WinPayloads – Undetectable Windows Payload Generation
WinPayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7.
It provides persistence, privilege escalation, shellcode invocation and much more. WinPayloads uses Metasploits Meterpreter shellcode, injects the users IP and port into the shellcode and writes a python file that executes the shellcode using ctypes.
- UACBypass – PowerShellEmpire
- PowerUp – PowerShellEmpire
- Persistence – Adds payload persistence on reboot
- Psexec Spray – Spray hashes until successful connection and psexec payload on target
- Upload to local webserver – Easy deployment
- Powershell stager – allows invoking payloads in memory & more.
Winpayloads can also setup a SimpleHTTPServer to put the payload on the network to allow downloading on the target machine and also has a psexec feature that will execute the payload on the target machine if supplied with usernames, domain,passwords or hashes.
- git clone https://github.com/nccgroup/winpayloads.git
- cd winpayloads
- ./setup.sh will setup everything needed for Winpayloads
- Start Winpayloads ./Winpayloads.py
- Type ‘help’ or ‘?’ to get a detailed help page
- setup.sh -r will reinstall