Method: Rex::Powershell::Output#gzip_code

Defined in:
lib/rex/powershell/output.rb

#gzip_code(eof = nil) ⇒ String

Return a gzip compressed powershell code wrapped in decoder stub

decompression stub

Parameters:

  • eof (String) (defaults to: nil)

    End of file identifier to append to code

Returns:

  • (String)

    Gzip compressed powershell code wrapped in



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/rex/powershell/output.rb', line 97

def gzip_code(eof = nil)
  # Compress using the Deflate algorithm
  compressed_stream = Rex::Text.gzip(code)

  # Base64 encode the compressed file contents
  encoded_stream = Rex::Text.encode_base64(compressed_stream)

  # Build the powershell expression
  # Decode base64 encoded command and create a stream object
  psh_expression =  "$s=New-Object IO.MemoryStream(,"
  psh_expression << "[Convert]::FromBase64String('#{encoded_stream}'));"
  # Uncompress and invoke the expression (execute)
  psh_expression << 'IEX (New-Object IO.StreamReader('
  psh_expression << 'New-Object IO.Compression.GzipStream('
  psh_expression << '$s,'
  psh_expression << '[IO.Compression.CompressionMode]::Decompress)'
  psh_expression << ')).ReadToEnd();'

  # If eof is set, add a marker to signify end of code output
  # if (eof && eof.length == 8) then psh_expression += "'#{eof}'" end
  psh_expression << "echo '#{eof}';" if eof

  @code = psh_expression
end