diff options
| author | b33f <ru.boonen@gmail.com> | 2017-07-22 16:51:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-22 16:51:30 +0100 |
| commit | d5c0abc9facfc4d851613af7e5872d533250d683 (patch) | |
| tree | 43b3cc73f40a2e0c0d1e56e923dbe981c5ea8156 | |
| parent | 7a3e16ace550fb335182960576aab236a0a00219 (diff) | |
| download | PowerSploit-d5c0abc9facfc4d851613af7e5872d533250d683.tar.gz PowerSploit-d5c0abc9facfc4d851613af7e5872d533250d683.zip | |
Fix for profile cleanup
When removing the persistence, the profile is not cleaned up. This is a temporary fix for that which should leave any legitemate profile content in tact. This psm may need a rework though.
Related to:
https://github.com/PowerShellMafia/PowerSploit/issues/165
| -rw-r--r-- | Persistence/Persistence.psm1 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Persistence/Persistence.psm1 b/Persistence/Persistence.psm1 index 7e4bbb9..80aa5a2 100644 --- a/Persistence/Persistence.psm1 +++ b/Persistence/Persistence.psm1 @@ -740,8 +740,10 @@ else $PersistenceRemoval = @" # Execute the following to remove the elevated persistent payload $ElevatedTriggerRemoval +(gc `$PROFILE.AllUsersAllHosts) -replace '[\s]{600}.+',''| Out-File `$PROFILE.AllUsersAllHosts -Fo # Execute the following to remove the user-level persistent payload $UserTriggerRemoval +(gc `$PROFILE.CurrentUserAllHosts) -replace '[\s]{600}.+',''| Out-File `$PROFILE.CurrentUserAllHosts -Fo "@ |