rex-powershell 0.1.93 → 0.1.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 264ef895e51a24ebc9faec44d558f16f4d7324e75dc7b9c7f9c5ce504b14eaea
4
- data.tar.gz: 79a682962f60136c0189156715dd190e2d4573c64851a601ab05f4d1e2a15db8
3
+ metadata.gz: f383759ee0a96f16b0d6e1a80499ef39643394c2f813ad3fdb5087bd6a0b5f30
4
+ data.tar.gz: 6cb029ad64653e8b737c7a2b18011ef08208bc3b2f6472844268678d961646d4
5
5
  SHA512:
6
- metadata.gz: 6f2ba77f0172164a76f00607cccf083c63b163dc321df4f0c40d49397bc269e18b13282a3f5f91807423e3eecfaf289c623d1a516a4c7831c2faaade17686c2f
7
- data.tar.gz: 116b6339f8c82e719915c7359d34845f0ab140fa14f61934ad5359567b1c67fdbf9940f62e19828ff596904d2e308e40428c7be59c816f25218fd9a06f3281aa
6
+ metadata.gz: f1bf00f2b9ca8d1df7bcc7c074194994639cca34937c9290823dcb15c9abeb80e3890bb1590d7c95e8092c707b7be01a03aeeec0b2a0315055f374a59ebb4fb9
7
+ data.tar.gz: 2e83a9c7cf78db8f473cd5161378cfc81f74fd547e1d1ace9d4d1bc9f52479692d4b408515c086e29c4d4884c017252696d6db3527c833bec6c1b6fc8b5222cc
checksums.yaml.gz.sig CHANGED
@@ -1 +1 @@
1
- CN
1
+ ���/���ly�Spn|ﻓ]ڌz�ck�axwl~��凙�uv�c�������3�?C�D!��0���w�����#����\=?�w�j�~n��RQ��DL�V�_cx�,�m��[��t�\ �tYc ��Ѯ�����!B%[5a��c^v@K_�"&���[�*2�G���]������_��Ts7;�/�U/`L[(����Hᔁi�DߣUVk�sm�4V�{�%��=:�,#7���;����,�����=��^��T
@@ -293,11 +293,11 @@ EOS
293
293
  # @return [String] Powershell command line with payload
294
294
  def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
295
295
  if opts[:encode_inner_payload] && opts[:encode_final_payload]
296
- fail RuntimeError, ':encode_inner_payload and :encode_final_payload are incompatible options'
296
+ fail Exceptions::PowershellError, ':encode_inner_payload and :encode_final_payload are incompatible options'
297
297
  end
298
298
 
299
299
  if opts[:no_equals] && !opts[:encode_final_payload]
300
- fail RuntimeError, ':no_equals requires :encode_final_payload option to be used'
300
+ fail Exceptions::PowershellError, ':no_equals requires :encode_final_payload option to be used'
301
301
  end
302
302
 
303
303
  psh_payload = case opts[:method]
@@ -310,7 +310,7 @@ EOS
310
310
  when 'msil'
311
311
  Rex::Powershell::Payload.to_win32pe_psh_msil(template_path, pay)
312
312
  else
313
- fail RuntimeError, 'No Powershell method specified'
313
+ fail Exceptions::PowershellError, 'No Powershell method specified'
314
314
  end
315
315
 
316
316
  if opts[:exec_rc4]
@@ -405,7 +405,7 @@ EOS
405
405
  end
406
406
 
407
407
  if command.length > 8191
408
- fail RuntimeError, 'Powershell command length is greater than the command line maximum (8192 characters)'
408
+ fail Exceptions::PowershellCommandLengthError, 'Powershell command length is greater than the command line maximum (8192 characters)'
409
409
  end
410
410
 
411
411
  command
@@ -0,0 +1,16 @@
1
+ # -*- coding: binary -*-
2
+
3
+ module Rex
4
+ module Powershell
5
+ module Exceptions
6
+
7
+ class PowershellError < RuntimeError
8
+ end
9
+
10
+ class PowershellCommandLengthError < PowershellError
11
+ end
12
+
13
+ end
14
+ end
15
+ end
16
+
@@ -67,7 +67,7 @@ module Powershell
67
67
  # Deobfuscate a Powershell literal string value that was previously obfuscated by #scate_string_literal.
68
68
  #
69
69
  # @param [String] string The obfuscated Powershell expression to deobfuscate.
70
- # @raises [RuntimeError] If the string can not be deobfuscated, for example because it was randomized using a
70
+ # @raises [Exceptions::PowershellError] If the string can not be deobfuscated, for example because it was randomized using a
71
71
  # different routine, then an exception is raised.
72
72
  # @return [String] The string literal value.
73
73
  def self.descate_string_literal(string)
@@ -79,14 +79,14 @@ module Powershell
79
79
  format = Regexp.last_match(0)
80
80
  format_args = string[format.length..-1].strip
81
81
  unless format_args =~ /-f\s*('.',\s*)*('.')/
82
- raise RuntimeError.new('The obfuscated string structure is unsupported')
82
+ raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
83
83
  end
84
84
  format_args = format_args[2..-1].strip.scan(/'(.)'/).map { |match| match[0] }
85
85
  string = format[1...-1].strip
86
86
  end
87
87
 
88
88
  unless string =~ /^'.*'$/
89
- raise RuntimeError.new('The obfuscated string structure is unsupported')
89
+ raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
90
90
  end
91
91
  string = string.gsub(/'\s*\+\s*'/, '') # process all concatenation operations
92
92
  unless format_args.nil? # process all format string operations
@@ -146,7 +146,7 @@ module Powershell
146
146
  elsif @code =~ /FromBase64String(\((?>[^)(]+|\g<1>)*\))/
147
147
  encoded_stream = Obfu.descate_string_literal(Regexp.last_match(1))
148
148
  else
149
- raise RuntimeError, 'Failed to identify the base64 data'
149
+ raise Exceptions::PowershellError, 'Failed to identify the base64 data'
150
150
  end
151
151
 
152
152
  # Decode and decompress the string
@@ -157,7 +157,7 @@ module Powershell
157
157
  begin
158
158
  @code = Rex::Text.zlib_inflate(unencoded)
159
159
  rescue Zlib::DataError => e
160
- raise RuntimeError, 'Invalid compression'
160
+ raise Exceptions::PowershellError, 'Invalid compression'
161
161
  end
162
162
  end
163
163
 
@@ -1,5 +1,5 @@
1
1
  module Rex
2
2
  module Powershell
3
- VERSION = "0.1.93"
3
+ VERSION = "0.1.94"
4
4
  end
5
5
  end
@@ -1,5 +1,6 @@
1
1
  # -*- coding: binary -*-
2
2
  require 'rex/powershell/version'
3
+ require 'rex/powershell/exceptions'
3
4
  require 'rex/powershell/output'
4
5
  require 'rex/powershell/parser'
5
6
  require 'rex/powershell/obfu'
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rex-powershell
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.93
4
+ version: 0.1.94
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2021-09-03 00:00:00.000000000 Z
96
+ date: 2021-10-22 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: rake
@@ -189,6 +189,7 @@ files:
189
189
  - data/templates/to_mem_rc4.ps1.template
190
190
  - lib/rex/powershell.rb
191
191
  - lib/rex/powershell/command.rb
192
+ - lib/rex/powershell/exceptions.rb
192
193
  - lib/rex/powershell/function.rb
193
194
  - lib/rex/powershell/obfu.rb
194
195
  - lib/rex/powershell/output.rb
metadata.gz.sig CHANGED
Binary file