today we have another great interview to share with you. We spoke with Nikhil Mittal creator of Nishang. He told us everything about his tool: from technical to management side. Enjoy reading!
[PenTest Magazine]: Can you tell us a little about yourself, what do you do?
[Nikhil "SamratAshok" Mittal]: I am a freelance penetration tester and a trainer. I do penetration tests and red team engagements for my clients and also do trainings PowerShell for Penetration Testing and Hacking with Human Interface Devices.
[PT]: How did you came up with an idea of creating Nishang?
[NM]: Around 2012, after using PowerSehll in Penetration Testing for couple of years, I saw lack of useful PowerShell scripts for Penetration Testers, that is when
I decided to create Nishang.
[PT]: What challenges did you faced while developing Nishang?
[NM]: Many! Sticking to the PowerShell language best practices was and still is the biggest challenge. Other than that, testing Nishang scripts on various platforms is cumbersome and still I get complaints about scripts not working in an environment. Finding time from the bread and butter work is always a challenge as well.
[PT]: How does Nishang work exactly?
[NM]: Nishang has PowerShell scripts categorized according to expected use case. Some just needs to run the script in PowerShell and a function with the same name as the script is loaded in the current PowerShell session. For example, to load the Client side attack script Out-Word:
This will load the function Out-Word in the current session
PS C:\> . C:\nishang\client\Out-Word.ps1
This will show the examples:
PS C:\> help Out-Word -Examples
A user can also import all the functionality by importing the Nishang module:
PS C:\> Import-Module C:\nishang\nishang.psm1
For easy use in remote shells, all the functionality of Nishang is also available in the Powerpreter script module:
PS C:\> Import-Module C:\nishang\powerpreter\Powerpreter.psm1
PS C:\> Get-Command -Module Powerpreter
[PT]: What makes this program different from others?
[NM]: Nishang is different from non-PowerShell security tools because it only uses the built-in functionality of the Windows OS. This makes Nishang more effective and less prone to detection. Even if any of the script of Nishang is detected, changing the function name and variable name should bypass the detection.
[PT]: Why you decided to choose PowerShell?
[NM]: PowerShell is available by default in all post-Vista Windows operating systems. It is tightly integrated with Windows and provides access to .Net framework, WMI, Windows Registry, Windows API, Filesystem and other machines in a Windows domain.
[PT]: Are you still developing your tool?
[NM]: Yes, it is under active development and is available at https://github.com/samratashok/nishang
[PT]: What do you think about sharing your tools with other people?
[NM]: I love it! I love feedback and feature requests from fellow hackers and security professionals. It is the community which makes a tool better.
[PT]: Following previous questions do you think Nishang is a tool suitable for amateurs and also for specialists?
[NM]: It is absolutely suitable for amateurs. It needs no special setup and the scripts could be used directly on any Windows machine with PowerShell. For specialists, it provides an opportunity to execute techniques in Nishang in very restrictive Windows environments. Also, since it is open source with every major change accompanied by a blog post, those who have even basic knowledge of PowerShell could customize the scripts in Nishang.
[PT]: What kind of feedback do you usually get? Is it typically just negative, or do you get constructive suggestions more often?
[NM]: Its a mixed bag. While I get a lot of thanks and constructive suggestions (thank you everyone for that), there are always people who leave comments for Nishang just for sake of criticizing. I thank them as well.
[PT]: Have you got any plans for the future?
[NM]: Yes. I am going to release some scrips in November 2015, which could be used to Track Windows users. I have been using these scripts in Social Engineering campaigns. There are some other features in my development pipeline as well.
[PT]: What do you think is the biggest challenge standing before cybersecurity community right now?
[NM]:Lack of awareness at so many levels! Many of us, which includes the management as well as the technical guys, choose to believe more in tools and less in skills. So many of us fall for charlatans and often judge the goodness of a product or service based on its marketing.
Also, the age old, lack of security awareness in employees is still a huge threat for everyone.
[PT]: What actions should be taken to increase security awareness?
[NM]: By demonstratng risks to which the employees can actually connect. For example, to demonstrate risks of phishing attacks, fake Facebook login pages work much better than a BeEF hook. Also, though easier said than done, people should feel like a part of the security program, it should not be something which everyone just needs to comply with. Rewards for employees reporting security incidents can go a long way.
[PT]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[NM]: Stay humble and keep learning! There is always someone who knows more than you and everyone starts somewhere. Help others out! Try not to be part of groups, the infosec community is very small.