metasploit-framework/lib/rex/exploitation/powershell/function.rb

64 lines
1.4 KiB
Ruby
Raw Normal View History

# -*- coding: binary -*-
module Rex
module Exploitation
module Powershell
class Function
2014-07-20 20:00:34 +00:00
FUNCTION_REGEX = Regexp.new(/\[(\w+\[\])\]\$(\w+)\s?=|\[(\w+)\]\$(\w+)\s?=|\[(\w+\[\])\]\s+?\$(\w+)\s+=|\[(\w+)\]\s+\$(\w+)\s?=/i)
PARAMETER_REGEX = Regexp.new(/param\s+\(|param\(/im)
attr_accessor :code, :name, :params
include Output
include Parser
include Obfu
2014-07-20 20:07:59 +00:00
def initialize(name, code)
@name = name
@code = code
populate_params
end
#
# To String
#
# @return [String] Powershell function
def to_s
"function #{name} #{code}"
end
#
# Identify the parameters from the code and
# store as Param in @params
#
def populate_params
@params = []
2014-07-20 20:00:34 +00:00
start = code.index(PARAMETER_REGEX)
return unless start
# Get start of our block
2014-07-20 20:07:59 +00:00
idx = scan_with_index('(', code[start..-1]).first.last + start
pclause = block_extract(idx)
2014-05-05 19:53:36 +00:00
2014-07-20 20:00:34 +00:00
matches = pclause.scan(FUNCTION_REGEX)
2014-05-05 19:53:36 +00:00
# Ignore assignment, create params with class and variable names
2014-05-05 19:53:36 +00:00
matches.each do |param|
klass = nil
name = nil
param.each do |value|
if value
if klass
name = value
2014-07-20 20:07:59 +00:00
@params << Param.new(klass, name)
2014-05-05 19:53:36 +00:00
break
else
klass = value
end
end
end
end
end
end
end
end
end