module Rex::Powershell::PshMethods

Convenience methods for generating powershell code in Ruby

Public Class Methods

download(src, target) click to toggle source

Download file via .NET WebClient

@param src [String] URL to the file @param target [String] Location to save the file

@return [String] Powershell code to download a file

# File lib/rex/powershell/psh_methods.rb, line 16
def self.download(src, target)
  target ||= '$pwd\\' << src.split('/').last
  %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
end
get_last_login(user) click to toggle source

Return last time of login

@param user [String] Username

@return [String] Powershell code to return the last time of a user

login
# File lib/rex/powershell/psh_methods.rb, line 62
def self.get_last_login(user)
  %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
end
ignore_ssl_certificate() click to toggle source

Disable SSL Certificate verification

@return [String] Powershell code to disable SSL verification

checks.
# File lib/rex/powershell/psh_methods.rb, line 71
def self.ignore_ssl_certificate
  '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
end
proxy_aware_download_and_exec_string(url) click to toggle source

Use the default system web proxy and credentials to download a URL as a string and execute the contents as PowerShell

@param url [String] string to download

@return [String] PowerShell code to download a URL

# File lib/rex/powershell/psh_methods.rb, line 82
def self.proxy_aware_download_and_exec_string(url)
  var = Rex::Text.rand_text_alpha(1)
  cmd = "$#{var}=new-object net.webclient;"
  cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
  cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
  cmd << "IEX $#{var}.downloadstring('#{url}');"
  cmd
end
secure_string(str) click to toggle source

Create secure string from plaintext

@param str [String] String to create as a SecureString

@return [String] Powershell code to create a SecureString

# File lib/rex/powershell/psh_methods.rb, line 40
def self.secure_string(str)
  %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
end
uninstall(app, fuzzy = true) click to toggle source

Uninstall app, or anything named like app

@param app [String] Name of application @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to

the application name

@return [String] Powershell code to uninstall an application

# File lib/rex/powershell/psh_methods.rb, line 29
def self.uninstall(app, fuzzy = true)
  match = fuzzy ? '-like' : '-eq'
  %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
end
who_locked_file(filename) click to toggle source

Find PID of file lock owner

@param filename [String] Filename

@return [String] Powershell code to identify the PID of a file

lock owner
# File lib/rex/powershell/psh_methods.rb, line 51
def self.who_locked_file(filename)
  %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
end