Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
cmd_psh_payload relies on datastore options to have a proper
data type down the call chain. When modules are created with string
values for all data store options, a conditional naively checking
what should be a boolean value for false/nil? would return true
for a string representation of "false."
Ensure that datastore options are validated prior to using them
to set variables passed into Rex methods.
Allow passing exec_in_place parameter to cmd_psh_payload in order
to execute raw powershell without the commandline wrappers of
comspec or calling the powershell binary itself.
This is useful in contexts such as the web delivery mechanism or
recent powershell sessions as it does not require the creation of
a new PSH instance.
Before, the datastore would store options case-sensitive, but would
access them case-insensitive, resulting is a number of string compares.
This commit stores options in their downcase form to reduce
update/lookup time. This adds up to reducing msfconsole boot time by
about 10% and rspec time by about 45 sec. (!) on my box.
One tricky part of this conversion is that there are several places (in
pro and framework) where we export or otherwise access the datastore as
a plain hash (case-sensitive). I believe I have caught all the ways we
access the datastore that are case-sensitive and substituted the
original key capitalization in those cases.
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar. This can be avoided (verified) by adding the /b switch to the start section of the command launcher text. I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
Brent Cook