rex-powershell 0.1.72 → 0.1.73

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3c3d35160174f85175acc32317b6705c537c58b0
-  data.tar.gz: 25e128836020cb629f64bc4502296ec6f681c1d5
+  metadata.gz: 1dabfcb498065064e37785310bca6d72de12557c
+  data.tar.gz: a5be528fbbc94aae94674a877f2559ad9d500406
 SHA512:
-  metadata.gz: e62398ab73031e51e08c22dfdb4b8084fe086aa494e9dd9d03cc7e62921f8970bd31c86ce5104abe6ff884b8b2fc41d7a4afbb6d1fe68d47803863a189b9601a
-  data.tar.gz: 2c5b5a30eff32e692bf5b096b2cd74a0bffbc7990829bae49a74197371ce2c9f0baa5c5754fed5bc0bc9c9367992b547fb9b8de397387e77111c24991bd77db4
+  metadata.gz: 199779368f7e1a874ee587bc916246388c2ad03f1dfffa72877df2e108d34a2becc077f93b6389225016311905eac50d616bf6f34abf8491a0ef4f7866254582
+  data.tar.gz: 5feb09f1183726d10b1caf649fc7d8f43236e96ddb27dcf1aac0defc7d351bc6d44d2d21756b7c095c4adb6378b0c62cfd06867227f870aec27334d021df4298

data/lib/rex/powershell/command.rb

@@ -158,13 +158,17 @@ module Command
         when :noprofile
           arg_string << '-NoProfile ' if value
         when :windowstyle
-          arg_string << "-WindowStyle #{value} " if  value
+          arg_string << "-WindowStyle #{value} " if value
       end
     end
 
     # Command must be last (unless from stdin - etc)
     if opts[:command]
-      arg_string << "-Command #{opts[:command]}"
+      if opts[:use_single_quotes]
+        arg_string << "-Command #{opts[:command]}"
+      else
+        arg_string << "-Command \"#{opts[:command]}\""
+      end
     end
 
     # Shorten arg if PSH 2.0+
@@ -214,8 +218,10 @@ module Command
 
     if encoded
       opts[:encodedcommand] = ps_code
-    else
+    elsif opts[:use_single_quotes]
       opts[:command] = ps_code.gsub("'", "''")
+    else
+      opts[:command] = ps_code
     end
 
     ps_args = generate_psh_args(opts)
@@ -283,17 +289,17 @@ EOS
     end
 
     psh_payload = case opts[:method]
-                    when 'net'
-                      Rex::Powershell::Payload.to_win32pe_psh_net(template_path, pay)
-                    when 'reflection'
-                      Rex::Powershell::Payload.to_win32pe_psh_reflection(template_path, pay)
-                    when 'old'
-                      Rex::Powershell::Payload.to_win32pe_psh(template_path, pay)
-                    when 'msil'
-                      fail RuntimeError, 'MSIL Powershell method no longer exists'
-                    else
-                      fail RuntimeError, 'No Powershell method specified'
-                  end
+      when 'net'
+        Rex::Powershell::Payload.to_win32pe_psh_net(template_path, pay)
+      when 'reflection'
+        Rex::Powershell::Payload.to_win32pe_psh_reflection(template_path, pay)
+      when 'old'
+        Rex::Powershell::Payload.to_win32pe_psh(template_path, pay)
+      when 'msil'
+        fail RuntimeError, 'MSIL Powershell method no longer exists'
+      else
+        fail RuntimeError, 'No Powershell method specified'
+    end
 
     # Run our payload in a while loop
     if opts[:persist]

data/lib/rex/powershell/output.rb

@@ -95,22 +95,25 @@ module Powershell
     # @return [String] Gzip compressed powershell code wrapped in
     # decompression stub
     def gzip_code(eof = nil)
-      # Compress using the Deflate algorithm
+      # Compress using the Gzip algorithm
       compressed_stream = Rex::Text.gzip(code)
 
       # Base64 encode the compressed file contents
       encoded_stream = Rex::Text.encode_base64(compressed_stream)
 
       # Build the powershell expression
-      # Decode base64 encoded command and create a stream object
-      psh_expression =  "$s=New-Object IO.MemoryStream(,"
-      psh_expression << "[Convert]::FromBase64String('#{encoded_stream}'));"
-      # Uncompress and invoke the expression (execute)
-      psh_expression << 'IEX (New-Object IO.StreamReader('
+      # Create and execute script lock fed by the IO.StreamReader
+      psh_expression = '&([scriptblock]::create((New-Object IO.StreamReader('
+      # Feed StreamREader from a GzipStream
       psh_expression << 'New-Object IO.Compression.GzipStream('
-      psh_expression << '$s,'
-      psh_expression << '[IO.Compression.CompressionMode]::Decompress)'
-      psh_expression << ')).ReadToEnd();'
+      # GzipStream operates on the Memory Stream
+      psh_expression << '(New-Object IO.MemoryStream(,'
+      # MemoryStream consists of base64 encoded compressed data
+      psh_expression << "[Convert]::FromBase64String('#{encoded_stream}')))"
+      # Set the GzipStream to decompress its MemoryStream contents
+      psh_expression << ',[IO.Compression.CompressionMode]::Decompress)'
+      # Read the decoded, decompressed result into scriptblock contents
+      psh_expression << ')).ReadToEnd()))'
 
       # If eof is set, add a marker to signify end of code output
       # if (eof && eof.length == 8) then psh_expression += "'#{eof}'" end

data/lib/rex/powershell/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Powershell
-    VERSION = "0.1.72"
+    VERSION = "0.1.73"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-powershell
 version: !ruby/object:Gem::Version
-  version: 0.1.72
+  version: 0.1.73
 platform: ruby
 authors:
 - David 'thelightcosine' Maloney
@@ -88,7 +88,7 @@ cert_chain:
   G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
   8mVuTXnyJOKRJA==
   -----END CERTIFICATE-----
-date: 2017-05-11 00:00:00.000000000 Z
+date: 2017-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler