PowerShellMafia
diff --git a/‎README.md
Lines changed: 1 addition & 1 deletion b/‎README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎ScriptModification/Out-CompressedDll.ps1
Lines changed: 11 additions & 9 deletions b/‎ScriptModification/Out-CompressedDll.ps1
Lines changed: 11 additions & 9 deletions
diff --git a/‎ScriptModification/Out-EncodedCommand.ps1
Lines changed: 10 additions & 9 deletions b/‎ScriptModification/Out-EncodedCommand.ps1
Lines changed: 10 additions & 9 deletions
diff --git a/‎ScriptModification/Out-EncryptedScript.ps1
Lines changed: 24 additions & 18 deletions b/‎ScriptModification/Out-EncryptedScript.ps1
Lines changed: 24 additions & 18 deletions
diff --git a/‎ScriptModification/Remove-Comments.ps1 renamed to ‎ScriptModification/Remove-Comment.ps1
Lines changed: 16 additions & 14 deletions b/‎ScriptModification/Remove-Comments.ps1 renamed to ‎ScriptModification/Remove-Comment.ps1
Lines changed: 16 additions & 14 deletions
diff --git a/‎ScriptModification/ScriptModification.psd1
Lines changed: 1 addition & 1 deletion b/‎ScriptModification/ScriptModification.psd1
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/ScriptModification/Out-CompressedDll.md
Lines changed: 60 additions & 0 deletions b/‎docs/ScriptModification/Out-CompressedDll.md
Lines changed: 60 additions & 0 deletions
@@ -36,7 +36,7 @@ Compresses, Base-64 encodes, and outputs generated code to load a managed dll in
 
 Encrypts text files/scripts.
 
-#### `Remove-Comments`
+#### `Remove-Comment`
 
 Strips comments and extra whitespace from a script. 
 
 
@@ -5,12 +5,12 @@ function Out-CompressedDll
 
 Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
 
-PowerSploit Function: Out-CompressedDll
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-Required Dependencies: None
-Optional Dependencies: None
- 
+PowerSploit Function: Out-CompressedDll  
+Author: Matthew Graeber (@mattifestation)  
+License: BSD 3-Clause  
+Required Dependencies: None  
+Optional Dependencies: None  
+
 .DESCRIPTION
 
 Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
@@ -21,7 +21,7 @@ Specifies the path to a managed executable.
 
 .EXAMPLE
 
-C:\PS> Out-CompressedDll -FilePath evil.dll
+Out-CompressedDll -FilePath evil.dll
 
 Description
 -----------
@@ -36,7 +36,9 @@ Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it
 http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
 #>
 
-    [CmdletBinding()] Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
+    [CmdletBinding()]
+    Param (
         [Parameter(Mandatory = $True)]
         [String]
         $FilePath
@@ -51,7 +53,7 @@ http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
 
     $FileBytes = [System.IO.File]::ReadAllBytes($Path)
 
-    if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
+    if (($FileBytes[0..1] | ForEach-Object {[Char]$_}) -join '' -cne 'MZ')
     {
         Throw "$Path is not a valid executable."
     }
 
@@ -5,12 +5,12 @@ function Out-EncodedCommand
 
 Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
 
-PowerSploit Function: Out-EncodedCommand
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-Required Dependencies: None
-Optional Dependencies: None
- 
+PowerSploit Function: Out-EncodedCommand  
+Author: Matthew Graeber (@mattifestation)  
+License: BSD 3-Clause  
+Required Dependencies: None  
+Optional Dependencies: None  
+
 .DESCRIPTION
 
 Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt. The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload. This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
@@ -49,13 +49,13 @@ Base-64 encodes the entirety of the output. This is usually unnecessary and effe
 
 .EXAMPLE
 
-C:\PS> Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
+Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
 
 powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()
 
 .EXAMPLE
 
-C:\PS> Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
+Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
 
 powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
 
@@ -72,7 +72,8 @@ This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kenn
 http://www.exploit-monday.com
 #>
 
-    [CmdletBinding( DefaultParameterSetName = 'FilePath')] Param (
+    [CmdletBinding( DefaultParameterSetName = 'FilePath')]
+    Param (
         [Parameter(Position = 0, ValueFromPipeline = $True, ParameterSetName = 'ScriptBlock' )]
         [ValidateNotNullOrEmpty()]
         [ScriptBlock]
 
@@ -5,11 +5,11 @@ function Out-EncryptedScript
 
 Encrypts text files/scripts.
 
-PowerSploit Function: Out-EncryptedScript
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-Required Dependencies: None
-Optional Dependencies: None
+PowerSploit Function: Out-EncryptedScript  
+Author: Matthew Graeber (@mattifestation)  
+License: BSD 3-Clause  
+Required Dependencies: None  
+Optional Dependencies: None  
 
 .DESCRIPTION
 
@@ -36,7 +36,8 @@ is randomly generated by default.
 
 .EXAMPLE
 
-C:\PS> Out-EncryptedScript .\Naughty-Script.ps1 password salty
+$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
 
 Description
 -----------
@@ -48,10 +49,10 @@ function 'de' and the base64-encoded ciphertext.
 
 .EXAMPLE
 
-C:\PS> [String] $cmd = Get-Content .\evil.ps1
-C:\PS> Invoke-Expression $cmd
-C:\PS> $decrypted = de password salt
-C:\PS> Invoke-Expression $decrypted
+[String] $cmd = Get-Content .\evil.ps1
+Invoke-Expression $cmd
+$decrypted = de password salt
+Invoke-Expression $decrypted
 
 Description
 -----------
@@ -64,34 +65,39 @@ unencrypted script is called via Invoke-Expression
 This command can be used to encrypt any text-based file/script
 #>
 
-    [CmdletBinding()] Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
+    [CmdletBinding()]
+    Param (
         [Parameter(Position = 0, Mandatory = $True)]
         [String]
         $ScriptPath,
-    
+
         [Parameter(Position = 1, Mandatory = $True)]
-        [String]
+        [Security.SecureString]
         $Password,
-    
+
         [Parameter(Position = 2, Mandatory = $True)]
         [String]
         $Salt,
-    
+
         [Parameter(Position = 3)]
         [ValidateLength(16, 16)]
         [String]
-        $InitializationVector = ((1..16 | % {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
-    
+        $InitializationVector = ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
+
         [Parameter(Position = 4)]
         [String]
         $FilePath = '.\evil.ps1'
     )
 
+    $TempCred = New-Object System.Management.Automation.PSCredential('a', $Password)
+    $PlaintextPassword = $TempCred.GetNetworkCredential().Password
+
     $AsciiEncoder = New-Object System.Text.ASCIIEncoding
     $ivBytes = $AsciiEncoder.GetBytes($InitializationVector)
     # While this can be used to encrypt any file, it's primarily designed to encrypt itself.
     [Byte[]] $scriptBytes = Get-Content -Encoding Byte -ReadCount 0 -Path $ScriptPath
-    $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
+    $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($PlaintextPassword, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
     $Key = New-Object System.Security.Cryptography.TripleDESCryptoServiceProvider
     $Key.Mode = [System.Security.Cryptography.CipherMode]::CBC
     [Byte[]] $KeyBytes = $DerivedPass.GetBytes(16)
 
@@ -1,19 +1,19 @@
-function Remove-Comments
+function Remove-Comment
 {
 <#
 .SYNOPSIS
 
 Strips comments and extra whitespace from a script.
 
-PowerSploit Function: Remove-Comments
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-Required Dependencies: None
-Optional Dependencies: None
- 
+PowerSploit Function: Remove-Comment  
+Author: Matthew Graeber (@mattifestation)  
+License: BSD 3-Clause  
+Required Dependencies: None  
+Optional Dependencies: None  
+
 .DESCRIPTION
 
-Remove-Comments strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
+Remove-Comment strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
 
 A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script. You rock, Lee!
 
@@ -27,11 +27,11 @@ Specifies the path to your script.
 
 .EXAMPLE
 
-C:\PS> $Stripped = Remove-Comments -Path .\ScriptWithComments.ps1
+$Stripped = Remove-Comment -Path .\ScriptWithComments.ps1
 
 .EXAMPLE
 
-C:\PS> Remove-Comments -ScriptBlock {
+Remove-Comment -ScriptBlock {
 ### This is my awesome script. My documentation is beyond reproach!
       Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
 ### End script awesomeness
@@ -41,7 +41,7 @@ Write-Host 'Hello, World!'
 
 .EXAMPLE
 
-C:\PS> Remove-Comments -Path Inject-Shellcode.ps1 | Out-EncodedCommand
+Remove-Comment -Path Inject-Shellcode.ps1 | Out-EncodedCommand
 
 Description
 -----------
@@ -57,15 +57,17 @@ Accepts either a string containing the path to a script or a scriptblock.
 
 System.Management.Automation.ScriptBlock
 
-Remove-Comments returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
+Remove-Comment returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
 
 .LINK
 
 http://www.exploit-monday.com
 http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/
 #>
-
-    [CmdletBinding( DefaultParameterSetName = 'FilePath' )] Param (
+    
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')]
+    [CmdletBinding( DefaultParameterSetName = 'FilePath' )]
+    Param (
         [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'FilePath' )]
         [ValidateNotNullOrEmpty()]
         [String]
 
@@ -26,6 +26,6 @@ FunctionsToExport = '*'
 
 # List of all files packaged with this module
 FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1', 
-               'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.md'
+               'Out-EncryptedScript.ps1', 'Remove-Comment.ps1', 'Usage.md'
 
 }
@@ -0,0 +1,60 @@
+# Out-CompressedDll
+
+## SYNOPSIS
+Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+
+PowerSploit Function: Out-CompressedDll  
+Author: Matthew Graeber (@mattifestation)  
+License: BSD 3-Clause  
+Required Dependencies: None  
+Optional Dependencies: None
+
+## SYNTAX
+
+```
+Out-CompressedDll [-FilePath] <String>
+```
+
+## DESCRIPTION
+Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+Out-CompressedDll -FilePath evil.dll
+```
+
+Description
+-----------
+Compresses, base64 encodes, and outputs the code required to load evil.dll in memory.
+
+## PARAMETERS
+
+### -FilePath
+Specifies the path to a managed executable.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases: 
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+Only pure MSIL-based dlls can be loaded using this technique.
+Native or IJW ('it just works' - mixed-mode) dlls will not load.
+
+## RELATED LINKS
+
+[http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html](http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html)
+
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,6 @@ FunctionsToExport = '*'`
`26`	`26`
`27`	`27`	`# List of all files packaged with this module`
`28`	`28`	`FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1',`
`29`		`- 'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.md'`
	`29`	`+ 'Out-EncryptedScript.ps1', 'Remove-Comment.ps1', 'Usage.md'`
`30`	`30`
`31`	`31`	`}`