Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Powershell

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Powershell

Includes:

Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:

lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb

Overview

Powershell extension - interact with a Powershell interpreter

Constant Summary

Klass =

Console::CommandDispatcher::Powershell

@@powershell_session_remove_opts =

Rex::Parser::Arguments.new(
  '-s' => [true, 'Specify the id/name of the Powershell session to interact with (cannot be "default").'],
  '-h' => [false, 'Help banner']
)

@@powershell_shell_opts =

Rex::Parser::Arguments.new(
  '-s' => [true, 'Specify the id/name of the Powershell session to interact with.'],
  '-h' => [false, 'Help banner']
)

@@powershell_import_opts =

Rex::Parser::Arguments.new(
  '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'],
  '-h' => [false, 'Help banner']
)

@@powershell_execute_opts =

Rex::Parser::Arguments.new(
  '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'],
  '-h' => [false, 'Help banner']
)

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary

• #cmd_powershell_execute(*args) ⇒ Object

  Execute a simple Powershell command string.

• #cmd_powershell_import(*args) ⇒ Object

  Import a script or assembly component into the target.

• #cmd_powershell_import_tabs(str, words) ⇒ Object
• #cmd_powershell_session_remove(*args) ⇒ Object
• #cmd_powershell_shell(*args) ⇒ Object

  Create an interactive powershell prompts.

• #commands ⇒ Object

  List of supported commands.

• #name ⇒ Object

  Name for this dispatcher.

• #powershell_execute_usage ⇒ Object
• #powershell_import_usage ⇒ Object
• #powershell_session_remove_usage ⇒ Object
• #powershell_shell_usage ⇒ Object

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #docs_dir, #filter_commands, #initialize, #log_error, #msf_loaded?, #session, set_hash, #unknown_command

Methods included from Msf::Ui::Console::CommandDispatcher::Session

#cmd_background, #cmd_background_help, #cmd_exit, #cmd_irb, #cmd_irb_help, #cmd_irb_tabs, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_resource_tabs, #cmd_sessions, #cmd_sessions_help

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #docs_dir, #help_to_s, included, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_directory, #tab_complete_filenames, #tab_complete_generic, #tab_complete_source_address, #unknown_command, #update_prompt

Instance Method Details

#cmd_powershell_execute(*args) ⇒ Object

Execute a simple Powershell command string

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 183

def cmd_powershell_execute(*args)
  if args.length == 0 || args.include?('-h')
    powershell_execute_usage
    return false
  end

  opts = {
    code: args.shift
  }

  @@powershell_execute_opts.parse(args) { |opt, idx, val|
    case opt
    when '-s'
      opts[:session_id] = val
    end
  }

  result = client.powershell.execute_string(opts)
  if result[:warning].present?
    print_warning(result[:warning])
  end
  print_good("Command execution completed:\n#{result[:output]}")
end

#cmd_powershell_import(*args) ⇒ Object

Import a script or assembly component into the target.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 136

def cmd_powershell_import(*args)
  if args.length == 0 || args.include?('-h')
    powershell_import_usage
    return false
  end

  opts = {
    file: args.shift
  }

  @@powershell_import_opts.parse(args) { |opt, idx, val|
    case opt
    when '-s'
      opts[:session_id] = val
    end
  }

  result = client.powershell.import_file(opts)

  if result[:warning].present?
    print_warning(result[:warning])
  end

  if result[:loaded] == false
    print_error('File failed to load. The file must end in ".ps1" or ".dll".')
  elsif result[:loaded] == true || result[:output].empty?
    print_good("File successfully imported. No result was returned.")
  else
    print_good("File successfully imported. Result:\n#{result[:output]}")
  end
end

#cmd_powershell_import_tabs(str, words) ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 127

def cmd_powershell_import_tabs(str, words)
  if words.length == 1 # Just the command
    tab_complete_filenames(str, words)
  end
end

#cmd_powershell_session_remove(*args) ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 51

def cmd_powershell_session_remove(*args)
  opts = {}

  @@powershell_session_remove_opts.parse(args) { |opt, idx, val|
    case opt
    when '-s'
      opts[:session_id] = val
    end
  }

  if opts[:session_id].nil? || opts[:session_id].downcase == 'default' || args.include?('-h')
    powershell_session_remove_usage
    return false
  else
    client.powershell.session_remove(opts)
    print_good("Session '#{opts[:session_id]}' removed.")
    return true
  end
end

#cmd_powershell_shell(*args) ⇒ Object

Create an interactive powershell prompts

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 86

def cmd_powershell_shell(*args)
  if args.include?('-h')
    powershell_shell_usage
    return false
  end

  opts = {}

  @@powershell_shell_opts.parse(args) { |opt, idx, val|
    case opt
    when '-s'
      opts[:session_id] = val
    end
  }

  result = client.powershell.shell(opts)

  channel = result[:channel]

  if result[:warning].present?
    print_warning(result[:warning])
  end

  shell.interact_with_channel(channel)
end

#commands ⇒ Object

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 30

def commands
  {
    'powershell_import'         => 'Import a PS1 script or .NET Assembly DLL',
    'powershell_shell'          => 'Create an interactive Powershell prompt',
    'powershell_execute'        => 'Execute a Powershell command string',
    'powershell_session_remove' => 'Remove/clear a session (other than default)',
  }
end

#name ⇒ Object

Name for this dispatcher

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 23

def name
  'Powershell'
end

#powershell_execute_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 173

def powershell_execute_usage
  print_line('Usage: powershell_execute <powershell code> [-s session-id]')
  print_line
  print_line('Runs the given Powershell string on the target.')
  print_line(@@powershell_execute_opts.usage)
end

#powershell_import_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 117

def powershell_import_usage
  print_line('Usage: powershell_import <path to file> [-s session-id]')
  print_line
  print_line('Imports a powershell script or assembly into the target.')
  print_line('The file must end in ".ps1" or ".dll".')
  print_line('Powershell scripts can be loaded into any session (via -s).')
  print_line('.NET assemblies are applied to all sessions.')
  print_line(@@powershell_import_opts.usage)
end

#powershell_session_remove_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 44

def powershell_session_remove_usage
  print_line('Usage: powershell_session_remove -s session-id')
  print_line
  print_line('Removes a named session from the powershell instance.')
  print_line(@@powershell_session_remove_opts.usage)
end

#powershell_shell_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb', line 76

def powershell_shell_usage
  print_line('Usage: powershell_shell [-s session-id]')
  print_line
  print_line('Creates an interactive Powershell prompt.')
  print_line(@@powershell_shell_opts.usage)
end