From c45f3361e28d62a58a168de7848a8ba94e76cc33 Mon Sep 17 00:00:00 2001 From: bitform Date: Sun, 20 Jan 2013 10:11:30 -0500 Subject: Created a ScriptModification module. * All scripts used to prepare and/or modify payload scripts were added to the ScriptModification module. * Added Remove-Comments - Strips comments and extra whitespace from a script. * Encrypt-Script was named to Out-EncryptedScript in order to conform to proper PowerShell verbs. --- Out-CompressedDll.ps1 | 79 --------------------------------------------------- 1 file changed, 79 deletions(-) delete mode 100644 Out-CompressedDll.ps1 (limited to 'Out-CompressedDll.ps1') diff --git a/Out-CompressedDll.ps1 b/Out-CompressedDll.ps1 deleted file mode 100644 index 3c59ef5..0000000 --- a/Out-CompressedDll.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -function Out-CompressedDll -{ -<# -.SYNOPSIS - -Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory. - -PowerSploit Module - Out-CompressedDll -Author: Matthew Graeber (@mattifestation) -License: BSD 3-Clause - -.DESCRIPTION - -Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array. - -.PARAMETER FilePath - -Specifies the path to a managed executable. - -.EXAMPLE - -C:\PS> Out-CompressedDll -FilePath evil.dll - -Description ------------ -Compresses, base64 encodes, and outputs the code required to load evil.dll in memory. - -.NOTES - -Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it just works' - mixed-mode) dlls will not load. - -.LINK - -http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html -#> - - [CmdletBinding()] Param ( - [Parameter(Mandatory = $True)] - [String] - $FilePath - ) - - $Path = Resolve-Path $FilePath - - if (! [IO.File]::Exists($Path)) - { - Throw "$Path does not exist." - } - - $FileBytes = [System.IO.File]::ReadAllBytes($Path) - - if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ') - { - Throw "$Path is not a valid executable." - } - - $Length = $FileBytes.Length - $CompressedStream = New-Object IO.MemoryStream - $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress) - $DeflateStream.Write($FileBytes, 0, $FileBytes.Length) - $DeflateStream.Dispose() - $CompressedFileBytes = $CompressedStream.ToArray() - $CompressedStream.Dispose() - $EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes) - - Write-Verbose "Compression ratio: $(($EncodedCompressedFile.Length/$FileBytes.Length).ToString('#%'))" - - $Output = @" -`$EncodedCompressedFile = @' -$EncodedCompressedFile -'@ -`$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress) -`$UncompressedFileBytes = New-Object Byte[]($Length) -`$DeflatedStream.Read(`$UncompressedFileBytes, 0, $Length) | Out-Null -[Reflection.Assembly]::Load(`$UncompressedFileBytes) -"@ - - Write-Output $Output -} \ No newline at end of file -- cgit v1.2.3