Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

For ./ScriptModification/ : 

-PSScriptAnalyzering
    -Tweaking of synopsis blocks in order to support platyPS
    -Code standardization
    -Generated docs
This commit is contained in:
HarmJ0y 2016-12-14 18:50:58 -05:00
parent 9ed26d65a8
commit 59e6f94e76
12 changed files with 574 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -36,7 +36,7 @@ Compresses, Base-64 encodes, and outputs generated code to load a managed dll in
Encrypts text files/scripts.
#### `Remove-Comments`
#### `Remove-Comment`
Strips comments and extra whitespace from a script.

20
ScriptModification/Out-CompressedDll.ps1
View File

@ -5,12 +5,12 @@ function Out-CompressedDll
Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
PowerSploit Function: Out-CompressedDll
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
PowerSploit Function: Out-CompressedDll
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.DESCRIPTION
Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
@ -21,7 +21,7 @@ Specifies the path to a managed executable.
.EXAMPLE
C:\PS> Out-CompressedDll -FilePath evil.dll
Out-CompressedDll -FilePath evil.dll
Description
-----------
@ -36,7 +36,9 @@ Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it
http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
#>
[CmdletBinding()] Param (
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
[CmdletBinding()]
Param (
[Parameter(Mandatory = $True)]
[String]
$FilePath
@ -51,7 +53,7 @@ http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
$FileBytes = [System.IO.File]::ReadAllBytes($Path)
if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
if (($FileBytes[0..1] | ForEach-Object {[Char]$_}) -join '' -cne 'MZ')
{
Throw "$Path is not a valid executable."
}

19
ScriptModification/Out-EncodedCommand.ps1
View File

@ -5,12 +5,12 @@ function Out-EncodedCommand
Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
PowerSploit Function: Out-EncodedCommand
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
PowerSploit Function: Out-EncodedCommand
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.DESCRIPTION
Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt. The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload. This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
@ -49,13 +49,13 @@ Base-64 encodes the entirety of the output. This is usually unnecessary and effe
.EXAMPLE
C:\PS> Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()
.EXAMPLE
C:\PS> Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
@ -72,7 +72,8 @@ This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kenn
http://www.exploit-monday.com
#>
[CmdletBinding( DefaultParameterSetName = 'FilePath')] Param (
[CmdletBinding( DefaultParameterSetName = 'FilePath')]
Param (
[Parameter(Position = 0, ValueFromPipeline = $True, ParameterSetName = 'ScriptBlock' )]
[ValidateNotNullOrEmpty()]
[ScriptBlock]

42
ScriptModification/Out-EncryptedScript.ps1
View File

@ -5,11 +5,11 @@ function Out-EncryptedScript
Encrypts text files/scripts.
PowerSploit Function: Out-EncryptedScript
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
PowerSploit Function: Out-EncryptedScript
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.DESCRIPTION
@ -36,7 +36,8 @@ is randomly generated by default.
.EXAMPLE
C:\PS> Out-EncryptedScript .\Naughty-Script.ps1 password salty
$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
Description
-----------
@ -48,10 +49,10 @@ function 'de' and the base64-encoded ciphertext.
.EXAMPLE
C:\PS> [String] $cmd = Get-Content .\evil.ps1
C:\PS> Invoke-Expression $cmd
C:\PS> $decrypted = de password salt
C:\PS> Invoke-Expression $decrypted
[String] $cmd = Get-Content .\evil.ps1
Invoke-Expression $cmd
$decrypted = de password salt
Invoke-Expression $decrypted
Description
-----------
@ -64,34 +65,39 @@ unencrypted script is called via Invoke-Expression
This command can be used to encrypt any text-based file/script
#>
[CmdletBinding()] Param (
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
[CmdletBinding()]
Param (
[Parameter(Position = 0, Mandatory = $True)]
[String]
$ScriptPath,
[Parameter(Position = 1, Mandatory = $True)]
[String]
[Security.SecureString]
$Password,
[Parameter(Position = 2, Mandatory = $True)]
[String]
$Salt,
[Parameter(Position = 3)]
[ValidateLength(16, 16)]
[String]
$InitializationVector = ((1..16 | % {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
$InitializationVector = ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
[Parameter(Position = 4)]
[String]
$FilePath = '.\evil.ps1'
)
$TempCred = New-Object System.Management.Automation.PSCredential('a', $Password)
$PlaintextPassword = $TempCred.GetNetworkCredential().Password
$AsciiEncoder = New-Object System.Text.ASCIIEncoding
$ivBytes = $AsciiEncoder.GetBytes($InitializationVector)
# While this can be used to encrypt any file, it's primarily designed to encrypt itself.
[Byte[]] $scriptBytes = Get-Content -Encoding Byte -ReadCount 0 -Path $ScriptPath
$DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
$DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($PlaintextPassword, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
$Key = New-Object System.Security.Cryptography.TripleDESCryptoServiceProvider
$Key.Mode = [System.Security.Cryptography.CipherMode]::CBC
[Byte[]] $KeyBytes = $DerivedPass.GetBytes(16)

30
ScriptModification/Remove-Comments.ps1 → ScriptModification/Remove-Comment.ps1
View File

@ -1,19 +1,19 @@
function Remove-Comments
function Remove-Comment
{
<#
.SYNOPSIS
Strips comments and extra whitespace from a script.
PowerSploit Function: Remove-Comments
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
PowerSploit Function: Remove-Comment
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.DESCRIPTION
Remove-Comments strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
Remove-Comment strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script. You rock, Lee!
@ -27,11 +27,11 @@ Specifies the path to your script.
.EXAMPLE
C:\PS> $Stripped = Remove-Comments -Path .\ScriptWithComments.ps1
$Stripped = Remove-Comment -Path .\ScriptWithComments.ps1
.EXAMPLE
C:\PS> Remove-Comments -ScriptBlock {
Remove-Comment -ScriptBlock {
### This is my awesome script. My documentation is beyond reproach!
Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
### End script awesomeness
@ -41,7 +41,7 @@ Write-Host 'Hello, World!'
.EXAMPLE
C:\PS> Remove-Comments -Path Inject-Shellcode.ps1 | Out-EncodedCommand
Remove-Comment -Path Inject-Shellcode.ps1 | Out-EncodedCommand
Description
-----------
@ -57,15 +57,17 @@ Accepts either a string containing the path to a script or a scriptblock.
System.Management.Automation.ScriptBlock
Remove-Comments returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
Remove-Comment returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
.LINK
http://www.exploit-monday.com
http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/
#>
[CmdletBinding( DefaultParameterSetName = 'FilePath' )] Param (
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')]
[CmdletBinding( DefaultParameterSetName = 'FilePath' )]
Param (
[Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'FilePath' )]
[ValidateNotNullOrEmpty()]
[String]

2
ScriptModification/ScriptModification.psd1
View File

@ -26,6 +26,6 @@ FunctionsToExport = '*'
# List of all files packaged with this module
FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1',
'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.md'
'Out-EncryptedScript.ps1', 'Remove-Comment.ps1', 'Usage.md'
}

60
docs/ScriptModification/Out-CompressedDll.md Executable file
View File

@ -0,0 +1,60 @@
# Out-CompressedDll
## SYNOPSIS
Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
PowerSploit Function: Out-CompressedDll
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
```
Out-CompressedDll [-FilePath] <String>
```
## DESCRIPTION
Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
Out-CompressedDll -FilePath evil.dll
```
Description
-----------
Compresses, base64 encodes, and outputs the code required to load evil.dll in memory.
## PARAMETERS
### -FilePath
Specifies the path to a managed executable.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
## NOTES
Only pure MSIL-based dlls can be loaded using this technique.
Native or IJW ('it just works' - mixed-mode) dlls will not load.
## RELATED LINKS
[http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html](http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html)

186
docs/ScriptModification/Out-EncodedCommand.md Executable file
View File

@ -0,0 +1,186 @@
# Out-EncodedCommand
## SYNOPSIS
Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
PowerSploit Function: Out-EncodedCommand
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
### FilePath (Default)
```
Out-EncodedCommand [[-Path] <String>] [-NoExit] [-NoProfile] [-NonInteractive] [-Wow64] [-WindowStyle <String>]
[-EncodedOutput]
```
### ScriptBlock
```
Out-EncodedCommand [[-ScriptBlock] <ScriptBlock>] [-NoExit] [-NoProfile] [-NonInteractive] [-Wow64]
[-WindowStyle <String>] [-EncodedOutput]
```
## DESCRIPTION
Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt.
The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload.
This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
```
powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream(\[IO.MemoryStream\]\[Convert\]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),\[IO.Compression.CompressionMode\]::Decompress)),\[Text.Encoding\]::ASCII)).ReadToEnd()
### -------------------------- EXAMPLE 2 --------------------------
```
Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
```
powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
Description
-----------
Execute the above payload for the lulz.
\>D
## PARAMETERS
### -ScriptBlock
Specifies a scriptblock containing your payload.
```yaml
Type: ScriptBlock
Parameter Sets: ScriptBlock
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
```
### -Path
Specifies the path to your payload.
```yaml
Type: String
Parameter Sets: FilePath
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -NoExit
Outputs the option to not exit after running startup commands.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -NoProfile
Outputs the option to not load the Windows PowerShell profile.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -NonInteractive
Outputs the option to not present an interactive prompt to the user.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -Wow64
Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -WindowStyle
Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -EncodedOutput
Base-64 encodes the entirety of the output.
This is usually unnecessary and effectively doubles the size of the output.
This option is only for those who are extra paranoid.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
## NOTES
This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kennedy and Josh Kelley's talk, "PowerShell...OMFG" (https://www.trustedsec.com/files/PowerShell_PoC.zip)
## RELATED LINKS
[http://www.exploit-monday.com](http://www.exploit-monday.com)

148
docs/ScriptModification/Out-EncryptedScript.md Executable file
View File

@ -0,0 +1,148 @@
# Out-EncryptedScript
## SYNOPSIS
Encrypts text files/scripts.
PowerSploit Function: Out-EncryptedScript
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
```
Out-EncryptedScript [-ScriptPath] <String> [-Password] <SecureString> [-Salt] <String>
[[-InitializationVector] <String>] [[-FilePath] <String>]
```
## DESCRIPTION
Out-EncryptedScript will encrypt a script (or any text file for that
matter) and output the results to a minimally obfuscated script -
evil.ps1 by default.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
```
Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
Description
-----------
Encrypt the contents of this file with a password and salt.
This will
make analysis of the script impossible without the correct password
and salt combination.
This command will generate evil.ps1 that can
dropped onto the victim machine.
It only consists of a decryption
function 'de' and the base64-encoded ciphertext.
### -------------------------- EXAMPLE 2 --------------------------
```
[String] $cmd = Get-Content .\evil.ps1
```
Invoke-Expression $cmd
$decrypted = de password salt
Invoke-Expression $decrypted
Description
-----------
This series of instructions assumes you've already encrypted a script
and named it evil.ps1.
The contents are then decrypted and the
unencrypted script is called via Invoke-Expression
## PARAMETERS
### -ScriptPath
Path to this script
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -Password
Password to encrypt/decrypt the script
```yaml
Type: SecureString
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -Salt
Salt value for encryption/decryption.
This can be any string value.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -InitializationVector
Specifies a 16-character the initialization vector to be used.
This
is randomly generated by default.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join '')
Accept pipeline input: False
Accept wildcard characters: False
```
### -FilePath
{{Fill FilePath Description}}
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: .\evil.ps1
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
## NOTES
This command can be used to encrypt any text-based file/script
## RELATED LINKS

110
docs/ScriptModification/Remove-Comment.md Executable file
View File

@ -0,0 +1,110 @@
# Remove-Comment
## SYNOPSIS
Strips comments and extra whitespace from a script.
PowerSploit Function: Remove-Comment
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
### FilePath (Default)
```
Remove-Comment [-Path] <String>
```
### ScriptBlock
```
Remove-Comment [-ScriptBlock] <ScriptBlock>
```
## DESCRIPTION
Remove-Comment strips out comments and unnecessary whitespace from a script.
This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script.
You rock, Lee!
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
$Stripped = Remove-Comment -Path .\ScriptWithComments.ps1
```
### -------------------------- EXAMPLE 2 --------------------------
```
Remove-Comment -ScriptBlock {
```
### This is my awesome script.
My documentation is beyond reproach!
Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
### End script awesomeness
}
Write-Host 'Hello, World!'
### -------------------------- EXAMPLE 3 --------------------------
```
Remove-Comment -Path Inject-Shellcode.ps1 | Out-EncodedCommand
```
Description
-----------
Removes extraneous whitespace and comments from Inject-Shellcode (which is notoriously large) and pipes the output to Out-EncodedCommand.
## PARAMETERS
### -Path
Specifies the path to your script.
```yaml
Type: String
Parameter Sets: FilePath
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ScriptBlock
Specifies a scriptblock containing your script.
```yaml
Type: ScriptBlock
Parameter Sets: ScriptBlock
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
```
## INPUTS
### System.String, System.Management.Automation.ScriptBlock
Accepts either a string containing the path to a script or a scriptblock.
## OUTPUTS
### System.Management.Automation.ScriptBlock
Remove-Comment returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
## NOTES
## RELATED LINKS
[http://www.exploit-monday.com
http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/]()

2
docs/index.md
View File

@ -15,7 +15,7 @@ Modify and/or prepare scripts for execution on a compromised machine.
Out-EncodedCommand - Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
Out-CompressedDll - Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
Out-EncryptedScript - Encrypts text files/scripts.
Remove-Comments - Strips comments and extra whitespace from a script.
Remove-Comment - Strips comments and extra whitespace from a script.
### Persistence

6
mkdocs.yml
View File

@ -139,3 +139,9 @@ pages:
- Add-Persistence: 'Persistence/Add-Persistence.md'
- Install-SSP: 'Persistence/Install-SSP.md'
- Get-SecurityPackage: 'Persistence/Get-SecurityPackage.md'
- ScriptModification:
- Functions:
- Out-CompressedDll: 'ScriptModification/Out-CompressedDll.md'
- Out-EncodedCommand: 'ScriptModification/Out-EncodedCommand.md'
- Out-EncryptedScript: 'ScriptModification/Out-EncryptedScript.md'
- Remove-Comment: 'ScriptModification/Remove-Comment.md'