diff --git a/lib/msf/core/exploit/powershell.rb b/lib/msf/core/exploit/powershell.rb index 968126b7be..eac730b97d 100644 --- a/lib/msf/core/exploit/powershell.rb +++ b/lib/msf/core/exploit/powershell.rb @@ -18,22 +18,23 @@ module Exploit::Powershell OptBool.new('Powershell::encode_inner_payload', [true, 'Encode inner payload for -EncodedCommand', false]), OptBool.new('Powershell::use_single_quotes', [true, 'Wraps the -Command argument in single quotes', false]), OptBool.new('Powershell::no_equals', [true, 'Pad base64 until no "=" remains', false]), - OptEnum.new('Powershell::method', [true, 'Payload delivery method', 'reflection', %w(net reflection old msil)]), - ], self.class) + OptEnum.new('Powershell::method', [true, 'Payload delivery method', 'reflection', %w[net reflection old msil]]) + ] + ) end # # Return a script from path or string # def read_script(script_path) - return Rex::Powershell::Script.new(script_path) + Rex::Powershell::Script.new(script_path) end # # Return an array of substitutions for use in make_subs # def process_subs(subs) - return [] if subs.nil? or subs.empty? + return [] if subs.nil? || subs.empty? new_subs = [] subs.split(';').each do |set| new_subs << set.split(',', 2) @@ -49,7 +50,7 @@ module Exploit::Powershell # def make_subs(script, subs) subs.each do |set| - script.gsub!(set[0],set[1]) + script.gsub!(set[0], set[1]) end script @@ -79,12 +80,11 @@ module Exploit::Powershell # # @return [String] Decoded script def decode_script(script_in) - if script_in.to_s.match( /[A-Za-z0-9+\/]+={0,3}/)[0] == script_in.to_s and - script_in.to_s.length % 4 == 0 - return Rex::Powershell::Command.decode_script(script_in) - else - return script_in - end + return script_in unless + script_in.to_s.match(%r{[A-Za-z0-9+/]+={0,3}})[0] == script_in.to_s && + (script_in.to_s.length % 4).zero? + + Rex::Powershell::Command.decode_script(script_in) end # @@ -95,7 +95,7 @@ module Exploit::Powershell # @param eof [String] Marker to indicate the end of file appended to script # # @return [String] Compressed script with decompression stub - def compress_script(script_in, eof=nil) + def compress_script(script_in, eof = nil) opts = {} datastore.select { |k, v| k =~ /^Powershell::(strip|sub)/ && v }.keys.map do |k| mod_method = k.split('::').last.intern @@ -112,7 +112,8 @@ module Exploit::Powershell # # @return [String] Decompressed script def decompress_script(script_in) - return script_in if script_in.match(/FromBase64String/).nil? + return script_in unless script_in.match?(/FromBase64String/) + Rex::Powershell::Command.decompress_script(script_in) end @@ -182,8 +183,8 @@ module Exploit::Powershell # @return [String] Wrapped powershell code def run_hidden_psh(ps_code, payload_arch, encoded) arg_opts = { - noprofile: true, - windowstyle: 'hidden', + noprofile: true, + windowstyle: 'hidden' } # Old technique fails if powershell exits.. @@ -221,26 +222,21 @@ module Exploit::Powershell def cmd_psh_payload(pay, payload_arch, opts = {}) options.validate(datastore) - [ :persist, :prepend_sleep, :exec_in_place, :encode_final_payload, - :encode_inner_payload, :use_single_quotes, :no_equals, :method ].map { |opt| + %i[persist prepend_sleep exec_in_place encode_final_payload encode_inner_payload use_single_quotes no_equals method].map do |opt| opts[opt] ||= datastore["Powershell::#{opt}"] - } + end unless opts.key? :shorten opts[:shorten] = (datastore['Powershell::method'] != 'old') end - template_path = Rex::Powershell::Templates::TEMPLATE_DIR - command = Rex::Powershell::Command.cmd_psh_payload(pay, - payload_arch, - template_path, - opts) + template_path = Rex::Powershell::Templates::TEMPLATE_DIR + command = Rex::Powershell::Command.cmd_psh_payload(pay, payload_arch, template_path, opts) vprint_status("Powershell command length: #{command.length}") command end - # # Useful method cache #