PowerView Aggressor Script for CobaltStrike
A user menu for @harmjoy's PowerView
and SharpView
Updates:
- Cleaned up code
- Added powershell-import check to see if PowerView is imported or not, it if doesn't detect PowerView it will import it for you. By default it will search the directory where the aggressor script is located to import but it can be changed. Same goes for SharpView.
- Added PSInject that will use the current beacon's PID and architecture to prevent remote process injection. Be aware if using PSInject and killing a job it will kill the beacon, so best to let it finish to keep beacon alive
- Now that powerpick, psinject, and execute-assembly use the current beacons token when specifying a credential it will no longer be part of the command but rather a token will be created in Cobalt Strike then the cmdlet will be executed
TODOs:
- NTLM and kerberose usage so you aren't required to have only plain text creds
- PowerShell pipeline with cmdlets
Very similar to the PowerView v2 aggressor script
All functions listed in the PowerView about page are included in this with all arguments for each function.
Has the ability to accept credentials (format: domain\user password to parse correctly)
With SharpView now has the ability to leverage execute-assembly and like before PowerPick and PowerShell
Now has a help menu that provides the description and Parameters from the PowerView.ps1 source
The script does not automatically do powershell-import for PowerView you must manually do that first. Additionally, depending on your placement of SharpView you may need to change the location in the $sharpviewlocation variable.
Please note this requires PowerView 3.0 (current dev branch) and SharpView (only version)
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent