rex-powershell 0.1.93 → 0.1.96
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +2 -1
- data/.github/workflows/verify.yml +1 -1
- data/lib/rex/powershell/command.rb +4 -4
- data/lib/rex/powershell/exceptions.rb +16 -0
- data/lib/rex/powershell/obfu.rb +3 -3
- data/lib/rex/powershell/output.rb +2 -2
- data/lib/rex/powershell/script.rb +1 -1
- data/lib/rex/powershell/version.rb +1 -1
- data/lib/rex/powershell.rb +1 -0
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 533b355fdb313b3ea465af07001b7f0e660cbe9692a5fe61347fb0c259970c00
|
4
|
+
data.tar.gz: 7c21738e84b817fad4ca0b4498cd9e47d5a73933063d7b5b56766d3b95daafcc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2d9088c3d6160de7008882c2a335f8449c09628f42eeb3140e5a33aca0609c95bd2a628b142c878940059e2e01350ab817769069c02ba838c6ebe9483833de8d
|
7
|
+
data.tar.gz: 7498366f191e68ff7413413677521b28f8add5f8b5d65edb9049c776a8c568708b32abca9ed2efdd8a05e9b7a44430fb022f37daa608dcf4ef2a31ffb2d6dda5
|
checksums.yaml.gz.sig
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
|
1
|
+
g
|
2
|
+
>�\�*<�#���-̥80iu�.�����&HK�30dn�ZrX\�ꑓ��M�L������V4���9h�q��A0�M�u��pP�����a�w�sXyw��s��x��UMyp̓���f��'>B]��m���_��i���X"*��S�����A��)&�σH.4��u7 a��l�P����$Q�rK�]`�Ŧ�
|
@@ -293,11 +293,11 @@ EOS
|
|
293
293
|
# @return [String] Powershell command line with payload
|
294
294
|
def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
|
295
295
|
if opts[:encode_inner_payload] && opts[:encode_final_payload]
|
296
|
-
fail
|
296
|
+
fail Exceptions::PowershellError, ':encode_inner_payload and :encode_final_payload are incompatible options'
|
297
297
|
end
|
298
298
|
|
299
299
|
if opts[:no_equals] && !opts[:encode_final_payload]
|
300
|
-
fail
|
300
|
+
fail Exceptions::PowershellError, ':no_equals requires :encode_final_payload option to be used'
|
301
301
|
end
|
302
302
|
|
303
303
|
psh_payload = case opts[:method]
|
@@ -310,7 +310,7 @@ EOS
|
|
310
310
|
when 'msil'
|
311
311
|
Rex::Powershell::Payload.to_win32pe_psh_msil(template_path, pay)
|
312
312
|
else
|
313
|
-
fail
|
313
|
+
fail Exceptions::PowershellError, 'No Powershell method specified'
|
314
314
|
end
|
315
315
|
|
316
316
|
if opts[:exec_rc4]
|
@@ -405,7 +405,7 @@ EOS
|
|
405
405
|
end
|
406
406
|
|
407
407
|
if command.length > 8191
|
408
|
-
fail
|
408
|
+
fail Exceptions::PowershellCommandLengthError, 'Powershell command length is greater than the command line maximum (8192 characters)'
|
409
409
|
end
|
410
410
|
|
411
411
|
command
|
data/lib/rex/powershell/obfu.rb
CHANGED
@@ -67,7 +67,7 @@ module Powershell
|
|
67
67
|
# Deobfuscate a Powershell literal string value that was previously obfuscated by #scate_string_literal.
|
68
68
|
#
|
69
69
|
# @param [String] string The obfuscated Powershell expression to deobfuscate.
|
70
|
-
# @raises [
|
70
|
+
# @raises [Exceptions::PowershellError] If the string can not be deobfuscated, for example because it was randomized using a
|
71
71
|
# different routine, then an exception is raised.
|
72
72
|
# @return [String] The string literal value.
|
73
73
|
def self.descate_string_literal(string)
|
@@ -79,14 +79,14 @@ module Powershell
|
|
79
79
|
format = Regexp.last_match(0)
|
80
80
|
format_args = string[format.length..-1].strip
|
81
81
|
unless format_args =~ /-f\s*('.',\s*)*('.')/
|
82
|
-
raise
|
82
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
83
83
|
end
|
84
84
|
format_args = format_args[2..-1].strip.scan(/'(.)'/).map { |match| match[0] }
|
85
85
|
string = format[1...-1].strip
|
86
86
|
end
|
87
87
|
|
88
88
|
unless string =~ /^'.*'$/
|
89
|
-
raise
|
89
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
90
90
|
end
|
91
91
|
string = string.gsub(/'\s*\+\s*'/, '') # process all concatenation operations
|
92
92
|
unless format_args.nil? # process all format string operations
|
@@ -146,7 +146,7 @@ module Powershell
|
|
146
146
|
elsif @code =~ /FromBase64String(\((?>[^)(]+|\g<1>)*\))/
|
147
147
|
encoded_stream = Obfu.descate_string_literal(Regexp.last_match(1))
|
148
148
|
else
|
149
|
-
raise
|
149
|
+
raise Exceptions::PowershellError, 'Failed to identify the base64 data'
|
150
150
|
end
|
151
151
|
|
152
152
|
# Decode and decompress the string
|
@@ -157,7 +157,7 @@ module Powershell
|
|
157
157
|
begin
|
158
158
|
@code = Rex::Text.zlib_inflate(unencoded)
|
159
159
|
rescue Zlib::DataError => e
|
160
|
-
raise
|
160
|
+
raise Exceptions::PowershellError, 'Invalid compression'
|
161
161
|
end
|
162
162
|
end
|
163
163
|
|
data/lib/rex/powershell.rb
CHANGED
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-powershell
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.96
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date:
|
96
|
+
date: 2022-04-07 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
@@ -189,6 +189,7 @@ files:
|
|
189
189
|
- data/templates/to_mem_rc4.ps1.template
|
190
190
|
- lib/rex/powershell.rb
|
191
191
|
- lib/rex/powershell/command.rb
|
192
|
+
- lib/rex/powershell/exceptions.rb
|
192
193
|
- lib/rex/powershell/function.rb
|
193
194
|
- lib/rex/powershell/obfu.rb
|
194
195
|
- lib/rex/powershell/output.rb
|
metadata.gz.sig
CHANGED
Binary file
|