From 40eb187bca6a985ce7d24b19ac54c47ade285858 Mon Sep 17 00:00:00 2001 From: bitform Date: Mon, 21 Jan 2013 08:33:51 -0500 Subject: Consistency improvements in comment-based help --- ScriptModification/Out-CompressedDll.ps1 | 2 +- ScriptModification/Out-EncodedCommand.ps1 | 2 +- ScriptModification/Out-EncryptedScript.ps1 | 84 +++++++++++++++--------------- ScriptModification/Remove-Comments.ps1 | 2 +- 4 files changed, 45 insertions(+), 45 deletions(-) (limited to 'ScriptModification') diff --git a/ScriptModification/Out-CompressedDll.ps1 b/ScriptModification/Out-CompressedDll.ps1 index f781c15..3aa5c2b 100644 --- a/ScriptModification/Out-CompressedDll.ps1 +++ b/ScriptModification/Out-CompressedDll.ps1 @@ -5,7 +5,7 @@ Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory. -PowerSploit Module - Out-CompressedDll +PowerSploit Function: Out-CompressedDll Author: Matthew Graeber (@mattifestation) License: BSD 3-Clause Required Dependencies: None diff --git a/ScriptModification/Out-EncodedCommand.ps1 b/ScriptModification/Out-EncodedCommand.ps1 index 99d3f66..cae4715 100644 --- a/ScriptModification/Out-EncodedCommand.ps1 +++ b/ScriptModification/Out-EncodedCommand.ps1 @@ -5,7 +5,7 @@ Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script. -PowerSploit Module - Out-EncodedCommand +PowerSploit Function: Out-EncodedCommand Author: Matthew Graeber (@mattifestation) License: BSD 3-Clause Required Dependencies: None diff --git a/ScriptModification/Out-EncryptedScript.ps1 b/ScriptModification/Out-EncryptedScript.ps1 index 1376673..3f09020 100644 --- a/ScriptModification/Out-EncryptedScript.ps1 +++ b/ScriptModification/Out-EncryptedScript.ps1 @@ -1,11 +1,11 @@ -function Out-EncryptedScript { - +function Out-EncryptedScript +{ <# .SYNOPSIS Encrypts text files/scripts. -PowerSploit Module - Out-EncryptedScript +PowerSploit Function: Out-EncryptedScript Author: Matthew Graeber (@mattifestation) License: BSD 3-Clause Required Dependencies: None @@ -55,46 +55,46 @@ This command can be used to encrypt any text-based file/script http://www.exploit-monday.com #> -[CmdletBinding()] Param ( - [Parameter(Position = 0, Mandatory = $True)] - [String] - $ScriptPath, + [CmdletBinding()] Param ( + [Parameter(Position = 0, Mandatory = $True)] + [String] + $ScriptPath, - [Parameter(Position = 1, Mandatory = $True)] - [String] - $Password, + [Parameter(Position = 1, Mandatory = $True)] + [String] + $Password, - [Parameter(Position = 2, Mandatory = $True)] - [String] - $Salt, + [Parameter(Position = 2, Mandatory = $True)] + [String] + $Salt, - [Parameter(Position = 3)] - [String] - $InitializationVector = ( @( foreach ($i in 1..16) { [Char](Get-Random -Min 0x41 -Max 0x5B) } ) -join '' ), # Generate random 16 character IV + [Parameter(Position = 3)] + [String] + $InitializationVector = ( @( foreach ($i in 1..16) { [Char](Get-Random -Min 0x41 -Max 0x5B) } ) -join '' ), # Generate random 16 character IV - [Parameter(Position = 4)] - [String] - $FilePath = '.\evil.ps1' -) - -$AsciiEncoder = New-Object System.Text.ASCIIEncoding -$ivBytes = $AsciiEncoder.GetBytes("CRACKMEIFYOUCAN!") -# While this can be used to encrypt any file, it's primarily designed to encrypt itself. -[Byte[]] $scriptBytes = Get-Content -Encoding byte -Path $ScriptPath -$DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2) -$Key = New-Object System.Security.Cryptography.RijndaelManaged -$Key.Mode = [System.Security.Cryptography.CipherMode]::CBC -[Byte[]] $KeyBytes = $DerivedPass.GetBytes(32) -$Encryptor = $Key.CreateEncryptor($KeyBytes, $ivBytes) -$MemStream = New-Object System.IO.MemoryStream -$CryptoStream = New-Object System.Security.Cryptography.CryptoStream($MemStream, $Encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write) -$CryptoStream.Write($scriptBytes, 0, $scriptBytes.Length) -$CryptoStream.FlushFinalBlock() -$CipherTextBytes = $MemStream.ToArray() -$MemStream.Close() -$CryptoStream.Close() -$Key.Clear() -$Cipher = [Convert]::ToBase64String($CipherTextBytes) + [Parameter(Position = 4)] + [String] + $FilePath = '.\evil.ps1' + ) + + $AsciiEncoder = New-Object System.Text.ASCIIEncoding + $ivBytes = $AsciiEncoder.GetBytes("CRACKMEIFYOUCAN!") + # While this can be used to encrypt any file, it's primarily designed to encrypt itself. + [Byte[]] $scriptBytes = Get-Content -Encoding byte -Path $ScriptPath + $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2) + $Key = New-Object System.Security.Cryptography.RijndaelManaged + $Key.Mode = [System.Security.Cryptography.CipherMode]::CBC + [Byte[]] $KeyBytes = $DerivedPass.GetBytes(32) + $Encryptor = $Key.CreateEncryptor($KeyBytes, $ivBytes) + $MemStream = New-Object System.IO.MemoryStream + $CryptoStream = New-Object System.Security.Cryptography.CryptoStream($MemStream, $Encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write) + $CryptoStream.Write($scriptBytes, 0, $scriptBytes.Length) + $CryptoStream.FlushFinalBlock() + $CipherTextBytes = $MemStream.ToArray() + $MemStream.Close() + $CryptoStream.Close() + $Key.Clear() + $Cipher = [Convert]::ToBase64String($CipherTextBytes) # Generate encrypted PS1 file. All that will be included is the base64-encoded ciphertext and a slightly 'obfuscated' decrypt function $Output = 'function de([String] $b, [String] $c) @@ -121,9 +121,9 @@ $f.Clear(); return $encoding.GetString($h,0,$h.Length); }' -# Output decrypt function and ciphertext to evil.ps1 -Out-File -InputObject $Output -Encoding ASCII $FilePath + # Output decrypt function and ciphertext to evil.ps1 + Out-File -InputObject $Output -Encoding ASCII $FilePath -Write-Verbose "Encrypted PS1 file saved to: $(Resolve-Path $FilePath)" + Write-Verbose "Encrypted PS1 file saved to: $(Resolve-Path $FilePath)" } \ No newline at end of file diff --git a/ScriptModification/Remove-Comments.ps1 b/ScriptModification/Remove-Comments.ps1 index 64c3e31..ec75927 100644 --- a/ScriptModification/Remove-Comments.ps1 +++ b/ScriptModification/Remove-Comments.ps1 @@ -5,7 +5,7 @@ Strips comments and extra whitespace from a script. -PowerSploit Module - Remove-Comments +PowerSploit Function: Remove-Comments Author: Matthew Graeber (@mattifestation) License: BSD 3-Clause Required Dependencies: None -- cgit v1.2.3