Method: Rex::Powershell::Output#decompress_code

Defined in:
lib/rex/powershell/output.rb

#decompress_codeString

Reverse the compression process Try gzip, inflate if that fails

Returns:

  • Decompressed powershell code



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/rex/powershell/output.rb', line 138

def decompress_code
  # Extract substring with payload
  encoded_stream = @code.scan(/FromBase64String\('(.*)'/).flatten.first
  # Decode and decompress the string
  unencoded = Rex::Text.decode_base64(encoded_stream)
  begin
    @code = Rex::Text.ungzip(unencoded) || Rex::Text.zlib_inflate(unencoded)
  rescue Zlib::GzipFile::Error
    begin
      @code = Rex::Text.zlib_inflate(unencoded)
    rescue Zlib::DataError => e
      raise RuntimeError, 'Invalid compression'
    end
  end

  @code
end