Basic shell of the MSF Powershell extension functionality

OJ · OJ · commit f8f61e8d83ca · 2016-03-14T12:55:58.000+10:00
diff --git a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
@@ -0,0 +1,44 @@
+# -*- coding: binary -*-
+
+require 'rex/post/meterpreter/extensions/powershell/tlv'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Powershell
+
+###
+#
+# This meterpreter extensions a privilege escalation interface that is capable
+# of doing things like dumping password hashes and performing local
+# exploitation.
+#
+###
+class Powershell < Extension
+
+
+  def initialize(client)
+    super(client, 'powershell')
+
+    client.register_extension_aliases(
+      [
+        {
+          'name' => 'powershell',
+          'ext'  => self
+        },
+      ])
+  end
+
+
+  def execute_string(string)
+    request = Packet.create_request('powershell_execute')
+
+    response = client.send_request(request)
+
+    return response
+  end
+
+end
+
+end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
@@ -0,0 +1,14 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Powershell
+
+TLV_TYPE_POWERSHELL_CODE             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb
@@ -0,0 +1,74 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Powershell extension - interact with a Powershell interpreter
+#
+###
+class Console::CommandDispatcher::Powershell
+
+  Klass = Console::CommandDispatcher::Powershell
+
+  include Console::CommandDispatcher
+
+  #
+  # Name for this dispatcher
+  #
+  def name
+    'Powershell'
+  end
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    {
+      'powershell_execute'            => 'Execute a Powershell command string',
+    }
+  end
+
+  @@powershell_execute_opts = Rex::Parser::Arguments.new(
+    '-h' => [false, 'Help banner']
+  )
+
+  def powershell_execute_usage
+    print_line('Usage: powershell_execute <powershell code>')
+    print_line
+    print_line('Runs the given Powershell string on the target.')
+    print_line(@@powershell_execute_opts.usage)
+  end
+
+  #
+  # Execute a simple Powershell command string
+  #
+  def cmd_powershell_execute(*args)
+    if args.length == 0 || args.include?('-h')
+      powershell_execute_usage
+      return false
+    end
+
+    code = args.shift
+
+    @@powershell_execute_opts.parse(args) { |opt, idx, val|
+      #case opt
+      #when '-r'
+      #  result_var = val
+      #end
+    }
+
+    client.powershell.execute_string(code)
+  end
+
+end
+
+end
+end
+end
+end
+
