add powershell runner assembly to the armory

[MrAle98]

Hello I've created this PR https://github.com/BishopFox/sliver/pull/966 for adding commands to the client that can execute powershell and import powershell scripts in the implant process CLR. The PR was rejected because It uses directly, as raw binary, PS.exe powershell runner taken from PoshC2 repository. I've reversed PS.exe and created a repository with the source code here: https://github.com/MrAle98/PS.

It would be possible to add PS repository to the armory? Later i can modify the PR to fetch PS from the armory instead of embedding PS.exe binary inside the sliver-client.

Main reason for the PR is the feature request requested here: https://github.com/BishopFox/sliver/issues/793

[MrAle98]

I realized only now that i linked a private repository. Now the repository https://github.com/MrAle98/PS should be public. I apologize about it.

[senzee1984]

Hi @MrAle98, I checked the branch https://github.com/MrAle98/sliver/tree/feat/powershell with powershell command, however, the execution does not have output like screenshots in https://github.com/BishopFox/sliver/pull/966 . How to enable output? Thanks.

[MrAle98]

Hello @ziyishen97, I tried right now and when generating the first implant again i got no output when i generated it again with --debug i got the output. Retry with the --debug flag and let me know what do you get.

Edit: I tried multiple times with a session implant generated without the --debug option and i keep getting no output. I think the issue is related to execute-assembly --in-process itself, if i try for example execute-assembly --in-process i get always no output. It seems with an implant generated with the --debug option the problem is solved.

[c2biz]

can give this one a try too https://github.com/thelikes/sharpsh

[senzee1984]

@c2biz Thanks for sharing; it is great!

[c2biz]

Armory now offers two variations of powershell aliases