Added powershell_import support

Author: OJ

lib/rex/post/meterpreter/extensions/powershell/powershell.rb

@@ -31,6 +31,30 @@ def initialize(client)
   end
 
 
+  def import_file(opts={})
+    return nil unless opts[:file]
+
+    # if it's a script, then we'll just use execute_string
+    if opts[:file].end_with?('.ps1')
+      opts[:code] = ::File.read(opts[:file])
+      return execute_string(opts)
+    end
+
+    # if it's a dll (hopefully a .NET 2.0 one) then do something different
+    if opts[:file].end_with?('.dll')
+      # TODO: perhaps do some kind of check to see if the DLL is a .NET assembly?
+      binary = ::File.read(opts[:file])
+
+      request = Packet.create_request('powershell_assembly_load')
+      request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY_SIZE, binary.length)
+      request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY, binary)
+      client.send_request(request)
+      return true
+    end
+
+    return false
+  end
+
   def execute_string(opts={})
     return nil unless opts[:code]
 

lib/rex/post/meterpreter/extensions/powershell/tlv.rb

@@ -8,6 +8,8 @@ module Powershell
 TLV_TYPE_POWERSHELL_SESSIONID        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_POWERSHELL_CODE             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_POWERSHELL_RESULT           = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
+TLV_TYPE_POWERSHELL_ASSEMBLY_SIZE    = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 4)
+TLV_TYPE_POWERSHELL_ASSEMBLY         = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 5)
 
 end
 end

lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb

@@ -29,6 +29,7 @@ def name
   #
   def commands
     {
+      'powershell_import'   => 'Import a PS1 script or .NET Assembly DLL',
       'powershell_shell'    => 'Create an interactive Powershell prompt',
       'powershell_execute'  => 'Execute a Powershell command string'
     }
@@ -68,6 +69,49 @@ def cmd_powershell_shell(*args)
     shell.interact_with_channel(channel)
   end
 
+  @@powershell_import_opts = Rex::Parser::Arguments.new(
+    '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'],
+    '-h' => [false, 'Help banner']
+  )
+
+  def powershell_import_usage
+    print_line('Usage: powershell_import <path to file> [-s session-id]')
+    print_line
+    print_line('Imports a powershell script or assembly into the target.')
+    print_line('The file must end in ".ps1" or ".dll".')
+    print_line('Powershell scripts can be loaded into any session (via -s).')
+    print_line('.NET assemblies are applied to all sessions.')
+    print_line(@@powershell_import_opts.usage)
+  end
+
+  #
+  # Import a script or assembly component into the target.
+  #
+  def cmd_powershell_import(*args)
+    if args.length == 0 || args.include?('-h')
+      powershell_import_usage
+      return false
+    end
+
+    opts = {
+      file: args.shift
+    }
+
+    @@powershell_import_opts.parse(args) { |opt, idx, val|
+      case opt
+      when '-s'
+        opts[:session_id] = val
+      end
+    }
+
+    result = client.powershell.import_file(opts)
+    if !result.blank? && result != false
+      print_good("File successfully imported. Result:\n#{result}")
+    else
+      print_error("File failed to load.")
+    end
+  end
+
   @@powershell_execute_opts = Rex::Parser::Arguments.new(
     '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'],
     '-h' => [false, 'Help banner']