module Rex::Exploitation::Powershell::PshMethods
Convenience methods for generating powershell code in Ruby
Public Class Methods
Download file via .NET WebClient
@param src [String] URL to the file @param target [String] Location to save the file
@return [String] Powershell
code to download a file
# File lib/rex/exploitation/powershell/psh_methods.rb, line 17 def self.download(src, target) target ||= '$pwd\\' << src.split('/').last %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^ end
Return last time of login
@param user [String] Username
@return [String] Powershell
code to return the last time of a user
login
# File lib/rex/exploitation/powershell/psh_methods.rb, line 63 def self.get_last_login(user) %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^ end
Create secure string from plaintext
@param str [String] String to create as a SecureString
@return [String] Powershell
code to create a SecureString
# File lib/rex/exploitation/powershell/psh_methods.rb, line 41 def self.secure_string(str) %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$) end
Uninstall app, or anything named like app
@param app [String] Name of application @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
the application name
@return [String] Powershell
code to uninstall an application
# File lib/rex/exploitation/powershell/psh_methods.rb, line 30 def self.uninstall(app, fuzzy = true) match = fuzzy ? '-like' : '-eq' %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^ end
Find
PID of file lock owner
@param filename [String] Filename
@return [String] Powershell
code to identify the PID of a file
lock owner
# File lib/rex/exploitation/powershell/psh_methods.rb, line 52 def self.who_locked_file(filename) %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^ end