Rex::Powershell::Command.compress_script generates not working payloads #9

phra · 2019-01-14T21:33:18Z

Rex::Powershell::Command.compress_script generates payload that are not working on win 10 1803. after some debugging i discovered that:

the current generated payload is

( NeW-OBJeCT iO.streAmreaDER( ( NeW-OBJeCT Io.ComPreSsioN.dEfLATEStReAm( [SYsTEM.Io.MEMOrYstReam][coNvERT]::FROmBase64sTRinG('S03OyFdIzkzMV6hRyC8t0U3LzElVAJMFiSUZCslWMaXFqUXFMQWlSTmZyTEpmfnJiXmpeiUVJQA=') ,[sYStEM.Io.cOMpreSSiON.coMprEssIONMoDe]::decoMPrEss)) ,[systEM.TeXT.EncoDIng]::ASCii) ).reAdtoEnD( )| Write-Host

but the working version is

( NeW-OBJeCT system.iO.streAmreaDER( ( NeW-OBJeCT system.Io.ComPreSsioN.dEfLATEStReAm( [SYsTEM.Io.MEMOrYstReam][system.coNvERT]::FROmBase64sTRinG('S03OyFdIzkzMV6hRyC8t0U3LzElVAJMFiSUZCslWMaXFqUXFMQWlSTmZyTEpmfnJiXmpeiUVJQA=') ,[sYStEM.Io.cOMpreSSiON.coMprEssIONMoDe]::decoMPrEss)) ,[systEM.TeXT.EncoDIng]::ASCii) ).reAdtoEnD( )| Write-Host

The text was updated successfully, but these errors were encountered:

phra added a commit to phra/rex that referenced this issue Jan 14, 2019

fix: explicitly reference System.*, fixes rapid7#9

cfc5239

This was referenced Jan 14, 2019

Explicitly reference System.* #10

Closed

Rex::Powershell::Command.compress_script generates not working payloads rapid7/rex-powershell#15

Closed

Explicitly reference System.* rapid7/rex-powershell#16

Merged

bcoles added the bug label Feb 5, 2019

timwr closed this as completed in rapid7/rex-powershell#16 Apr 22, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rex::Powershell::Command.compress_script generates not working payloads #9

Rex::Powershell::Command.compress_script generates not working payloads #9

phra commented Jan 14, 2019

Rex::Powershell::Command.compress_script generates not working payloads #9

Rex::Powershell::Command.compress_script generates not working payloads #9

Comments

phra commented Jan 14, 2019