Module: Rex::Exploitation::Powershell::PshMethods

Defined in:

lib/rex/exploitation/powershell/psh_methods.rb

Overview

Convenience methods for generating powershell code in Ruby

Class Method Summary

• .download(src, target) ⇒ String

  Download file via .NET WebClient.

• .get_last_login(user) ⇒ String

  Return last time of login.

• .secure_string(str) ⇒ String

  Create secure string from plaintext.

• .uninstall(app, fuzzy = true) ⇒ String

  Uninstall app, or anything named like app.

• .who_locked_file(filename) ⇒ String

  Find PID of file lock owner.

Class Method Details

.download(src, target) ⇒ String

Download file via .NET WebClient

Parameters:

• src (String) —

  URL to the file

• target (String) —

  Location to save the file

Returns:

• (String) —

  Powershell code to download a file

# File 'lib/rex/exploitation/powershell/psh_methods.rb', line 18

def self.download(src, target)
  target ||= '$pwd\\' << src.split('/').last
  %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
end

.get_last_login(user) ⇒ String

Return last time of login

Parameters:

• user (String) —

  Username

Returns:

• (String) —

  Powershell code to return the last time of a user login

# File 'lib/rex/exploitation/powershell/psh_methods.rb', line 64

def self.get_last_login(user)
  %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
end

.secure_string(str) ⇒ String

Create secure string from plaintext

Parameters:

• str (String) —

  String to create as a SecureString

Returns:

• (String) —

  Powershell code to create a SecureString

# File 'lib/rex/exploitation/powershell/psh_methods.rb', line 42

def self.secure_string(str)
  %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
end

.uninstall(app, fuzzy = true) ⇒ String

Uninstall app, or anything named like app

Parameters:

• app (String) —

  Name of application

• fuzzy (Boolean) (defaults to: true) —

  Whether to apply a fuzzy match (-like) to the application name

Returns:

• (String) —

  Powershell code to uninstall an application

# File 'lib/rex/exploitation/powershell/psh_methods.rb', line 31

def self.uninstall(app, fuzzy = true)
  match = fuzzy ? '-like' : '-eq'
  %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
end

.who_locked_file(filename) ⇒ String

Find PID of file lock owner

Parameters:

• filename (String) —

  Filename

Returns:

• (String) —

  Powershell code to identify the PID of a file lock owner

# File 'lib/rex/exploitation/powershell/psh_methods.rb', line 53

def self.who_locked_file(filename)
  %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
end