blob: 36db457d04a16cfec6bfa969ef98f3388b171b58 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
# Out-EncryptedScript
## SYNOPSIS
Encrypts text files/scripts.
PowerSploit Function: Out-EncryptedScript
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
```
Out-EncryptedScript [-ScriptPath] <String> [-Password] <SecureString> [-Salt] <String>
[[-InitializationVector] <String>] [[-FilePath] <String>]
```
## DESCRIPTION
Out-EncryptedScript will encrypt a script (or any text file for that
matter) and output the results to a minimally obfuscated script -
evil.ps1 by default.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
```
Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
Description
-----------
Encrypt the contents of this file with a password and salt.
This will
make analysis of the script impossible without the correct password
and salt combination.
This command will generate evil.ps1 that can
dropped onto the victim machine.
It only consists of a decryption
function 'de' and the base64-encoded ciphertext.
### -------------------------- EXAMPLE 2 --------------------------
```
[String] $cmd = Get-Content .\evil.ps1
```
Invoke-Expression $cmd
$decrypted = de password salt
Invoke-Expression $decrypted
Description
-----------
This series of instructions assumes you've already encrypted a script
and named it evil.ps1.
The contents are then decrypted and the
unencrypted script is called via Invoke-Expression
## PARAMETERS
### -ScriptPath
Path to this script
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -Password
Password to encrypt/decrypt the script
```yaml
Type: SecureString
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -Salt
Salt value for encryption/decryption.
This can be any string value.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -InitializationVector
Specifies a 16-character the initialization vector to be used.
This
is randomly generated by default.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join '')
Accept pipeline input: False
Accept wildcard characters: False
```
### -FilePath
{{Fill FilePath Description}}
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: .\evil.ps1
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
## NOTES
This command can be used to encrypt any text-based file/script
## RELATED LINKS
|