rex-powershell 0.1.93 → 0.1.94

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +1 -1
  3. data/lib/rex/powershell/command.rb +4 -4
  4. data/lib/rex/powershell/exceptions.rb +16 -0
  5. data/lib/rex/powershell/obfu.rb +3 -3
  6. data/lib/rex/powershell/output.rb +2 -2
  7. data/lib/rex/powershell/version.rb +1 -1
  8. data/lib/rex/powershell.rb +1 -0
  9. data.tar.gz.sig +0 -0
  10. metadata +3 -2
  11. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 264ef895e51a24ebc9faec44d558f16f4d7324e75dc7b9c7f9c5ce504b14eaea
4
- data.tar.gz: 79a682962f60136c0189156715dd190e2d4573c64851a601ab05f4d1e2a15db8
3
+ metadata.gz: f383759ee0a96f16b0d6e1a80499ef39643394c2f813ad3fdb5087bd6a0b5f30
4
+ data.tar.gz: 6cb029ad64653e8b737c7a2b18011ef08208bc3b2f6472844268678d961646d4
5
5
  SHA512:
6
- metadata.gz: 6f2ba77f0172164a76f00607cccf083c63b163dc321df4f0c40d49397bc269e18b13282a3f5f91807423e3eecfaf289c623d1a516a4c7831c2faaade17686c2f
7
- data.tar.gz: 116b6339f8c82e719915c7359d34845f0ab140fa14f61934ad5359567b1c67fdbf9940f62e19828ff596904d2e308e40428c7be59c816f25218fd9a06f3281aa
6
+ metadata.gz: f1bf00f2b9ca8d1df7bcc7c074194994639cca34937c9290823dcb15c9abeb80e3890bb1590d7c95e8092c707b7be01a03aeeec0b2a0315055f374a59ebb4fb9
7
+ data.tar.gz: 2e83a9c7cf78db8f473cd5161378cfc81f74fd547e1d1ace9d4d1bc9f52479692d4b408515c086e29c4d4884c017252696d6db3527c833bec6c1b6fc8b5222cc
checksums.yaml.gz.sig CHANGED
@@ -1 +1 @@
1
- CN
1
+ ���/���ly�Spn|ﻓ]ڌz�ck�axwl~��凙�uv�c�������3�?C�D!��0���w�����#����\=?�w�j�~n��RQ��DL�V�_cx�,�m��[��t�\ �tYc ��Ѯ�����!B%[5a��c^v@K_�"&���[�*2�G���]������_��Ts7;�/�U/`L[(����Hᔁi�DߣUVk�sm�4V�{�%��=:�,#7���;����,�����=��^��T
data/lib/rex/powershell/command.rb CHANGED
@@ -293,11 +293,11 @@ EOS
293
293
  # @return [String] Powershell command line with payload
294
294
  def self.cmd_psh_payload(pay, payload_arch, template_path, opts = {})
295
295
  if opts[:encode_inner_payload] && opts[:encode_final_payload]
296
- fail RuntimeError, ':encode_inner_payload and :encode_final_payload are incompatible options'
296
+ fail Exceptions::PowershellError, ':encode_inner_payload and :encode_final_payload are incompatible options'
297
297
  end
298
298
 
299
299
  if opts[:no_equals] && !opts[:encode_final_payload]
300
- fail RuntimeError, ':no_equals requires :encode_final_payload option to be used'
300
+ fail Exceptions::PowershellError, ':no_equals requires :encode_final_payload option to be used'
301
301
  end
302
302
 
303
303
  psh_payload = case opts[:method]
@@ -310,7 +310,7 @@ EOS
310
310
  when 'msil'
311
311
  Rex::Powershell::Payload.to_win32pe_psh_msil(template_path, pay)
312
312
  else
313
- fail RuntimeError, 'No Powershell method specified'
313
+ fail Exceptions::PowershellError, 'No Powershell method specified'
314
314
  end
315
315
 
316
316
  if opts[:exec_rc4]
@@ -405,7 +405,7 @@ EOS
405
405
  end
406
406
 
407
407
  if command.length > 8191
408
- fail RuntimeError, 'Powershell command length is greater than the command line maximum (8192 characters)'
408
+ fail Exceptions::PowershellCommandLengthError, 'Powershell command length is greater than the command line maximum (8192 characters)'
409
409
  end
410
410
 
411
411
  command
data/lib/rex/powershell/exceptions.rb ADDED
@@ -0,0 +1,16 @@
1
+ # -*- coding: binary -*-
2
+
3
+ module Rex
4
+ module Powershell
5
+ module Exceptions
6
+
7
+ class PowershellError < RuntimeError
8
+ end
9
+
10
+ class PowershellCommandLengthError < PowershellError
11
+ end
12
+
13
+ end
14
+ end
15
+ end
16
+
data/lib/rex/powershell/obfu.rb CHANGED
@@ -67,7 +67,7 @@ module Powershell
67
67
  # Deobfuscate a Powershell literal string value that was previously obfuscated by #scate_string_literal.
68
68
  #
69
69
  # @param [String] string The obfuscated Powershell expression to deobfuscate.
70
- # @raises [RuntimeError] If the string can not be deobfuscated, for example because it was randomized using a
70
+ # @raises [Exceptions::PowershellError] If the string can not be deobfuscated, for example because it was randomized using a
71
71
  # different routine, then an exception is raised.
72
72
  # @return [String] The string literal value.
73
73
  def self.descate_string_literal(string)
@@ -79,14 +79,14 @@ module Powershell
79
79
  format = Regexp.last_match(0)
80
80
  format_args = string[format.length..-1].strip
81
81
  unless format_args =~ /-f\s*('.',\s*)*('.')/
82
- raise RuntimeError.new('The obfuscated string structure is unsupported')
82
+ raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
83
83
  end
84
84
  format_args = format_args[2..-1].strip.scan(/'(.)'/).map { |match| match[0] }
85
85
  string = format[1...-1].strip
86
86
  end
87
87
 
88
88
  unless string =~ /^'.*'$/
89
- raise RuntimeError.new('The obfuscated string structure is unsupported')
89
+ raise Exceptions::PowershellError, 'The obfuscated string structure is unsupported'
90
90
  end
91
91
  string = string.gsub(/'\s*\+\s*'/, '') # process all concatenation operations
92
92
  unless format_args.nil? # process all format string operations
data/lib/rex/powershell/output.rb CHANGED
@@ -146,7 +146,7 @@ module Powershell
146
146
  elsif @code =~ /FromBase64String(\((?>[^)(]+|\g<1>)*\))/
147
147
  encoded_stream = Obfu.descate_string_literal(Regexp.last_match(1))
148
148
  else
149
- raise RuntimeError, 'Failed to identify the base64 data'
149
+ raise Exceptions::PowershellError, 'Failed to identify the base64 data'
150
150
  end
151
151
 
152
152
  # Decode and decompress the string
@@ -157,7 +157,7 @@ module Powershell
157
157
  begin
158
158
  @code = Rex::Text.zlib_inflate(unencoded)
159
159
  rescue Zlib::DataError => e
160
- raise RuntimeError, 'Invalid compression'
160
+ raise Exceptions::PowershellError, 'Invalid compression'
161
161
  end
162
162
  end
163
163
 
data/lib/rex/powershell/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rex
2
2
  module Powershell
3
- VERSION = "0.1.93"
3
+ VERSION = "0.1.94"
4
4
  end
5
5
  end
data/lib/rex/powershell.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # -*- coding: binary -*-
2
2
  require 'rex/powershell/version'
3
+ require 'rex/powershell/exceptions'
3
4
  require 'rex/powershell/output'
4
5
  require 'rex/powershell/parser'
5
6
  require 'rex/powershell/obfu'
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rex-powershell
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.93
4
+ version: 0.1.94
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2021-09-03 00:00:00.000000000 Z
96
+ date: 2021-10-22 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: rake
@@ -189,6 +189,7 @@ files:
189
189
  - data/templates/to_mem_rc4.ps1.template
190
190
  - lib/rex/powershell.rb
191
191
  - lib/rex/powershell/command.rb
192
+ - lib/rex/powershell/exceptions.rb
192
193
  - lib/rex/powershell/function.rb
193
194
  - lib/rex/powershell/obfu.rb
194
195
  - lib/rex/powershell/output.rb
metadata.gz.sig CHANGED
Binary file