Module: Rex::Powershell::PshMethods

Defined in:

lib/rex/powershell/psh_methods.rb

Overview

Convenience methods for generating powershell code in Ruby

Class Method Summary

• .download(src, target) ⇒ String

  Download file via .NET WebClient.

• .get_last_login(user) ⇒ String

  Return last time of login.

• .ignore_ssl_certificate ⇒ String

  Disable SSL Certificate verification.

• .proxy_aware_download_and_exec_string(url) ⇒ String

  Use the default system web proxy and credentials to download a URL as a string and execute the contents as PowerShell.

• .secure_string(str) ⇒ String

  Create secure string from plaintext.

• .uninstall(app, fuzzy = true) ⇒ String

  Uninstall app, or anything named like app.

• .who_locked_file(filename) ⇒ String

  Find PID of file lock owner.

Class Method Details

.download(src, target) ⇒ String

Download file via .NET WebClient

Parameters:

• src (String) —

  URL to the file

• target (String) —

  Location to save the file

Returns:

• (String) —

  Powershell code to download a file

# File 'lib/rex/powershell/psh_methods.rb', line 17

def self.download(src, target)
  target ||= '$pwd\\' << src.split('/').last
  %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
end

.get_last_login(user) ⇒ String

Return last time of login

Parameters:

• user (String) —

  Username

Returns:

• (String) —

  Powershell code to return the last time of a user login

# File 'lib/rex/powershell/psh_methods.rb', line 63

def self.get_last_login(user)
  %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
end

.ignore_ssl_certificate ⇒ String

Disable SSL Certificate verification

Returns:

• (String) —

  Powershell code to disable SSL verification checks.

# File 'lib/rex/powershell/psh_methods.rb', line 72

def self.ignore_ssl_certificate
  '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
end

.proxy_aware_download_and_exec_string(url) ⇒ String

Use the default system web proxy and credentials to download a URL as a string and execute the contents as PowerShell

Parameters:

• url (String) —

  string to download

Returns:

• (String) —

  PowerShell code to download a URL

# File 'lib/rex/powershell/psh_methods.rb', line 83

def self.proxy_aware_download_and_exec_string(url)
  var = Rex::Text.rand_text_alpha(1)
  cmd = "$#{var}=new-object net.webclient;"
  cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
  cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
  cmd << "IEX $#{var}.downloadstring('#{url}');"
  cmd
end

.secure_string(str) ⇒ String

Create secure string from plaintext

Parameters:

• str (String) —

  String to create as a SecureString

Returns:

• (String) —

  Powershell code to create a SecureString

# File 'lib/rex/powershell/psh_methods.rb', line 41

def self.secure_string(str)
  %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
end

.uninstall(app, fuzzy = true) ⇒ String

Uninstall app, or anything named like app

Parameters:

• app (String) —

  Name of application

• fuzzy (Boolean) (defaults to: true) —

  Whether to apply a fuzzy match (-like) to the application name

Returns:

• (String) —

  Powershell code to uninstall an application

# File 'lib/rex/powershell/psh_methods.rb', line 30

def self.uninstall(app, fuzzy = true)
  match = fuzzy ? '-like' : '-eq'
  %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
end

.who_locked_file(filename) ⇒ String

Find PID of file lock owner

Parameters:

• filename (String) —

  Filename

Returns:

• (String) —

  Powershell code to identify the PID of a file lock owner

# File 'lib/rex/powershell/psh_methods.rb', line 52

def self.who_locked_file(filename)
  %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
end