2014-04-26 11:59:43 +00:00
|
|
|
# -*- coding: binary -*-
|
|
|
|
|
|
|
|
module Rex
|
|
|
|
module Exploitation
|
|
|
|
module Powershell
|
|
|
|
##
|
|
|
|
# Convenience methods for generating powershell code in Ruby
|
|
|
|
##
|
|
|
|
|
|
|
|
module PshMethods
|
|
|
|
#
|
|
|
|
# Download file via .NET WebClient
|
|
|
|
#
|
|
|
|
# @param src [String] URL to the file
|
|
|
|
# @param target [String] Location to save the file
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to download a file
|
2014-07-20 20:00:34 +00:00
|
|
|
def self.download(src, target)
|
2014-04-26 11:59:43 +00:00
|
|
|
target ||= '$pwd\\' << src.split('/').last
|
2014-07-20 20:07:59 +00:00
|
|
|
%Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Uninstall app, or anything named like app
|
|
|
|
#
|
|
|
|
# @param app [String] Name of application
|
|
|
|
# @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
|
|
|
|
# the application name
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to uninstall an application
|
2014-07-20 20:07:59 +00:00
|
|
|
def self.uninstall(app, fuzzy = true)
|
2014-04-26 11:59:43 +00:00
|
|
|
match = fuzzy ? '-like' : '-eq'
|
2014-07-20 20:07:59 +00:00
|
|
|
%Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create secure string from plaintext
|
|
|
|
#
|
|
|
|
# @param str [String] String to create as a SecureString
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to create a SecureString
|
|
|
|
def self.secure_string(str)
|
2014-07-20 20:07:59 +00:00
|
|
|
%Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Find PID of file lock owner
|
|
|
|
#
|
|
|
|
# @param filename [String] Filename
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to identify the PID of a file
|
|
|
|
# lock owner
|
2014-07-20 20:00:34 +00:00
|
|
|
def self.who_locked_file(filename)
|
2014-07-20 20:07:59 +00:00
|
|
|
%Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Return last time of login
|
|
|
|
#
|
|
|
|
# @param user [String] Username
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to return the last time of a user
|
|
|
|
# login
|
|
|
|
def self.get_last_login(user)
|
2014-07-20 20:07:59 +00:00
|
|
|
%Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
2014-12-23 11:16:07 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Disable SSL Certificate verification
|
|
|
|
#
|
|
|
|
# @return [String] Powershell code to disable SSL verification
|
|
|
|
# checks.
|
|
|
|
def self.ignore_ssl_certificate
|
|
|
|
'[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
|
|
|
|
end
|
2014-04-26 11:59:43 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|