From 59e6f94e763d40614284d43823a391cafd384c4c Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Wed, 14 Dec 2016 18:50:58 -0500 Subject: For ./ScriptModification/ : -PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs --- ScriptModification/Out-EncryptedScript.ps1 | 42 +++++++++++++++++------------- 1 file changed, 24 insertions(+), 18 deletions(-) (limited to 'ScriptModification/Out-EncryptedScript.ps1') diff --git a/ScriptModification/Out-EncryptedScript.ps1 b/ScriptModification/Out-EncryptedScript.ps1 index eba48f7..c24b126 100644 --- a/ScriptModification/Out-EncryptedScript.ps1 +++ b/ScriptModification/Out-EncryptedScript.ps1 @@ -5,11 +5,11 @@ function Out-EncryptedScript Encrypts text files/scripts. -PowerSploit Function: Out-EncryptedScript -Author: Matthew Graeber (@mattifestation) -License: BSD 3-Clause -Required Dependencies: None -Optional Dependencies: None +PowerSploit Function: Out-EncryptedScript +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None +Optional Dependencies: None .DESCRIPTION @@ -36,7 +36,8 @@ is randomly generated by default. .EXAMPLE -C:\PS> Out-EncryptedScript .\Naughty-Script.ps1 password salty +$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +Out-EncryptedScript .\Naughty-Script.ps1 $Password salty Description ----------- @@ -48,10 +49,10 @@ function 'de' and the base64-encoded ciphertext. .EXAMPLE -C:\PS> [String] $cmd = Get-Content .\evil.ps1 -C:\PS> Invoke-Expression $cmd -C:\PS> $decrypted = de password salt -C:\PS> Invoke-Expression $decrypted +[String] $cmd = Get-Content .\evil.ps1 +Invoke-Expression $cmd +$decrypted = de password salt +Invoke-Expression $decrypted Description ----------- @@ -64,34 +65,39 @@ unencrypted script is called via Invoke-Expression This command can be used to encrypt any text-based file/script #> - [CmdletBinding()] Param ( + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')] + [CmdletBinding()] + Param ( [Parameter(Position = 0, Mandatory = $True)] [String] $ScriptPath, - + [Parameter(Position = 1, Mandatory = $True)] - [String] + [Security.SecureString] $Password, - + [Parameter(Position = 2, Mandatory = $True)] [String] $Salt, - + [Parameter(Position = 3)] [ValidateLength(16, 16)] [String] - $InitializationVector = ((1..16 | % {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''), - + $InitializationVector = ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''), + [Parameter(Position = 4)] [String] $FilePath = '.\evil.ps1' ) + $TempCred = New-Object System.Management.Automation.PSCredential('a', $Password) + $PlaintextPassword = $TempCred.GetNetworkCredential().Password + $AsciiEncoder = New-Object System.Text.ASCIIEncoding $ivBytes = $AsciiEncoder.GetBytes($InitializationVector) # While this can be used to encrypt any file, it's primarily designed to encrypt itself. [Byte[]] $scriptBytes = Get-Content -Encoding Byte -ReadCount 0 -Path $ScriptPath - $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2) + $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($PlaintextPassword, $AsciiEncoder.GetBytes($Salt), "SHA1", 2) $Key = New-Object System.Security.Cryptography.TripleDESCryptoServiceProvider $Key.Mode = [System.Security.Cryptography.CipherMode]::CBC [Byte[]] $KeyBytes = $DerivedPass.GetBytes(16) -- cgit v1.2.3