Little sister DT said that this year, a lot of powershell stuff has emerged, and a lot of it is found in a search.Get-HttpStatus FunctionThis is good and fun.
Of course, he will not be so bored. The Set: Windows7 Bypassing using Powershell from the past few days proves that he is really powerful in HACK. Thank you, little sister DT. May you crack it soon
Uncle msdn's Bash vs PowerShell is worth watching, with: Presentation: PowerShell for Pen Testers
Post exploit module of Metasploit:Post/windows/manage/powershell/exec_powershellIt is easy to eliminate the virus.
For WIN7, The powershell BYPASS function of SET is used to obtain sessions. Running exec_powershell is a small trick.
Code:
Function Get-HttpStatus {
<#
. SYNOPSIS
PowerSploit Module-Get-HttpStatus
Returns the HTTP Status Codes and full URL for specified paths.
Author: Chris Campbell (@ obscuresec)
License: BSD 3-Clause
. DESCRIPTION
A script to check for the existence of a path or file on a webserver.
. PARAMETER Target
Specifies the remote web host either by IP or hostname.
. PARAMETER Path
Specifies the remost host.
. PARAMETER Port
Specifies the port to connect.
. PARAMETER UseSSL
Use an SSL connection.
. EXAMPLE
PS> Get-HttpStatus-Target www.example.com-Path c: \ dictionary.txt | Select-Object {where StatusCode-eq 20 *}
. EXAMPLE
PS> Get-HttpStatus-Target www.example.com-Path c: \ dictionary.txt-UseSSL
. NOTES
HTTP Codes: 100-Informational * 200-Success * 300-Redirection * 400-Client Error * 500-Server Error
Status Codes: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
. LINK
Http://obscuresecurity.blogspot.com
#>
[CmdletBinding ()] Param (
[Parameter (Mandatory = $ True)] [String] $ Target,
[Parameter ()] [String] [ValidateNotNullOrEmpty ()] $ Path = '. \ Dictionaries \ admin.txt ',
[Parameter ()] [Int] $ Port,
[Parameter ()] [Switch] $ UseSSL
)
If (Test-Path $ Path ){
If ($ UseSSL-and $ Port-eq 0 ){
# Default to 443 if SSL is specified but no port is specified
$ Port = 443
} Elseif ($ Port-eq 0 ){
# Default to port 80 if no port is specified
$ Port = 80
}
$ TcpConnection = New-Object System. Net. Sockets. TcpClient
Write-Verbose "Path Test Succeeded-Testing Connectivity"
Try {
# Validate that the host is listening before scanning
$ TcpConnection. Connect ($ Target, $ Port)
} Catch {
Write-Error "Connection Test Failed-Check Target"
$ Tcpconnection. Close ()
Return
}
$ Tcpconnection. Close ()
} Else {
Write-Error "Path Test Failed-Check Dictionary Path"
Return
}
If ($ UseSSL ){
$ SSL ='s'
# Ignore invalid SSL certificates
[System. Net. ServicePointManager]: ServerCertificateValidationCallback ={$ True}
} Else {
$ SSL =''
}
If ($ Port-eq 80)-or ($ Port-eq 443 )){
$ PortNum =''
} Else {
$ PortNum = ": $ Port"
}
# Check Http status for each entry in the doctionary file
Foreach ($ Item in Get-Content $ Path ){
$ WebTarget = "http $ ($ SSL): // $ ($ Target) $ ($ PortNum)/$ ($ Item )"
$ URI = New-Object Uri ($ WebTarget)
Try {
$ WebRequest = [System. Net. WebRequest]: Create ($ URI)
$ WebResponse = $ WebRequest. GetResponse ()
$ WebStatus = $ WebResponse. StatusCode
$ ResultObject + = $ ScanObject
$ WebResponse. Close ()
} Catch {
$ WebStatus = $ Error [0]. Exception. InnerException. Response. StatusCode
If ($ WebStatus-eq $ null ){
# Not every exception returns a StatusCode.
# If that is the case, return the Status.
$ WebStatus = $ Error [0]. Exception. InnerException. Status
}
}
$ Result = @ {Status = $ WebStatus;
URL = $ WebTarget}
$ ScanObject = New-Object-TypeName PSObject-Property $ Result
Write-Output $ ScanObject
}
}
More features of niub onlookers here: https://github.com/mattifestation/PowerSploit/