Wednesday, November 21, 2012

Nishang 0.2.0 - More PowerShell awesomeness

Behold world, I give you a new and shiny version of Nishang after a long gap :) I have been using PowerShell more and more by each pen test so expect even more awesomeness.

This is a major release and all of the new payloads are courtesy Niklas Goude. Below is the changelog.

- Removed hard coded strings from DNS TXT Pwnage payload.
- Information Gather now pastes data base64 encoded, does not trigger pastebin spam filter anymore.
- Credentials payload now validates both local and AD crdentials. If creds entered could not be validated locally or at AD, credential prompt is shown again.
- Base64ToString now asks for a file containing base64 string. To provide a string in place of file use "-IsString" parameter.
- Browse_Accept_Applet now handles prompts for both 32 bit and 64 bit Internet Explorer. The wait time for the applet to load has also been increased .
- Added Enable_DuplicateToken payload.
- Added Get-LSASecret payload.
- Added Get-SqlSysLogin payload.
- Added Invoke-Medusa payload.
- Added Invoke-PingSweep payload.

Check out the repository ( for the latest code.
The new payloads were discussed by Niklas on the awesome Hey, Scripting Guy! Blog.

I am working on many new payloads and you could expect frequent updates. Keep any eye on this blog :)

I would really like feedback, comments and feature requests :)