Skip to content

Commit

Permalink
Offline Version Update
Browse files Browse the repository at this point in the history
  • Loading branch information
SecureThisShit authored and SecureThisShit committed Oct 12, 2019
1 parent b1a094a commit 869fc11
Show file tree
Hide file tree
Showing 7 changed files with 712 additions and 307 deletions.
3 changes: 0 additions & 3 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,3 +0,0 @@
[submodule "p0wnedShell"]
path = p0wnedShell
url = https://github.com/SecureThisShit/p0wnedShell.git
1,004 changes: 709 additions & 295 deletions Offline_WinPwn.ps1

Large diffs are not rendered by default.

11 changes: 3 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ If you find yourself stuck on a windows system with no internet access - no prob

Functions available after Import:
* #### `WinPwn` -> Menu to choose attacks:
![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/WinPwn.jpg)
![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/images/WinPwn.jpg)
* #### `Inveigh` -> Executes Inveigh in a new Console window , SMB-Relay attacks with Session management (Invoke-TheHash) integrated
* #### `sessionGopher` -> Executes Sessiongopher Asking you for parameters
* #### `kittielocal` ->
Expand Down Expand Up @@ -61,15 +61,10 @@ Functions available after Import:
* #### `Sharpcradle` -> Load C# Files from a remote Webserver to RAM
* #### `DomainPassSpray` -> DomainPasswordSpray Attacks, one password for all domain users

The submodule is a forked and edited version of https://github.com/Cn33liz/p0wnedShell. You can compile it yourself and use it for powershell restriction bypass and AMSI-Bypass. Most AV-Solutions can be evaded this way. Just run the executable File, choose 17. and execute WinPwn.

![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/p0wnedmenu.PNG)

![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/p0wned.png)

## TO-DO
- [x] Some obfuskation
- [ ] More obfuscation
- [x] More obfuscation
- [ ] Proxy via PAC-File support
- [x] Get the scripts from my own creds repository (https://github.com/S3cur3Th1sSh1t/Creds) to be independent from changes in the original repositories
- [ ] More Recon/Exploitation functions
Expand All @@ -78,7 +73,6 @@ The submodule is a forked and edited version of https://github.com/Cn33liz/p0wne
- [x] Amsi Bypass
- [ ] Mailsniper integration
- [ ] Azure Checks / Modules integration
- [ ] LAPS Toolkit integration

## CREDITS

Expand All @@ -100,6 +94,7 @@ The submodule is a forked and edited version of https://github.com/Cn33liz/p0wne
- [X] [rasta-mouse](https://github.com/rasta-mouse/) - AmsiScanBufferBypass
- [X] [l0ss](https://github.com/l0ss/) - Grouper2
- [X] [dafthack](https://github.com/dafthack/) - DomainPasswordSpray
- [X] [enjoiz](https://github.com/enjoiz/Privesc) - PrivEsc

## Legal disclaimer:
Usage of WinPwn for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.
Binary file added images/WinPwn.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed p0wned.png
Binary file not shown.
1 change: 0 additions & 1 deletion p0wnedShell
Submodule p0wnedShell deleted from a52c40
Binary file removed p0wnedmenu.PNG
Binary file not shown.

0 comments on commit 869fc11

Please sign in to comment.