Skip to content

Hackplayers/Empire-mod-Hpys-tests

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Empire-mod-Hackplayers

PowerShell Empire mod to post-exploit the World! Linux, MacOS, Windows.

   ====================================================================================
    Empire: PowerShell post-exploitation agent | [Version]: 2.0 Mod: HackPlayers 
   ====================================================================================
    [Web]: https://www.PowerShellEmpire.com/ | [Twitter]: @harmj0y, @sixdub, @enigma0x3
   ====================================================================================
   
    __    __       ___       ______  __  ___                
   |  |  |  |     /   \     /      ||  |/  /                
   |  |__|  |    /  ^  \   |  ,----'|  '  /                 
   |   __   |   /  /_\  \  |  |     |    <                  
   |  |  |  |  /  _____  \ |  `----.|  .  \                 
   |__|  |__| /__/     \__\ \______||__|\__\                
    _______ .___  ___. .______    __  .______       _______ 
   |   ____||   \/   | |   _  \  |  | |   _  \     |   ____|
   |  |__   |  \  /  | |  |_)  | |  | |  |_)  |    |  |__   
   |   __|  |  |\/|  | |   ___/  |  | |      /     |   __|  
   |  |____ |  |  |  | |  |      |  | |  |\  \----.|  |____ 
   |_______||__|  |__| | _|      |__| | _| `._____||_______|  Mod: HackPlayers
   
   
   283 modules currently loaded
   
   0 listeners currently active
   
   0 agents currently active
   
   (Empire) > 

Modules added

   BypassUAC-Fodhelper.ps1   (BypassUAC using fodhelper working in Windows 10)
   BypassUAC-HackPlayers-eventvwr.ps1   (BypassUAC using eventvwr working in Windows 7/8/10)
   Invoke-Mimikittenz  (Using Windows function ReadProcessMemory() in order to extract plain-text passwords)
   Keylogger_selective   (Executes a keylogger selectively)
   PsBoTelegram   (Backdoor controlled from telegram)
   Execute-Url-Script   (Run scripts from a file in a url)
   Sherlock   (Find privilege escalation vulnerabilities)
   MS16-135   (Exploit privilege escalation MS16-135 x64 by b33f FuzzySecurity)
   Invoke-HostRecon   (Situational Awareness)
   Binder-4System   (Get System from service process)
   Invoke-Phant0m   (Stops threads from the svhost process to prevent it from logging events without stopping the service.)
   Set-WindowsDefender   (We can disabled and enabled Windows Defender silently)
   DoublePulsar   (DoublePulsar inject an aribitrary DLL in other process)
   Get-ShellContent   (This script leverages modified strings2 to extract the input and output of any commandline process)
   Invoke-VNC   (This module loads a VNC server into RAM.)
   Powercat   (Netcat: The powershell version.)
   Invoke-WCMDump   (Credentials are only returned for the current user.)

Stagers added

   StarFighters JS  
   StarFighters VBS  
   StarFighters JS SCT  
   ASPX  

Install in Debian

git clone https://github.com/hackplayers/Empire-mod-Hpys-tests.git
cd empire-mod-hackplayers/setup/
sudo apt-get update > /dev/null
./install.sh
cd ..
./empire