Upstream Msf namespace PSH decompressor & decoder

RageLtMan · RageLtMan · commit cf29a512d06f · 2017-05-10T22:44:56.000-04:00
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
diff --git a/lib/msf/core/exploit/powershell.rb b/lib/msf/core/exploit/powershell.rb
@@ -54,6 +54,7 @@ def make_subs(script, subs)
 
     script
   end
+
   #
   # Return an encoded powershell script
   # Will invoke PSH modifiers as enabled
@@ -71,6 +72,21 @@ def encode_script(script_in, eof = nil)
     Rex::Powershell::Command.encode_script(script_in, eof, opts)
   end
 
+  #
+  # Return an decoded powershell script
+  #
+  # @param script_in [String] Encoded contents
+  #
+  # @return [String] Decoded script
+  def decode_script(script_in)
+    if script_in.to_s.match( /[A-Za-z0-9+\/]+={0,3}/)[0] == script_in.to_s and 
+    script_in.to_s.length % 4 == 0
+      return Rex::Powershell::Command.decode_script(script_in)
+    else
+      return script_in
+    end
+  end
+
   #
   # Return a gzip compressed powershell script
   # Will invoke PSH modifiers as enabled
@@ -89,6 +105,17 @@ def compress_script(script_in, eof=nil)
     Rex::Powershell::Command.compress_script(script_in, eof, opts)
   end
 
+  #
+  # Return a decompressed powershell sript
+  #
+  # @param script_in [String] Compressed contents with decompression stub
+  #
+  # @return [String] Decompressed script
+  def decompress_script(script_in)
+    return script_in if script_in.match(/FromBase64String/).nil?
+    Rex::Powershell::Command.decompress_script(script_in)
+  end
+
   #
   # Generate a powershell command line, options are passed on to
   # generate_psh_args
