module Rex::Exploitation::Powershell::PshMethods

Convenience methods for generating powershell code in Ruby

Public Class Methods

download(src, target) click to toggle source

Download file via .NET WebClient

@param src [String] URL to the file @param target [String] Location to save the file

@return [String] Powershell code to download a file

# File lib/rex/exploitation/powershell/psh_methods.rb, line 17
def self.download(src, target)
  target ||= '$pwd\\' << src.split('/').last
  %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
end
get_last_login(user) click to toggle source

Return last time of login

@param user [String] Username

@return [String] Powershell code to return the last time of a user

login
# File lib/rex/exploitation/powershell/psh_methods.rb, line 63
def self.get_last_login(user)
  %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
end
secure_string(str) click to toggle source

Create secure string from plaintext

@param str [String] String to create as a SecureString

@return [String] Powershell code to create a SecureString

# File lib/rex/exploitation/powershell/psh_methods.rb, line 41
def self.secure_string(str)
  %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
end
uninstall(app, fuzzy = true) click to toggle source

Uninstall app, or anything named like app

@param app [String] Name of application @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to

the application name

@return [String] Powershell code to uninstall an application

# File lib/rex/exploitation/powershell/psh_methods.rb, line 30
def self.uninstall(app, fuzzy = true)
  match = fuzzy ? '-like' : '-eq'
  %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
end
who_locked_file(filename) click to toggle source

Find PID of file lock owner

@param filename [String] Filename

@return [String] Powershell code to identify the PID of a file

lock owner
# File lib/rex/exploitation/powershell/psh_methods.rb, line 52
def self.who_locked_file(filename)
  %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
end