Winpaylods is a payload generator tool that uses metasploits meterpreter shellcode, injects the users ip and port into the shellcode and writes a python file that executes the shellcode using ctypes. This is then aes encrypted and compiled to a Windows Executable using pyinstaller.
Main features:
- Undetectable Windows Payload Generation
- Easy to Use Gui
- Upload Payload to Local WebServer
- Psexec Payload to Target Machine
- Automatically Runs Metasploit Listener with Correct Settings after Payload Generated
Winpayloads also comes with a few features such as uac bypass and payload persistence. These are powershell files that execute on the system when the meterpreter gets a reverse shell. The uac bypass is written by PowerShellEmpire and uses an exploit to bypass uac on local administrator accounts and creates a reverse meterpreter running as local administrator back to the attackers machine.
Winpayloads can also setup a SimpleHTTPServer to put the payload on the network to allow downloading on the target machine and also has a psexec feature that will execute the payload on the target machine if supplied with usernames, domain, passwords or hashes.
psexec.py - imacket example
Features
- UACBypass - PowerShellEmpire https://github.com/PowerShellEmpire/Empire/raw/master/data/module_source/privesc/Invoke-BypassUAC.ps1 Copyright (c) 2015, Will Schroeder and Justin Warner. All rights reserved.
- PowerUp - PowerShellEmpire https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 Copyright (c) 2015, Will Schroeder and Justin Warner. All rights reserved.
- Invoke-Shellcode https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1 Copyright (c) 2012, Matthew Graeber. All rights reserved.
- Invoke-Mimikatz https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1 Copyright (c) 2012, Matthew Graeber. All rights reserved.
- Invoke-EventVwrBypass https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1 Matt Nelson (@enigma0x3)
- Persistence - Adds payload persistence on reboot
- Psexec Spray - Spray hashes until successful connection and psexec payload on target
- Upload to local webserver - Easy deployment
- Powershell stager - allows invoking payloads in memory & more
Getting Started
git clone https://github.com/nccgroup/winpayloads.gitcd winpayloads./setup.shwill setup everything needed for Winpayloads- Start Winpayloads
./Winpayloads.py - Type 'help' or '?' to get a detailed help page
setup.sh -rwill reinstall