diff options
| author | bitform <matt@exploit-monday.com> | 2013-01-20 10:11:30 -0500 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2013-01-20 10:11:30 -0500 |
| commit | c45f3361e28d62a58a168de7848a8ba94e76cc33 (patch) | |
| tree | cd7a9c0c984ee828878153c17b0f96fc93dedf98 /Out-CompressedDll.ps1 | |
| parent | e9b22e9ae2391d1dc362501c282248945b3ca467 (diff) | |
| download | PowerSploit-c45f3361e28d62a58a168de7848a8ba94e76cc33.tar.gz PowerSploit-c45f3361e28d62a58a168de7848a8ba94e76cc33.zip | |
Created a ScriptModification module.
* All scripts used to prepare and/or modify payload scripts were added
to the ScriptModification module.
* Added Remove-Comments - Strips comments and extra whitespace from a
script.
* Encrypt-Script was named to Out-EncryptedScript in order to conform to
proper PowerShell verbs.
Diffstat (limited to 'Out-CompressedDll.ps1')
| -rw-r--r-- | Out-CompressedDll.ps1 | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/Out-CompressedDll.ps1 b/Out-CompressedDll.ps1 deleted file mode 100644 index 3c59ef5..0000000 --- a/Out-CompressedDll.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -function Out-CompressedDll
-{
-<#
-.SYNOPSIS
-
-Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
-
-PowerSploit Module - Out-CompressedDll
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-
-.DESCRIPTION
-
-Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
-
-.PARAMETER FilePath
-
-Specifies the path to a managed executable.
-
-.EXAMPLE
-
-C:\PS> Out-CompressedDll -FilePath evil.dll
-
-Description
------------
-Compresses, base64 encodes, and outputs the code required to load evil.dll in memory.
-
-.NOTES
-
-Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it just works' - mixed-mode) dlls will not load.
-
-.LINK
-
-http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
-#>
-
- [CmdletBinding()] Param (
- [Parameter(Mandatory = $True)]
- [String]
- $FilePath
- )
-
- $Path = Resolve-Path $FilePath
-
- if (! [IO.File]::Exists($Path))
- {
- Throw "$Path does not exist."
- }
-
- $FileBytes = [System.IO.File]::ReadAllBytes($Path)
-
- if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
- {
- Throw "$Path is not a valid executable."
- }
-
- $Length = $FileBytes.Length
- $CompressedStream = New-Object IO.MemoryStream
- $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
- $DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
- $DeflateStream.Dispose()
- $CompressedFileBytes = $CompressedStream.ToArray()
- $CompressedStream.Dispose()
- $EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)
-
- Write-Verbose "Compression ratio: $(($EncodedCompressedFile.Length/$FileBytes.Length).ToString('#%'))"
-
- $Output = @"
-`$EncodedCompressedFile = @'
-$EncodedCompressedFile
-'@
-`$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
-`$UncompressedFileBytes = New-Object Byte[]($Length)
-`$DeflatedStream.Read(`$UncompressedFileBytes, 0, $Length) | Out-Null
-[Reflection.Assembly]::Load(`$UncompressedFileBytes)
-"@
-
- Write-Output $Output
-}
\ No newline at end of file |