Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
include Msf::Post::Windows
6
class MetasploitModule < Msf::Encoder
7
  Rank = ExcellentRanking
8

9
  def initialize
10
    super(
11
      'Name'             => 'Powershell Base64 Command Encoder',
12
      'Description'      => %q{
13
        This encodes the command as a base64 encoded command for powershell.
14
      },
15
      'Author'           => 'Ben Campbell',
16
      'Arch'             => ARCH_CMD,
17
      'Platform'         => 'win')
18
  end
19

20

21
  #
22
  # Encodes the payload
23
  #
24
  def encode_block(state, buf)
25
    # Skip encoding for empty badchars
26
    if state.badchars.length == 0
27
      return buf
28
    end
29

30
    if (state.badchars.include? '-') || (state.badchars.include? ' ')
31
      return buf
32
    end
33

34
    cmd = encode_buf(buf)
35

36
    if state.badchars.include? '='
37
        while cmd.include? '='
38
          buf << " "
39
          cmd = encode_buf(buf)
40
        end
41
    end
42

43
    cmd
44
  end
45

46
  def encode_buf(buf)
47
    base64 = Rex::Text.encode_base64(Rex::Text.to_unicode("cmd.exe /c '#{Msf::Post::Windows.escape_powershell_literal(buf)}'"))
48
    cmd = "powershell -w hidden -nop -e #{base64}"
49
  end
50
end
51

52