metasploit-framework/lib/rex/exploitation/powershell/psh_methods.rb

80 lines
2.3 KiB
Ruby
Raw Normal View History

# -*- coding: binary -*-
module Rex
module Exploitation
module Powershell
##
# Convenience methods for generating powershell code in Ruby
##
module PshMethods
#
# Download file via .NET WebClient
#
# @param src [String] URL to the file
# @param target [String] Location to save the file
#
# @return [String] Powershell code to download a file
2014-07-20 20:00:34 +00:00
def self.download(src, target)
target ||= '$pwd\\' << src.split('/').last
2014-07-20 20:07:59 +00:00
%Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
end
#
# Uninstall app, or anything named like app
#
# @param app [String] Name of application
# @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
# the application name
#
# @return [String] Powershell code to uninstall an application
2014-07-20 20:07:59 +00:00
def self.uninstall(app, fuzzy = true)
match = fuzzy ? '-like' : '-eq'
2014-07-20 20:07:59 +00:00
%Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
end
#
# Create secure string from plaintext
#
# @param str [String] String to create as a SecureString
#
# @return [String] Powershell code to create a SecureString
def self.secure_string(str)
2014-07-20 20:07:59 +00:00
%Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
end
#
# Find PID of file lock owner
#
# @param filename [String] Filename
#
# @return [String] Powershell code to identify the PID of a file
# lock owner
2014-07-20 20:00:34 +00:00
def self.who_locked_file(filename)
2014-07-20 20:07:59 +00:00
%Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
end
#
# Return last time of login
#
# @param user [String] Username
#
# @return [String] Powershell code to return the last time of a user
# login
def self.get_last_login(user)
2014-07-20 20:07:59 +00:00
%Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
end
2014-12-23 11:16:07 +00:00
#
# Disable SSL Certificate verification
#
# @return [String] Powershell code to disable SSL verification
# checks.
def self.ignore_ssl_certificate
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
end
end
end
end
end