Leveraging PowerShell
Core Impact provides testers several ways to leverage the PowerShell interface when targeting Windows hosts. PowerShell commands are executed in the host machine's memory, preventing their detection from AntiVirus or other detection tools.
Continue reading below to learn about the available Modules that are designed specifically to use PowerShell or click to read about Integration with PowerShell Empire.
PowerShell Modules
There are several modules available in Core Impact that leverage the PowerShell interface to enhance your penetration testing program. The easiest way to locate these modules is to use the Search box (
) located at the top of the Modules Panel of the Console and type the text "powershell". This will automatically filter the module list and show only those modules that are related to PowerShell capabilities.
PowerShell Shell: Run this module on an existing agent to open a PowerShell command line shell and interact directly with the host machine. This module is also available as an option when you right-click on an existing host agent. See Interacting with Agents for more.
When using the PowerShell Shell, type the command #help to see additional commands that are provided by Core Impact.
Run PowerShell Script: Run this module to execute a script that you've prepared locally on the host machine. A script can be used to create a function, retrieve system information, etc. The Module Output tab will show the script commands in green followed by the command output in red.
Get installed PowerShell Version: Run this module on an agent to learn what version of PowerShell is currently installed on the host machine.
Deploy PowerShell Empire agent: This module is used in conjunction with an active instance of PowerShell Empire. For more on this, see Integration with PowerShell Empire.
Install Agent using PowerShell Empire Agent: This module is used in conjunction with an active instance of PowerShell Empire. For more on this, see Integration with PowerShell Empire.