Class: Rex::Powershell::Script

Inherits:

Object

• Object
• Rex::Powershell::Script

Extended by:

Forwardable

Includes:

Obfu, Output, Parser

Defined in:

lib/rex/powershell/script.rb

Constant Summary

DEFAULT_RIG_OPTS =

{
  max_length: 5,
  min_length: 2,
  forbidden: Parser::RESERVED_VARIABLE_NAMES.map {|e| e[1..-1]}
}

Constants included from Obfu

Obfu::EMPTY_LINE_REGEX, Obfu::MULTI_LINE_COMMENTS_REGEX, Obfu::SINGLE_LINE_COMMENTS_REGEX, Obfu::UNIX_EOL_REGEX, Obfu::WHITESPACE_REGEX, Obfu::WINDOWS_EOL_REGEX

Constants included from Parser

Parser::RESERVED_VARIABLE_NAMES

Instance Attribute Summary

• #code ⇒ Object

  Returns the value of attribute code.

• #functions ⇒ Object readonly

  Returns the value of attribute functions.

• #rig ⇒ Object readonly

  Returns the value of attribute rig.

Class Method Summary

• .code_modifiers ⇒ Array

  Return list of code modifier methods.

• .to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3)) ⇒ String

  Convert binary to byte array, read from file if able.

Instance Method Summary

• #initialize(code, rig = nil) ⇒ Script constructor

  A new instance of Script.

Methods included from Obfu

descate_string_literal, scate_string_literal, #standard_subs, #strip_comments, #strip_empty_lines, #strip_whitespace, #sub_funcs, #sub_vars

Methods included from Parser

#block_extract, #get_func, #get_func_names, #get_string_literals, #get_var_names, #match_start, #scan_with_index

Methods included from Output

#compress_code, #decode_code, #decompress_code, #deflate_code, #encode_code, #gzip_code, #size, #to_s, #to_s_lineno

Constructor Details

#initialize(code, rig = nil) ⇒ Script

Returns a new instance of Script.

# File 'lib/rex/powershell/script.rb', line 38

def initialize(code, rig = nil)
  @code = ''
  @rig = rig || Rex::RandomIdentifier::Generator.new(DEFAULT_RIG_OPTS)

  begin
    # Open code file for reading
    fd = ::File.new(code || '', 'rb')
    while (line = fd.gets)
      @code << line
    end

    # Close open file
    fd.close
  rescue Errno::ENAMETOOLONG, Errno::ENOENT, Errno::EINVAL
    # Treat code as a... code
    @code = code.to_s.dup # in case we're eating another script
  end
  @functions = get_func_names.map { |f| get_func(f) }
end

Instance Attribute Details

#code ⇒ Object

Returns the value of attribute code.

# File 'lib/rex/powershell/script.rb', line 8

def code
  @code
end

#functions ⇒ Object (readonly)

Returns the value of attribute functions.

# File 'lib/rex/powershell/script.rb', line 9

def functions
  @functions
end

#rig ⇒ Object (readonly)

Returns the value of attribute rig.

# File 'lib/rex/powershell/script.rb', line 9

def rig
  @rig
end

Class Method Details

.code_modifiers ⇒ Array

Return list of code modifier methods

Returns:

• (Array) —

  Code modifiers

# File 'lib/rex/powershell/script.rb', line 92

def self.code_modifiers
  instance_methods.select { |m| m =~ /^(strip|sub)/ }
end

.to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3)) ⇒ String

Convert binary to byte array, read from file if able

Parameters:

• input_data (String) —

  Path to powershell file or powershell code string

• var_name (String) (defaults to: Rex::Text.rand_text_alpha(rand(3) + 3)) —

  Byte array variable name

Returns:

• (String) —

  input_data as a powershell byte array

# File 'lib/rex/powershell/script.rb', line 70

def self.to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3))
  # File will raise an exception if the path contains null byte
  if input_data.include? "\x00"
    code = input_data
  else
    code = ::File.file?(input_data) ? ::File.read(input_data) : input_data
  end

  code = code.unpack('C*')
  psh = "[Byte[]] $#{var_name} = 0x#{code[0].to_s(16)}"
  lines = []
  1.upto(code.length - 1) do |byte|
    lines.push ",0x#{code[byte].to_s(16)}"
  end

  psh << lines.join('') + "\r\n"
end