diff options
Diffstat (limited to 'docs/ScriptModification/Out-EncryptedScript.md')
| -rwxr-xr-x | docs/ScriptModification/Out-EncryptedScript.md | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/docs/ScriptModification/Out-EncryptedScript.md b/docs/ScriptModification/Out-EncryptedScript.md new file mode 100755 index 0000000..36db457 --- /dev/null +++ b/docs/ScriptModification/Out-EncryptedScript.md @@ -0,0 +1,148 @@ +# Out-EncryptedScript
+
+## SYNOPSIS
+Encrypts text files/scripts.
+
+PowerSploit Function: Out-EncryptedScript
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
+
+## SYNTAX
+
+```
+Out-EncryptedScript [-ScriptPath] <String> [-Password] <SecureString> [-Salt] <String>
+ [[-InitializationVector] <String>] [[-FilePath] <String>]
+```
+
+## DESCRIPTION
+Out-EncryptedScript will encrypt a script (or any text file for that
+matter) and output the results to a minimally obfuscated script -
+evil.ps1 by default.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+```
+
+Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
+
+Description
+-----------
+Encrypt the contents of this file with a password and salt.
+This will
+make analysis of the script impossible without the correct password
+and salt combination.
+This command will generate evil.ps1 that can
+dropped onto the victim machine.
+It only consists of a decryption
+function 'de' and the base64-encoded ciphertext.
+
+### -------------------------- EXAMPLE 2 --------------------------
+```
+[String] $cmd = Get-Content .\evil.ps1
+```
+
+Invoke-Expression $cmd
+$decrypted = de password salt
+Invoke-Expression $decrypted
+
+Description
+-----------
+This series of instructions assumes you've already encrypted a script
+and named it evil.ps1.
+The contents are then decrypted and the
+unencrypted script is called via Invoke-Expression
+
+## PARAMETERS
+
+### -ScriptPath
+Path to this script
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Password
+Password to encrypt/decrypt the script
+
+```yaml
+Type: SecureString
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Salt
+Salt value for encryption/decryption.
+This can be any string value.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -InitializationVector
+Specifies a 16-character the initialization vector to be used.
+This
+is randomly generated by default.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 4
+Default value: ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join '')
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -FilePath
+{{Fill FilePath Description}}
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 5
+Default value: .\evil.ps1
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+This command can be used to encrypt any text-based file/script
+
+## RELATED LINKS
+
|