Path: blob/master/modules/post/windows/manage/exec_powershell.rb
19516 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::Windows::Powershell78def initialize(info = {})9super(10update_info(11info,12'Name' => 'Windows PowerShell Execution Post Module',13'Description' => %q{14This module will execute a PowerShell script in a meterpreter session.15The user may also enter text substitutions to be made in memory before execution.16Setting VERBOSE to true will output both the script prior to execution and the results.17},18'License' => MSF_LICENSE,19'Platform' => ['windows'],20'SessionTypes' => ['meterpreter'],21'Author' => [22'Nicholas Nam (nick[at]executionflow.org)', # original meterpreter script23'RageLtMan <rageltman[at]sempervictus>' # post module and libs24],25'Notes' => {26'Stability' => [CRASH_SAFE],27'SideEffects' => [],28'Reliability' => []29}30)31)3233register_options(34[35OptString.new('SCRIPT', [true, 'Path to the local PS script or command string to execute']),36]37)3839register_advanced_options(40[41OptString.new('SUBSTITUTIONS', [false, 'Script subs in gsub format - original,sub;original,sub']),42]43)44end4546def run47fail_with(Failure::BadConfig, 'PowerShell is not available') unless have_powershell?4849# Preprocess the Powershell::Script object with substitions from Exploit::Powershell50script = make_subs(read_script(datastore['SCRIPT']), process_subs(datastore['SUBSTITUTIONS']))5152# Execute in session53print_status psh_exec(script)54print_good 'Finished!'55end56end575859