rex-powershell 0.1.93 → 0.1.96
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +2 -1
- data/.github/workflows/verify.yml +1 -1
- data/lib/rex/powershell/command.rb +4 -4
- data/lib/rex/powershell/exceptions.rb +16 -0
- data/lib/rex/powershell/obfu.rb +3 -3
- data/lib/rex/powershell/output.rb +2 -2
- data/lib/rex/powershell/script.rb +1 -1
- data/lib/rex/powershell/version.rb +1 -1
- data/lib/rex/powershell.rb +1 -0
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 533b355fdb313b3ea465af07001b7f0e660cbe9692a5fe61347fb0c259970c00
|
4
|
+
data.tar.gz: 7c21738e84b817fad4ca0b4498cd9e47d5a73933063d7b5b56766d3b95daafcc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2d9088c3d6160de7008882c2a335f8449c09628f42eeb3140e5a33aca0609c95bd2a628b142c878940059e2e01350ab817769069c02ba838c6ebe9483833de8d
|
7
|
+
data.tar.gz: 7498366f191e68ff7413413677521b28f8add5f8b5d65edb9049c776a8c568708b32abca9ed2efdd8a05e9b7a44430fb022f37daa608dcf4ef2a31ffb2d6dda5
|
checksums.yaml.gz.sig
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
|
1
|
+
g
|
2
|
+
>�\�*<�#���-̥80iu�.�����&HK�30dn�ZrX\�ꑓ��M�L������V4���9h�q��A0�M�u��pP�����a�w�sXyw��s��x��UMyp̓���f��'>B]��m���_��i���X"*��S�����A��)&�σH.4��u7 a��l�P����$Q�rK�]`�Ŧ�
|
@@ -293,11 +293,11 @@ EOS
|
|
293
293
|
# @return [String] Powershell command line with payload
|
294
294
|
def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
|
295
295
|
if opts[:encode_inner_payload] && opts[:encode_final_payload]
|
296
|
-
fail
|
296
|
+
fail Exceptions::PowershellError, ':encode_inner_payload and :encode_final_payload are incompatible options'
|
297
297
|
end
|
298
298
|
|
299
299
|
if opts[:no_equals] && !opts[:encode_final_payload]
|
300
|
-
fail
|
300
|
+
fail Exceptions::PowershellError, ':no_equals requires :encode_final_payload option to be used'
|
301
301
|
end
|
302
302
|
|
303
303
|
psh_payload = case opts[:method]
|
@@ -310,7 +310,7 @@ EOS
|
|
310
310
|
when 'msil'
|
311
311
|
Rex::Powershell::Payload.to_win32pe_psh_msil(template_path, pay)
|
312
312
|
else
|
313
|
-
fail
|
313
|
+
fail Exceptions::PowershellError, 'No Powershell method specified'
|
314
314
|
end
|
315
315
|
|
316
316
|
if opts[:exec_rc4]
|
@@ -405,7 +405,7 @@ EOS
|
|
405
405
|
end
|
406
406
|
|
407
407
|
if command.length > 8191
|
408
|
-
fail
|
408
|
+
fail Exceptions::PowershellCommandLengthError, 'Powershell command length is greater than the command line maximum (8192 characters)'
|
409
409
|
end
|
410
410
|
|
411
411
|
command
|
data/lib/rex/powershell/obfu.rb
CHANGED
@@ -67,7 +67,7 @@ module Powershell
|
|
67
67
|
# Deobfuscate a Powershell literal string value that was previously obfuscated by #scate_string_literal.
|
68
68
|
#
|
69
69
|
# @param [String] string The obfuscated Powershell expression to deobfuscate.
|
70
|
-
# @raises [
|
70
|
+
# @raises [Exceptions::PowershellError] If the string can not be deobfuscated, for example because it was randomized using a
|
71
71
|
# different routine, then an exception is raised.
|
72
72
|
# @return [String] The string literal value.
|
73
73
|
def self.descate_string_literal(string)
|
@@ -79,14 +79,14 @@ module Powershell
|
|
79
79
|
format = Regexp.last_match(0)
|
80
80
|
format_args = string[format.length..-1].strip
|
81
81
|
unless format_args =~ /-f\s*('.',\s*)*('.')/
|
82
|
-
raise
|
82
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
83
83
|
end
|
84
84
|
format_args = format_args[2..-1].strip.scan(/'(.)'/).map { |match| match[0] }
|
85
85
|
string = format[1...-1].strip
|
86
86
|
end
|
87
87
|
|
88
88
|
unless string =~ /^'.*'$/
|
89
|
-
raise
|
89
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
90
90
|
end
|
91
91
|
string = string.gsub(/'\s*\+\s*'/, '') # process all concatenation operations
|
92
92
|
unless format_args.nil? # process all format string operations
|
@@ -146,7 +146,7 @@ module Powershell
|
|
146
146
|
elsif @code =~ /FromBase64String(\((?>[^)(]+|\g<1>)*\))/
|
147
147
|
encoded_stream = Obfu.descate_string_literal(Regexp.last_match(1))
|
148
148
|
else
|
149
|
-
raise
|
149
|
+
raise Exceptions::PowershellError, 'Failed to identify the base64 data'
|
150
150
|
end
|
151
151
|
|
152
152
|
# Decode and decompress the string
|
@@ -157,7 +157,7 @@ module Powershell
|
|
157
157
|
begin
|
158
158
|
@code = Rex::Text.zlib_inflate(unencoded)
|
159
159
|
rescue Zlib::DataError => e
|
160
|
-
raise
|
160
|
+
raise Exceptions::PowershellError, 'Invalid compression'
|
161
161
|
end
|
162
162
|
end
|
163
163
|
|
data/lib/rex/powershell.rb
CHANGED
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-powershell
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.96
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date:
|
96
|
+
date: 2022-04-07 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
@@ -189,6 +189,7 @@ files:
|
|
189
189
|
- data/templates/to_mem_rc4.ps1.template
|
190
190
|
- lib/rex/powershell.rb
|
191
191
|
- lib/rex/powershell/command.rb
|
192
|
+
- lib/rex/powershell/exceptions.rb
|
192
193
|
- lib/rex/powershell/function.rb
|
193
194
|
- lib/rex/powershell/obfu.rb
|
194
195
|
- lib/rex/powershell/output.rb
|
metadata.gz.sig
CHANGED
Binary file
|