adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Powershell/DotNet.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

716 lines
39 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Powershell::DotNet
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Powershell::DotNet";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (D)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Powershell.html" title="Msf::Exploit::Powershell (module)">Powershell</a></span></span>
&raquo;
<span class="title">DotNet</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Powershell::DotNet
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/powershell/dot_net.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#dot_net_compiler-instance_method" title="#dot_net_compiler (instance method)">#<strong>dot_net_compiler</strong>(opts = {}) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Wrapper method for generating powershell code to compile .NET code.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#elevate_net_clr-instance_method" title="#elevate_net_clr (instance method)">#<strong>elevate_net_clr</strong>(ps_code, run_32 = false, net_ver = &#39;4.0&#39;) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Wrapper to execute in alternate .NET environment.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="dot_net_compiler-instance_method">
#<strong>dot_net_compiler</strong>(opts = {}) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Wrapper method for generating powershell code to compile .NET code</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Data structure containing compiler options</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Powershell code to execute compiler and necessary environment</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/powershell/dot_net.rb', line 22</span>
<span class='kw'>def</span> <span class='id identifier rubyid_dot_net_compiler'>dot_net_compiler</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='comment'>#TODO:
</span> <span class='comment'># allow compilation entirely in memory with a b64 encoded product for export without disk access
</span> <span class='comment'># Dynamically assign assemblies based on dot_net_code require/includes
</span> <span class='comment'># Enumerate assemblies available to session, pull requirements, assign accordingly, pass to PS
</span>
<span class='comment'># Critical
</span> <span class='kw'>begin</span>
<span class='id identifier rubyid_dot_net_code'>dot_net_code</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:harness</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='op'>::</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_file?'>file?</span><span class='lparen'>(</span><span class='id identifier rubyid_dot_net_code'>dot_net_code</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dot_net_code'>dot_net_code</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_dot_net_code'>dot_net_code</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='comment'># Ensure we&#39;re not running ASCII-8bit through powershell
</span> <span class='id identifier rubyid_dot_net_code'>dot_net_code</span> <span class='op'>=</span> <span class='id identifier rubyid_dot_net_code'>dot_net_code</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ASCII</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Harness is invalid\n\n</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='comment'># Optional
</span> <span class='id identifier rubyid_provider'>provider</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:provider</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Microsoft.CSharp.CSharpCodeProvider</span><span class='tstring_end'>&#39;</span></span> <span class='comment'># This should also work with &#39;Microsoft.VisualBasic.VBCodeProvider&#39;
</span> <span class='id identifier rubyid_target'>target</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:target</span><span class='rbracket'>]</span> <span class='comment'># Unless building assemblies in memory only
</span> <span class='id identifier rubyid_certificate'>certificate</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span> <span class='comment'># PFX certificate path
</span> <span class='id identifier rubyid_payload'>payload</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:payload</span><span class='rbracket'>]</span>
<span class='comment'># Configure .NET assemblies required to compile source
</span> <span class='id identifier rubyid_assemblies'>assemblies</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>mscorlib.dll</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>System.Xml.dll</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>System.Data.dll</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:assemblies</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:assemblies</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:assemblies</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>,</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_a'>a</span><span class='op'>|</span> <span class='id identifier rubyid_a'>a</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\s+</span><span class='regexp_end'>/</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='rbrace'>}</span> <span class='kw'>unless</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:assemblies</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>Array</span><span class='rparen'>)</span>
<span class='id identifier rubyid_assemblies'>assemblies</span> <span class='op'>+=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:assemblies</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_assemblies'>assemblies</span> <span class='op'>=</span> <span class='id identifier rubyid_assemblies'>assemblies</span><span class='period'>.</span><span class='id identifier rubyid_uniq'>uniq</span><span class='period'>.</span><span class='id identifier rubyid_compact'>compact</span>
<span class='comment'># Compiler options
</span> <span class='id identifier rubyid_compiler_opts'>compiler_opts</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:com_opts</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/platform:x86 /optimize</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># Substitute payload tag with actual payload
</span> <span class='kw'>if</span> <span class='id identifier rubyid_payload'>payload</span>
<span class='id identifier rubyid_dot_net_code'>dot_net_code</span> <span class='op'>=</span> <span class='id identifier rubyid_dot_net_code'>dot_net_code</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>MSF_PAYLOAD_SPACE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_payload'>payload</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='comment'># Determine if binary is to be written out
</span> <span class='id identifier rubyid_var_gen_exe'>var_gen_exe</span> <span class='op'>=</span> <span class='id identifier rubyid_target'>target</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>$true</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>$false</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># Obfu
</span> <span class='id identifier rubyid_var_func'>var_func</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_code'>var_code</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_refs'>var_refs</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_provider'>var_provider</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_params'>var_params</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_output'>var_output</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_cert'>var_cert</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='comment'># The actual compiler source
</span> <span class='id identifier rubyid_compiler'>compiler</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;EOS</span>
<span class='tstring_content'>function </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_func'>var_func</span><span class='embexpr_end'>}</span><span class='tstring_content'> {
param (
[string[]] $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_code'>var_code</span><span class='embexpr_end'>}</span><span class='tstring_content'>
, [string[]] $references = @()
)
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_provider'>var_provider</span><span class='embexpr_end'>}</span><span class='tstring_content'> = New-Object </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_provider'>provider</span><span class='embexpr_end'>}</span><span class='tstring_content'>
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'> = New-Object System.CodeDom.Compiler.CompilerParameters
@( &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_assemblies'>assemblies</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>&quot;, &quot;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;, ([System.Reflection.Assembly]::GetAssembly( [PSObject] ).Location) ) | Sort -unique |% { $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.ReferencedAssemblies.Add( $_ ) } | Out-Null
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.GenerateExecutable = </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_gen_exe'>var_gen_exe</span><span class='embexpr_end'>}</span><span class='tstring_content'>
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.OutputAssembly = &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.GenerateInMemory = $true
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.CompilerOptions = &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_compiler_opts'>compiler_opts</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;
# $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>.IncludeDebugInformation = $true
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_output'>var_output</span><span class='embexpr_end'>}</span><span class='tstring_content'> = $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_provider'>var_provider</span><span class='embexpr_end'>}</span><span class='tstring_content'>.CompileAssemblyFromSource( $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_params'>var_params</span><span class='embexpr_end'>}</span><span class='tstring_content'>, $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_code'>var_code</span><span class='embexpr_end'>}</span><span class='tstring_content'> )
if ( $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_output'>var_output</span><span class='embexpr_end'>}</span><span class='tstring_content'>.Errors.Count -gt 0 ) {
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_output'>var_output</span><span class='embexpr_end'>}</span><span class='tstring_content'>.Errors |% { Write-Error $_.ToString() }
} else { return $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_output'>var_output</span><span class='embexpr_end'>}</span><span class='tstring_content'>.CompiledAssembly}
}
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_func'>var_func</span><span class='embexpr_end'>}</span><span class='tstring_content'> -</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_code'>var_code</span><span class='embexpr_end'>}</span><span class='tstring_content'> @&#39;
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_dot_net_code'>dot_net_code</span><span class='embexpr_end'>}</span><span class='tstring_content'>
&#39;@
</span><span class='heredoc_end'>EOS
</span>
<span class='kw'>if</span> <span class='id identifier rubyid_certificate'>certificate</span> <span class='kw'>and</span> <span class='id identifier rubyid_target'>target</span>
<span class='id identifier rubyid_compiler'>compiler</span> <span class='op'>&lt;&lt;</span> <span class='heredoc_beg'>&lt;&lt;EOS</span>
<span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_cert'>var_cert</span><span class='embexpr_end'>}</span><span class='tstring_content'> = Get-PfxCertificate </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_certificate'>certificate</span><span class='embexpr_end'>}</span><span class='tstring_content'>
Set-AuthenticodeSignature -Filepath </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> -Cert </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_cert'>var_cert</span><span class='embexpr_end'>}</span><span class='tstring_content'>
</span><span class='heredoc_end'>EOS
</span>
<span class='kw'>end</span>
<span class='comment'># PS uses .NET 2.0 by default which doesnt work @ present (20120814, RLTM)
</span> <span class='comment'># x86 targets also need to be compiled in x86 powershell instance
</span> <span class='id identifier rubyid_run_32'>run_32</span> <span class='op'>=</span> <span class='id identifier rubyid_compiler_opts'>compiler_opts</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>platform:x86</span><span class='regexp_end'>/i</span></span> <span class='op'>?</span> <span class='kw'>true</span> <span class='op'>:</span> <span class='kw'>false</span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:net_clr</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:net_clr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span> <span class='op'>&gt;</span> <span class='int'>2</span> <span class='comment'># PS before 3.0 natively uses NET 2
</span> <span class='kw'>return</span> <span class='id identifier rubyid_elevate_net_clr'>elevate_net_clr</span><span class='lparen'>(</span><span class='id identifier rubyid_compiler'>compiler</span><span class='comma'>,</span> <span class='id identifier rubyid_run_32'>run_32</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:net_clr</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='id identifier rubyid_compiler'>compiler</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="elevate_net_clr-instance_method">
#<strong>elevate_net_clr</strong>(ps_code, run_32 = false, net_ver = &#39;4.0&#39;) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Wrapper to execute in alternate .NET environment</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>ps_code</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Powershell code to wrap in environment</p>
</div>
</li>
<li>
<span class='name'>run_32</span>
<span class='type'>(<tt>TrueClass</tt>, <tt>FalseClass</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>Run in WOW64 environment</p>
</div>
</li>
<li>
<span class='name'>net_ver</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;4.0&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>.NET CLR to wrap in</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Executable environment wrapper</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/powershell/dot_net.rb', line 130</span>
<span class='kw'>def</span> <span class='id identifier rubyid_elevate_net_clr'>elevate_net_clr</span><span class='lparen'>(</span><span class='id identifier rubyid_ps_code'>ps_code</span><span class='comma'>,</span> <span class='id identifier rubyid_run_32'>run_32</span> <span class='op'>=</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='id identifier rubyid_net_ver'>net_ver</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>4.0</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_func'>var_func</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_conf_path'>var_conf_path</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_env_name'>var_env_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_env_old'>var_env_old</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var_run32'>var_run32</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>8</span><span class='rparen'>)</span>
<span class='id identifier rubyid_exec_wrapper'>exec_wrapper</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;EOS</span>
<span class='tstring_content'>function </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_func'>var_func</span><span class='embexpr_end'>}</span><span class='tstring_content'> {
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)]
[ScriptBlock]
$ScriptBlock
)
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_run32'>var_run32</span><span class='embexpr_end'>}</span><span class='tstring_content'> = $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_run_32'>run_32</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>
if ($PSVersionTable.CLRVersion.Major -eq </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_net_ver'>net_ver</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='embexpr_end'>}</span><span class='tstring_content'>) {
Invoke-Command -ScriptBlock $ScriptBlock -ArgumentList $ArgumentList
return
}
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_conf_path'>var_conf_path</span><span class='embexpr_end'>}</span><span class='tstring_content'> = $Env:TEMP | Join-Path -ChildPath ([Guid]::NewGuid())
New-Item -Path $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_conf_path'>var_conf_path</span><span class='embexpr_end'>}</span><span class='tstring_content'> -ItemType Container | Out-Null
@&quot;
&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?&gt;
&lt;configuration&gt;
&lt;startup useLegacyV2RuntimeActivationPolicy=&quot;true&quot;&gt;
&lt;supportedRuntime version=&quot;v</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_net_ver'>net_ver</span><span class='period'>.</span><span class='id identifier rubyid_to_f'>to_f</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;/&gt;
&lt;supportedRuntime version=&quot;v2.0.50727&quot;/&gt;
&lt;/startup&gt;
&lt;/configuration&gt;
&quot;@ | Set-Content -Path $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_conf_path'>var_conf_path</span><span class='embexpr_end'>}</span><span class='tstring_content'>/powershell.exe.activation_config -Encoding UTF8
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_name'>var_env_name</span><span class='embexpr_end'>}</span><span class='tstring_content'> = &#39;COMPLUS_ApplicationMigrationRuntimeActivationConfigPath&#39;
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_old'>var_env_old</span><span class='embexpr_end'>}</span><span class='tstring_content'> = [Environment]::GetEnvironmentVariable($</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_name'>var_env_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>)
[Environment]::SetEnvironmentVariable($</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_name'>var_env_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>, $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_conf_path'>var_conf_path</span><span class='embexpr_end'>}</span><span class='tstring_content'>)
try { if ($</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_run32'>var_run32</span><span class='embexpr_end'>}</span><span class='tstring_content'> -and [IntPtr]::size -eq 8 ) {
&amp;&quot;$env:windir\\syswow64\\windowspowershell\\v1.0\\powershell.exe&quot; -inputformat text -command $ScriptBlock -noninteractive
} else {
&amp;&quot;$env:windir\\system32\\windowspowershell\\v1.0\\powershell.exe&quot; -inputformat text -command $ScriptBlock -noninteractive
}} finally {
[Environment]::SetEnvironmentVariable($</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_name'>var_env_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>, $</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_env_old'>var_env_old</span><span class='embexpr_end'>}</span><span class='tstring_content'>)
$</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_conf_path'>var_conf_path</span><span class='embexpr_end'>}</span><span class='tstring_content'> | Remove-Item -Recurse
}
}
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_var_func'>var_func</span><span class='embexpr_end'>}</span><span class='tstring_content'> -ScriptBlock {
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ps_code'>ps_code</span><span class='embexpr_end'>}</span><span class='tstring_content'>
}
</span><span class='heredoc_end'>EOS
</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
7
8
9
10
11
12
13
14</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/powershell/dot_net.rb', line 7</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='id identifier rubyid_register_advanced_options'>register_advanced_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CERT_PATH</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Path on compiler host to .pfx formatted certificate for signing</span><span class='tstring_end'>&#39;</span></span> <span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:58 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink