Module: Msf::Post::Windows
- Defined in:
- lib/msf/core/post/windows.rb,
lib/msf/core/post/windows/kiwi.rb,
lib/msf/core/post/windows/ldap.rb,
lib/msf/core/post/windows/wmic.rb,
lib/msf/core/post/windows/mssql.rb,
lib/msf/core/post/windows/extapi.rb,
lib/msf/core/post/windows/system.rb,
lib/msf/core/post/windows/net_api.rb,
lib/msf/core/post/windows/packrat.rb,
lib/msf/core/post/windows/process.rb,
lib/msf/core/post/windows/accounts.rb,
lib/msf/core/post/windows/eventlog.rb,
lib/msf/core/post/windows/registry.rb,
lib/msf/core/post/windows/services.rb,
lib/msf/core/post/windows/cli_parse.rb,
lib/msf/core/post/windows/file_info.rb,
lib/msf/core/post/windows/powershell.rb,
lib/msf/core/post/windows/file_system.rb,
lib/msf/core/post/windows/shadow_copy.rb,
lib/msf/core/post/windows/user_profiles.rb,
lib/msf/core/post/windows/task_scheduler.rb
Defined Under Namespace
Modules: Accounts, CliParse, Dotnet, Error, Eventlog, ExtAPI, FileInfo, FileSystem, Kiwi, LDAP, MSSQL, NetAPI, Packrat, Powershell, Priv, Process, ReflectiveDLLInjection, Registry, Runas, Services, ShadowCopy, System, TaskScheduler, UserProfiles, Version, WMIC, WindowsServices
Class Method Summary collapse
-
.escape_cmd_literal(string, spaces:) ⇒ String
Escape a string literal value to be included as an argument to cmd.exe.
-
.escape_powershell_literal(string) ⇒ String
Escape a string literal value to be included as an argument to powershell.exe.
Class Method Details
.escape_cmd_literal(string, spaces:) ⇒ String
Escape a string literal value to be included as an argument to cmd.exe. The escaped value *should not* be placed within double quotes as this will alter now it is evaluated (e.g. `echo “^”((^&test) Foo^“”` is different than `echo ^“((^&test) Foo^”`.
12 13 14 15 16 17 |
# File 'lib/msf/core/post/windows.rb', line 12 def self.escape_cmd_literal(string, spaces:) string = string.dup %w[ ^ & < > | " ].each { |char| string.gsub!(char, "^#{char}") } string.gsub!(' ', '" "') if spaces string end |
.escape_powershell_literal(string) ⇒ String
Escape a string literal value to be included as an argument to powershell.exe. This will help in cases where one might need to use & as in PowerShell this is a reserved character whereas in cmd.exe this is used to indicate the start of an additional command to execute.
Example (without this escaping): powershell -Command “cmd /c echo hello & echo world” <- This will result in errors as & is a reserved character. powershell -Command “cmd.exe /c 'echo hello & echo world'” <- This will succeed as & is interpreted as part of a string by PowerShell.
In our case we use PowerShell quoting as described at learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules?view=powershell-7.3 which states that to use a single quote inside of a single quoted string, use a second consecutive single quote. Therefore this is valid in PowerShell: 'don''t' Which in turn becomes the string “don't” (sans double quotes) inside PowerShell.
35 36 37 38 39 |
# File 'lib/msf/core/post/windows.rb', line 35 def self.escape_powershell_literal(string) string = string.dup string.gsub!("'", "''") string end |