diff options
| author | bitform <matt@exploit-monday.com> | 2012-10-27 14:55:42 -0400 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2012-10-27 14:55:42 -0400 |
| commit | ca705d0a6eb88a2f8f345965a1d18b082f10aef9 (patch) | |
| tree | 6b95ea87aba8657bd4069795f4e66c15f62e5b2a | |
| parent | 60670bd95ea7d72366cccc64261185783b371db0 (diff) | |
| download | PowerSploit-ca705d0a6eb88a2f8f345965a1d18b082f10aef9.tar.gz PowerSploit-ca705d0a6eb88a2f8f345965a1d18b082f10aef9.zip | |
Added Get-Strings
Get-Strings dumps strings from any file in Ascii and/or Unicode.
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | RE_Tools/Get-Strings.ps1 | 96 |
2 files changed, 101 insertions, 1 deletions
@@ -52,6 +52,10 @@ Get-Member: A proxy function used to extend the built-in Get-Member cmdlet. It adds the '-Private' parameter allowing you to display non-public .NET members
+Get-Strings:
+
+ Dumps strings from files in both Unicode and Ascii. This cmdlet replicates the functionality of strings.exe from Sysinternals.
+
-------
.\Recon
-------
@@ -136,4 +140,4 @@ For all contributors and future contributors to PowerSploit, I ask that you foll * use the Write-Output keyword when returning an object from a function. I know it's not necessary but it makes the code more readable.
-* Use default values for your parameters when it makes sense. Ideally, you want a script that will work without requiring any parameters.
\ No newline at end of file +* Use default values for your parameters when it makes sense. Ideally, you want a script that will work without requiring any parameters.
diff --git a/RE_Tools/Get-Strings.ps1 b/RE_Tools/Get-Strings.ps1 new file mode 100644 index 0000000..37834cd --- /dev/null +++ b/RE_Tools/Get-Strings.ps1 @@ -0,0 +1,96 @@ +function Get-Strings
+{
+<#
+.SYNOPSIS
+
+Gets strings from a file.
+
+PowerSploit Module - Inject-Shellcode
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+
+.DESCRIPTION
+
+The Get-Strings cmdlet returns strings (Unicode and/or Ascii) from a file. This cmdlet is useful for dumping strings from binary file and was designed to replicate the functionality of strings.exe from Sysinternals.
+
+.PARAMETER Path
+
+Specifies the path to an item.
+
+.PARAMETER Encoding
+
+Specifies the file encoding. The default value returns both Unicode and Ascii.
+
+.PARAMETER MinimumLength
+
+Specifies the minimum length string to return. The default string length is 3.
+
+.EXAMPLE
+
+C:\PS> Get-Strings C:\Windows\System32\calc.exe
+
+Description
+-----------
+Dump Unicode and Ascii strings of calc.exe.
+
+.EXAMPLE
+
+C:\PS> Get-ChildItem C:\Windows\System32\*.dll | Get-Strings -MinimumLength 12 -Encoding Ascii
+
+Description
+-----------
+Dumps Ascii strings of at least length 12 of every dll located in C:\Windows\System32.
+
+.NOTES
+
+This cmdlet was designed to intentionally use only PowerShell cmdlets (no .NET methods) in order to be compatible with PowerShell on Windows RT (or any ConstrainedLanguage runspace).
+
+.LINK
+
+http://www.exploit-monday.com
+#>
+
+ Param
+ (
+ [Parameter(Position = 1, Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
+ [ValidateNotNullOrEmpty()]
+ [ValidateScript({Test-Path $_ -PathType 'Leaf'})]
+ [String[]]
+ [Alias('PSPath')]
+ $Path,
+
+ [ValidateSet('Default','Ascii','Unicode')]
+ [String]
+ $Encoding = 'Default',
+
+ [UInt32]
+ $MinimumLength = 3
+ )
+
+ BEGIN
+ {
+ $FileContents = ''
+ }
+ PROCESS
+ {
+ foreach ($File in $Path)
+ {
+ if ($Encoding -eq 'Unicode' -or $Encoding -eq 'Default')
+ {
+ $UnicodeFileContents = Get-Content -Encoding 'Unicode' $File
+ $UnicodeRegex = [Regex] "[\u0020-\u007E]{$MinimumLength,}"
+ $Results += $UnicodeRegex.Matches($UnicodeFileContents)
+ }
+
+ if ($Encoding -eq 'Ascii' -or $Encoding -eq 'Default')
+ {
+ $AsciiFileContents = Get-Content -Encoding 'UTF7' $File
+ $AsciiRegex = [Regex] "[\x20-\x7E]{$MinimumLength,}"
+ $Results = $AsciiRegex.Matches($AsciiFileContents)
+ }
+
+ $Results | ForEach-Object { Write-Output $_.Value }
+ }
+ }
+ END {}
+}
\ No newline at end of file |