modules/post/windows/manage/exec_powershell.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Powershell

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows PowerShell Execution Post Module',
        'Description' => %q{
          This module will execute a PowerShell script in a meterpreter session.
          The user may also enter text substitutions to be made in memory before execution.
          Setting VERBOSE to true will output both the script prior to execution and the results.
        },
        'License' => MSF_LICENSE,
        'Platform' => ['windows'],
        'SessionTypes' => ['meterpreter'],
        'Author' => [
          'Nicholas Nam (nick[at]executionflow.org)', # original meterpreter script
          'RageLtMan <rageltman[at]sempervictus>' # post module and libs
        ],
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'SideEffects' => [],
          'Reliability' => []
        }
      )
    )

    register_options(
      [
        OptString.new('SCRIPT', [true, 'Path to the local PS script or command string to execute']),
      ]
    )

    register_advanced_options(
      [
        OptString.new('SUBSTITUTIONS', [false, 'Script subs in gsub format - original,sub;original,sub']),
      ]
    )
  end

  def run
    fail_with(Failure::BadConfig, 'PowerShell is not available') unless have_powershell?

    # Preprocess the Powershell::Script object with substitions from Exploit::Powershell
    script = make_subs(read_script(datastore['SCRIPT']), process_subs(datastore['SUBSTITUTIONS']))

    # Execute in session
    print_status psh_exec(script)
    print_good 'Finished!'
  end
end
license update 2015-05-21 00:32:31 -04:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
license update 2015-05-21 00:32:31 -04:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Post`
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`include Msf::Post::Windows::Powershell`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
modules/post/windows: Resolve RuboCop violations 2025-05-09 10:51:17 +10:00			`'Name' => 'Windows PowerShell Execution Post Module',`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`'Description' => %q{`
modules/post/windows: Resolve RuboCop violations 2025-05-09 10:51:17 +10:00			`This module will execute a PowerShell script in a meterpreter session.`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`The user may also enter text substitutions to be made in memory before execution.`
			`Setting VERBOSE to true will output both the script prior to execution and the results.`
			`},`
			`'License' => MSF_LICENSE,`
			`'Platform' => ['windows'],`
			`'SessionTypes' => ['meterpreter'],`
			`'Author' => [`
			`'Nicholas Nam (nick[at]executionflow.org)', # original meterpreter script`
			`'RageLtMan <rageltman[at]sempervictus>' # post module and libs`
modules/post/windows: Resolve RuboCop violations 2025-05-09 10:51:17 +10:00			`],`
			`'Notes' => {`
			`'Stability' => [CRASH_SAFE],`
			`'SideEffects' => [],`
			`'Reliability' => []`
			`}`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`)`
			`)`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`register_options(`
			`[`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`OptString.new('SCRIPT', [true, 'Path to the local PS script or command string to execute']),`
			`]`
			`)`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`register_advanced_options(`
			`[`
more typo and whitespace fixes 2015-10-20 13:09:17 -05:00			`OptString.new('SUBSTITUTIONS', [false, 'Script subs in gsub format - original,sub;original,sub']),`
Run rubocop on post modules 2023-02-08 13:47:34 +00:00			`]`
			`)`
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`end`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`def run`
modules/post/windows: Resolve RuboCop violations 2025-05-09 10:51:17 +10:00			`fail_with(Failure::BadConfig, 'PowerShell is not available') unless have_powershell?`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
Updated to reflect HD's comments on indents and name of local script. 2015-08-16 10:47:20 +01:00			`# Preprocess the Powershell::Script object with substitions from Exploit::Powershell`
more typo and whitespace fixes 2015-10-20 13:09:17 -05:00			`script = make_subs(read_script(datastore['SCRIPT']), process_subs(datastore['SUBSTITUTIONS']))`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00
Updated to reflect HD's comments on indents and name of local script. 2015-08-16 10:47:20 +01:00			`# Execute in session`
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`print_status psh_exec(script)`
more typo and whitespace fixes 2015-10-20 13:09:17 -05:00			`print_good 'Finished!'`
retab exec_powershell.rb 2015-05-20 19:08:50 -04:00			`end`
Import Powershell libraries and sample post module 2015-05-20 18:09:28 -04:00			`end`