rex-powershell 0.1.93 → 0.1.94
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +1 -1
- data/lib/rex/powershell/command.rb +4 -4
- data/lib/rex/powershell/exceptions.rb +16 -0
- data/lib/rex/powershell/obfu.rb +3 -3
- data/lib/rex/powershell/output.rb +2 -2
- data/lib/rex/powershell/version.rb +1 -1
- data/lib/rex/powershell.rb +1 -0
- data.tar.gz.sig +0 -0
- metadata +3 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f383759ee0a96f16b0d6e1a80499ef39643394c2f813ad3fdb5087bd6a0b5f30
|
4
|
+
data.tar.gz: 6cb029ad64653e8b737c7a2b18011ef08208bc3b2f6472844268678d961646d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1bf00f2b9ca8d1df7bcc7c074194994639cca34937c9290823dcb15c9abeb80e3890bb1590d7c95e8092c707b7be01a03aeeec0b2a0315055f374a59ebb4fb9
|
7
|
+
data.tar.gz: 2e83a9c7cf78db8f473cd5161378cfc81f74fd547e1d1ace9d4d1bc9f52479692d4b408515c086e29c4d4884c017252696d6db3527c833bec6c1b6fc8b5222cc
|
checksums.yaml.gz.sig
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
���/���ly�Spn|ﻓ]ڌz�ck�axwl~��凙�uv�c�������3�?C�D!��0���w�����#����\=?�w�j�~n��RQ��DL�V�_cx�,�m��[��t�\�tYc��Ѯ�����!B%[5a��c^v@K_�"&���[�*2�G���]������_��Ts7;�/�U/`L[(����Hᔁi�DߣUVk�sm�4V�{�%��=:�,#7���;����,�����=��^��T
|
@@ -293,11 +293,11 @@ EOS
|
|
293
293
|
# @return [String] Powershell command line with payload
|
294
294
|
def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
|
295
295
|
if opts[:encode_inner_payload] && opts[:encode_final_payload]
|
296
|
-
fail
|
296
|
+
fail Exceptions::PowershellError, ':encode_inner_payload and :encode_final_payload are incompatible options'
|
297
297
|
end
|
298
298
|
|
299
299
|
if opts[:no_equals] && !opts[:encode_final_payload]
|
300
|
-
fail
|
300
|
+
fail Exceptions::PowershellError, ':no_equals requires :encode_final_payload option to be used'
|
301
301
|
end
|
302
302
|
|
303
303
|
psh_payload = case opts[:method]
|
@@ -310,7 +310,7 @@ EOS
|
|
310
310
|
when 'msil'
|
311
311
|
Rex::Powershell::Payload.to_win32pe_psh_msil(template_path, pay)
|
312
312
|
else
|
313
|
-
fail
|
313
|
+
fail Exceptions::PowershellError, 'No Powershell method specified'
|
314
314
|
end
|
315
315
|
|
316
316
|
if opts[:exec_rc4]
|
@@ -405,7 +405,7 @@ EOS
|
|
405
405
|
end
|
406
406
|
|
407
407
|
if command.length > 8191
|
408
|
-
fail
|
408
|
+
fail Exceptions::PowershellCommandLengthError, 'Powershell command length is greater than the command line maximum (8192 characters)'
|
409
409
|
end
|
410
410
|
|
411
411
|
command
|
data/lib/rex/powershell/obfu.rb
CHANGED
@@ -67,7 +67,7 @@ module Powershell
|
|
67
67
|
# Deobfuscate a Powershell literal string value that was previously obfuscated by #scate_string_literal.
|
68
68
|
#
|
69
69
|
# @param [String] string The obfuscated Powershell expression to deobfuscate.
|
70
|
-
# @raises [
|
70
|
+
# @raises [Exceptions::PowershellError] If the string can not be deobfuscated, for example because it was randomized using a
|
71
71
|
# different routine, then an exception is raised.
|
72
72
|
# @return [String] The string literal value.
|
73
73
|
def self.descate_string_literal(string)
|
@@ -79,14 +79,14 @@ module Powershell
|
|
79
79
|
format = Regexp.last_match(0)
|
80
80
|
format_args = string[format.length..-1].strip
|
81
81
|
unless format_args =~ /-f\s*('.',\s*)*('.')/
|
82
|
-
raise
|
82
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
83
83
|
end
|
84
84
|
format_args = format_args[2..-1].strip.scan(/'(.)'/).map { |match| match[0] }
|
85
85
|
string = format[1...-1].strip
|
86
86
|
end
|
87
87
|
|
88
88
|
unless string =~ /^'.*'$/
|
89
|
-
raise
|
89
|
+
raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
|
90
90
|
end
|
91
91
|
string = string.gsub(/'\s*\+\s*'/, '') # process all concatenation operations
|
92
92
|
unless format_args.nil? # process all format string operations
|
@@ -146,7 +146,7 @@ module Powershell
|
|
146
146
|
elsif @code =~ /FromBase64String(\((?>[^)(]+|\g<1>)*\))/
|
147
147
|
encoded_stream = Obfu.descate_string_literal(Regexp.last_match(1))
|
148
148
|
else
|
149
|
-
raise
|
149
|
+
raise Exceptions::PowershellError, 'Failed to identify the base64 data'
|
150
150
|
end
|
151
151
|
|
152
152
|
# Decode and decompress the string
|
@@ -157,7 +157,7 @@ module Powershell
|
|
157
157
|
begin
|
158
158
|
@code = Rex::Text.zlib_inflate(unencoded)
|
159
159
|
rescue Zlib::DataError => e
|
160
|
-
raise
|
160
|
+
raise Exceptions::PowershellError, 'Invalid compression'
|
161
161
|
end
|
162
162
|
end
|
163
163
|
|
data/lib/rex/powershell.rb
CHANGED
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-powershell
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.94
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2021-
|
96
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
@@ -189,6 +189,7 @@ files:
|
|
189
189
|
- data/templates/to_mem_rc4.ps1.template
|
190
190
|
- lib/rex/powershell.rb
|
191
191
|
- lib/rex/powershell/command.rb
|
192
|
+
- lib/rex/powershell/exceptions.rb
|
192
193
|
- lib/rex/powershell/function.rb
|
193
194
|
- lib/rex/powershell/obfu.rb
|
194
195
|
- lib/rex/powershell/output.rb
|
metadata.gz.sig
CHANGED
Binary file
|