'Shellcode' parameter. Now, you can optionally specify shellcode as a byte array rather than having to copy and paste shellcode into the $Shellcode32 and/or $Shellcode64 variables
  • Added 'Payload' parameter. Naming is now consistant with Metasploit payloads. Currently, only 'windows/meterpreter/reverse_http' and 'windows/meterpreter/reverse_https' payloads are supported.
  • Invoke-Shellcode will now prompt the user to continue the 'dangerous' action unless the -Force switch is provided. Hopefully, this will prevent some people from carrying out stupid/regrettable actions.
  • Added the 'ListMetasploitPayloads' switch to display the Metasploit payloads supported by Invoke-Shellcode

Bug fixes/Miscellaneous:

  • Added UserAgent parameter to help documentation
  • Code is much more readable now
  • Changed internal helper functions to 'local' scope
  • Now using proper error handling versus Write-Warning statements
  • Added a subtle warning to the built-in shellcode...

Here is the updated help documentation:

Enjoy and let me know if you have any suggestions for improvements!