CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
# -*- coding: binary -*-
2

3
class Msf::Sessions::PowerShell < Msf::Sessions::CommandShell
4
  module Mixin
5
    #
6
    # Takes over the shell_command of the parent
7
    #
8
    def shell_command(cmd, timeout = 1800)
9
      # insert random marker
10
      strm = Rex::Text.rand_text_alpha(15)
11
      endm = Rex::Text.rand_text_alpha(15)
12

13
      # Send the shell channel's stdin.
14
      shell_write(";'#{strm}'\n" + cmd + "\n'#{endm}';\n")
15

16
      etime = ::Time.now.to_f + timeout
17

18
      buff = ''
19
      # Keep reading data until the marker has been received or the 30 minute timeout has occurred
20
      while (::Time.now.to_f < etime)
21
        res = shell_read(-1, timeout)
22
        break unless res
23

24
        timeout = etime - ::Time.now.to_f
25

26
        buff << res
27
        next unless buff.include?(endm)
28

29
        # if you see the end marker, read the buffer from the start marker to the end and then display back to screen
30
        buff = buff.split(/#{strm}\r\n/)[-1]
31
        buff = buff.split(endm)[0]
32
        buff.gsub!(/(?<=\r\n)PS [^>]*>/, '')
33
        return buff
34
      end
35
      buff
36
    end
37
  end
38

39
  include Mixin
40

41
  #
42
  # Execute any specified auto-run scripts for this session
43
  #
44
  def process_autoruns(datastore)
45
    # Read the username and hostname from the initial banner
46
    initial_output = shell_read(-1, 2)
47
    if initial_output =~ /running as user ([^\s]+) on ([^\s]+)/
48
      username = Regexp.last_match(1)
49
      hostname = Regexp.last_match(2)
50
      self.info = "#{username} @ #{hostname}"
51
    elsif initial_output
52
      self.info = initial_output.gsub(/[\r\n]/, ' ')
53
    end
54

55
    # Call our parent class's autoruns processing method
56
    super
57
  end
58

59
  #
60
  # Returns the type of session.
61
  #
62
  def self.type
63
    'powershell'
64
  end
65

66
  def self.can_cleanup_files
67
    true
68
  end
69

70
  #
71
  # Returns the session platform.
72
  #
73
  def platform
74
    'windows'
75
  end
76

77
  #
78
  # Returns the session description.
79
  #
80
  def desc
81
    'Powershell session'
82
  end
83

84
end
85

86