r00t-3xp10it/Agent.ps1

Created January 6, 2020 22:03

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/r00t-3xp10it/13e1bd5c657a1bd38bdf0a82d0e63309.js"></script>
Save r00t-3xp10it/13e1bd5c657a1bd38bdf0a82d0e63309 to your computer and use it in GitHub Desktop.

Download ZIP

Amsi Evasion

Raw

Amsi Evasion

codings9 commented Feb 24, 2020

So we are looking for pwsh not powershell, lol

codings9 commented Feb 24, 2020

which pwsh?
/usr/bin/pwsh

Author

r00t-3xp10it commented Feb 24, 2020 •

edited

Loading

exelent ...

which pwsh?
/usr/bin/pwsh

i need to know if venom user was powershell installed before running meterpeter.ps1 .. <--- checking the existence of this folder works fine..
and i need to know if attacker its x64 bits arch (M$ does not give PS to x32 bits) .. <--- already done ..

codings9 commented Feb 24, 2020

Sweet✅💯🔥

Author

r00t-3xp10it commented Mar 1, 2020 •

edited

Loading

TASK

Record 'meterpeter' [Window vs Windows] oficial release video ..

Task Description

hey @codings9 i need your help again ...

To record a video tutorial about 'meterpeter' windows VS Windows  ...
using the 'new terminal windows' configurated to run meterpeter tool ..

New Windows Terminal (M$)

Step-By-Step

1º - Download new meterpeter project (oficial release)

git clone https://github.com/r00t-3xp10it/meterpeter.git

2º - Install new windows terminal
Install new windows terminal (Under Windows Distros)
3º - download/install new microsoft font (Cascadia.ttf)
Microsoft Cascadia code Font
4º - Add meterpeter tool to the new terminal TAB list

Remenber to change the PATHs to point to your Local meterpeter installation

1º - Create a new GUID for meterpeter tool
     To Creat new GUID visit: http://new-guid.com/

2º - press <'settings'> button in 'new terminal' and copy paste the follow code under
     "profiles":  -> "list":

            },  // <-- REMMENBER TO ADD , IN PREVIOUS CLOSE BRACKLETS FUNCTION ...
                // BEFORE ADDING A NEW FUNCTION TO YOUR PROFILE.JSON FILE

            {
                // Make changes here to the meterpeter profile
                "guid": "{1972e6a7-daef-4cfc-8180-3eecfef9630d}",
                "name": "meterpeter C2",
                "fontFace": "Cascadia Code",
                "backgroundImageStretchMode" : "uniformToFill",
                "backgroundImage" : "%USERPROFILE%\\Desktop\\meterpeter\\mimiRatz\\darkside.gif",  // <-- Terminal animated background gif Path
                "commandline": "powershell.exe -ExecutionPolicy Bypass -NoLogo -NoExit -File \"%USERPROFILE%\\Desktop\\meterpeter\\meterpeter.ps1\"",    // <-- meterpeter.ps1 script Path
                "startingDirectory" : "%USERPROFILE%\\Desktop\\meterpeter",               // <-- meterpeter folder Path
                "icon" : "%USERPROFILE%\\Desktop\\meterpeter\\mimiRatz\\Alien-icon.png",  // <-- Terminal tab icon Path
                "hidden": false
            }

[i] my profile.json file (Configuration example)

[i] meterpeter WIKI pages

codings9 commented Mar 1, 2020

Doing the video, just be aware that ps1 file was not downloaded via the bat- i manually moved it to disk and ran it. And Windows picks up the file soon as it touches disk, sample submission off. I had to allow it for the video-I think i understand why Microsoft bought github...now...they have access to all of this...code....Don’t worry will not show on video.

codings9 commented Mar 1, 2020

The Terminal is amazing love the integration with MeterPeter✅💯🔥

codings9 commented Mar 2, 2020

https://youtu.be/k9aX3yBQrEQ

Author

r00t-3xp10it commented Mar 2, 2020

hey thanks ..ive just arrived home ..

codings9 commented Mar 2, 2020

Lol, no worries anytime...✅💯🔥, thank you!

Author

r00t-3xp10it commented Mar 2, 2020

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment