// called when up or down is entered static PunchState history(PunchState punchState) { if (punchState.history.Count > 0) { if (punchState.loopType == null) { punchState.loopType = "history"; if (punchState.loopPos == 0) { punchState.loopPos = punchState.history.Count; } } if (punchState.keyInfo.Key == ConsoleKey.UpArrow && punchState.loopPos > 0) { punchState.loopPos -= 1; punchState.displayCmd = punchState.history[punchState.loopPos]; } if (punchState.keyInfo.Key == ConsoleKey.DownArrow) { if ((punchState.loopPos + 1) > (punchState.history.Count - 1)) { punchState.displayCmd = ""; } else { punchState.loopPos += 1; punchState.displayCmd = punchState.history[punchState.loopPos]; } } } return punchState; }
public static PunchState PSExec(PunchState punchState) { using (Pipeline pipeline = punchState.runspace.CreatePipeline()) { pipeline.Commands.AddScript(punchState.cmd); // If we're in an auto-complete loop, we want the PSObjects, not the string from the output of the command // TODO: clean this up if (punchState.inLoop) { pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output); } else { pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output); pipeline.Commands.Add("out-default"); } punchState.results = pipeline.Invoke(); pipeline.Dispose(); } //Clear out command so it doesn't get echo'd out to console again. punchState.ClearIO(); if (!(punchState.inLoop)) { punchState.cmdComplete = true; } punchState.output = ((PSPunchHostUserInterface)punchState.host.UI).Output.ToString(); return(punchState); }
public static void printPrompt(PunchState punchState) { punchState.promptPos = Console.CursorTop; string prompt = createPrompt(punchState); Console.ForegroundColor = PSColors.prompt; Console.Write(prompt); Console.ForegroundColor = PSColors.inputText; }
// This is called everytime a key is pressed. public static PunchState CommandProcessor(PunchState punchState) { punchState.output = null; if (punchState.keyInfo.Key == ConsoleKey.Backspace) { punchState.ClearLoop(); if (punchState.displayCmd != null && punchState.displayCmd.Length > 0) { punchState.displayCmd = punchState.displayCmd.Remove(punchState.displayCmd.Length - 1); } } else if (punchState.keyInfo.Key == ConsoleKey.UpArrow || punchState.keyInfo.Key == ConsoleKey.DownArrow) { return history(punchState); } else if (punchState.keyInfo.Key == ConsoleKey.Enter) { Console.WriteLine("\n"); punchState.ClearLoop(); punchState.cmd = punchState.displayCmd; punchState.history.Add(punchState.cmd); if (punchState.cmd == "exit") { System.Environment.Exit(0); } else if (punchState.cmd == "clear") { Console.Clear(); punchState.displayCmd = ""; Display.printPrompt(punchState); } else if (punchState.cmd.Contains(".exe")) { punchState.cmd = "Start-Process -NoNewWindow -Wait " + punchState.cmd; punchState = Processing.PSExec(punchState); Display.Output(punchState); } else if (punchState.cmd != null) { punchState = Processing.PSExec(punchState); Display.Output(punchState); } punchState.ClearIO(display:true); } else if (punchState.keyInfo.Key == ConsoleKey.Tab) { return TabExpansion.Process(punchState); } else { punchState.ClearLoop(); punchState.displayCmd += punchState.keyInfo.KeyChar; } return punchState; }
public static void ImportModules(PunchState punchState, Stream moduleStream) { Assembly assembly = Assembly.GetExecutingAssembly(); StreamReader keyReader = new StreamReader(assembly.GetManifestResourceStream("PSPunch.Modules.key.txt")); string key = keyReader.ReadToEnd(); try { MemoryStream decMem = CryptoUtils.DecryptFile(moduleStream); punchState.cmd = Encoding.Unicode.GetString(decMem.ToArray()); Processing.PSExec(punchState); } catch (Exception e) { ConsoleColor origColor = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.Write(Strings.moduleLoadError, e.Message); Console.ForegroundColor = origColor; } }
public static void Output(PunchState punchState) { if (punchState.cmdComplete) { printPrompt(punchState); } int currentCusorPos = Console.CursorTop; string prompt = createPrompt(punchState); Console.SetCursorPosition(prompt.Length, punchState.promptPos); Console.Write(new string(' ', Console.WindowWidth)); int cursorDiff = currentCusorPos - punchState.promptPos; while (cursorDiff > 0) { Console.SetCursorPosition(0, punchState.promptPos + cursorDiff); Console.Write(new string(' ', Console.WindowWidth)); cursorDiff -= 1; } Console.SetCursorPosition(prompt.Length, punchState.promptPos); Console.Write(punchState.displayCmd); }
// Here is where we execute posh code public static PunchState PSExec(PunchState punchState) { using (Pipeline pipeline = punchState.runspace.CreatePipeline()) { pipeline.Commands.AddScript(punchState.cmd); // If we're in an auto-complete loop, we want the PSObjects, not the string from the output of the command // TODO: clean this up if (punchState.loopType != null) { pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output); } else { pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output); pipeline.Commands.Add("out-default"); } try { punchState.results = pipeline.Invoke(); } catch (Exception e) { punchState.results = null; Display.Exception(punchState, e.Message); } pipeline.Dispose(); } //Clear out command so it doesn't get echo'd out to console again. punchState.ClearIO(); if (punchState.loopType == null) { punchState.cmdComplete = true; } return punchState; }
static PunchState PSInit() { // Display Loading Message Console.ForegroundColor = PSColors.logoText; Random random = new Random(); int pspLogoInt = random.Next(Strings.pspLogos.Count); Console.WriteLine(Strings.pspLogos[pspLogoInt]); Console.WriteLine("PS>Punch is loading..."); // new punchstate PunchState punchState = new PunchState(); //Decrypt modules Assembly assembly = Assembly.GetExecutingAssembly(); string[] resources = assembly.GetManifestResourceNames(); foreach (string resource in resources) { if (resource.Contains(".enc")) { string fileName = resource.Replace("PSPunch.Modules.","").Replace(".ps1.enc",""); string decFilename = CryptoUtils.DecryptString(fileName); Console.ForegroundColor = PSColors.loadingText; Console.WriteLine("Decrypting: " + decFilename); Stream moduleStream = assembly.GetManifestResourceStream(resource); PSPUtils.ImportModules(punchState, moduleStream); } } // Setup PS env punchState.cmd = "set-executionpolicy bypass -Scope process -Force"; Processing.PSExec(punchState); punchState.cmd = "function Test-Admin { $wid = [System.Security.Principal.WindowsIdentity]::GetCurrent(); $prp = New-Object System.Security.Principal.WindowsPrincipal($wid); $adm = [System.Security.Principal.WindowsBuiltInRole]::Administrator; $prp.IsInRole($adm);}; write-host 'Is Admin: '(test-admin)"; punchState = Processing.PSExec(punchState); // Setup Console Console.BackgroundColor = PSColors.background; Console.Clear(); // Display alpha warning Console.ForegroundColor = PSColors.errorText; Console.WriteLine(Strings.warning); // Display Version and build date: Console.ForegroundColor = PSColors.introText; string buildString; string attackDate = new StreamReader(assembly.GetManifestResourceStream("PSPunch.Resources.attackDate.txt")).ReadToEnd(); if (attackDate.Length > 12) { buildString = "It was custom made by PS>Attack on " + attackDate + "\n"; } else { string buildDate = new StreamReader(assembly.GetManifestResourceStream("PSPunch.Resources.BuildDate.txt")).ReadToEnd(); buildString = "It was built on " + buildDate + "\nIf you'd like a version of PS>Punch thats even harder for AV \nto detect checkout http://github.com/jaredhaight/PSAttack \n"; } Console.WriteLine(Strings.welcomeMessage, Strings.version, buildString, System.Environment.Version); // Display Prompt punchState.loopPos = 0; punchState.cmdComplete = false; Display.printPrompt(punchState); return punchState; }
public static void Exception(PunchState punchState, string errorMsg) { Console.ForegroundColor = PSColors.errorText; Console.WriteLine("ERROR: {0}\n", errorMsg); }
public static string createPrompt(PunchState punchState) { string prompt = punchState.runspace.SessionStateProxy.Path.CurrentLocation + " #> "; return prompt; }
public static PunchState Process(PunchState punchState) { if (punchState.loopType == null) { int lastSpace = punchState.displayCmd.LastIndexOf(" "); if (lastSpace > 0) { // get the command that we're autocompleting for by looking for the last space and pipe // anything after the last space we're going to try and autocomplete. Anything between the // last pipe and last space we assume is a command. int lastPipe = punchState.displayCmd.Substring(0, lastSpace + 1).LastIndexOf("|"); punchState.autocompleteSeed = punchState.displayCmd.Substring(lastSpace); if (lastSpace - lastPipe > 2) { punchState.displayCmdSeed = punchState.displayCmd.Substring(lastPipe + 1, (lastSpace - lastPipe)); } else { punchState.displayCmdSeed = punchState.displayCmd.Substring(0, lastSpace); } // trim leading space from command in the event of "cmd | cmd" if (punchState.displayCmdSeed.IndexOf(" ").Equals(0)) { punchState.displayCmdSeed = punchState.displayCmd.Substring(1, lastSpace); } } else { punchState.autocompleteSeed = punchState.displayCmd; punchState.displayCmdSeed = ""; } if (punchState.autocompleteSeed.Length == 0) { return punchState; } // route to appropriate autcomplete handler if (punchState.autocompleteSeed.Contains(" -")) { punchState = paramAutoComplete(punchState); } else if (punchState.autocompleteSeed.Contains("$")) { punchState = variableAutoComplete(punchState); } else if (punchState.autocompleteSeed.Contains(":") || punchState.autocompleteSeed.Contains("\\")) { punchState = pathAutoComplete(punchState); } else { punchState = cmdAutoComplete(punchState); } } // If we're already in an autocomplete loop, increment loopPos appropriately else if (punchState.loopType != null) { if (punchState.keyInfo.Modifiers == ConsoleModifiers.Shift) { punchState.loopPos -= 1; // loop around if we're at the beginning if (punchState.loopPos < 0) { punchState.loopPos = punchState.results.Count - 1; } } else { punchState.loopPos += 1; // loop around if we reach the end if (punchState.loopPos >= punchState.results.Count) { punchState.loopPos = 0; } } } // if we have results, format them and return them if (punchState.results.Count > 0) { string seperator = ""; string result; switch (punchState.loopType) { case "param": seperator = "-"; result = punchState.results[punchState.loopPos].ToString(); break; case "variable": seperator = "$"; result = punchState.results[punchState.loopPos].Members["Name"].Value.ToString(); break; case "path": result = punchState.results[punchState.loopPos].Members["FullName"].Value.ToString(); break; default: result = punchState.results[punchState.loopPos].BaseObject.ToString(); break; } punchState.displayCmd = punchState.displayCmdSeed + seperator + result; } return punchState; }
// COMMAND AUTOCOMPLETE static PunchState cmdAutoComplete(PunchState punchState) { punchState.loopType = "cmd"; punchState.cmd = "Get-Command " + punchState.autocompleteSeed + "*"; punchState = Processing.PSExec(punchState); return punchState; }
// PATH AUTOCOMPLETE static PunchState pathAutoComplete(PunchState punchState) { punchState.loopType = "path"; punchState.cmd = "Get-ChildItem " + punchState.autocompleteSeed + "*"; punchState = Processing.PSExec(punchState); return punchState; }
// VARIABLE AUTOCOMPLETE static PunchState variableAutoComplete(PunchState punchState) { punchState.loopType = "variable"; string variableSeed = punchState.autocompleteSeed.Replace("$", ""); punchState.cmd = "Get-Variable " + variableSeed + "*"; punchState = Processing.PSExec(punchState); return punchState; }
// PARAMETER AUTOCOMPLETE static PunchState paramAutoComplete(PunchState punchState) { punchState.loopType = "param"; int lastParam = punchState.displayCmd.LastIndexOf(" -"); string paramSeed = punchState.displayCmd.Substring(lastParam).Replace(" -", ""); int firstSpace = punchState.displayCmd.IndexOf(" "); string paramCmd = punchState.displayCmdSeed.Substring(0, firstSpace); punchState.cmd = "(Get-Command " + paramCmd + ").Parameters.Keys | Where{$_ -like '" + paramSeed + "*'}"; punchState = Processing.PSExec(punchState); return punchState; }
// This called everytime a key is pressed. public static PunchState CommandProcessor(PunchState punchState) { punchState.output = null; if (punchState.keyInfo.Key == ConsoleKey.Backspace) { punchState.ClearLoop(); if (punchState.displayCmd.Length > 0) { punchState.displayCmd = punchState.displayCmd.Remove(punchState.displayCmd.Length - 1); } } else if (punchState.keyInfo.Key == ConsoleKey.UpArrow || punchState.keyInfo.Key == ConsoleKey.DownArrow) { if (punchState.history.Count > 0) { if (!(punchState.inLoop)) { punchState.inLoop = true; if (punchState.loopPos == 0) { punchState.loopPos = punchState.history.Count; } } if (punchState.keyInfo.Key == ConsoleKey.UpArrow && punchState.loopPos > 0) { punchState.loopPos -= 1; punchState.displayCmd = punchState.history[punchState.loopPos]; } if (punchState.keyInfo.Key == ConsoleKey.DownArrow) { if ((punchState.loopPos + 1) > (punchState.history.Count - 1)) { punchState.displayCmd = ""; } else { punchState.loopPos += 1; punchState.displayCmd = punchState.history[punchState.loopPos]; } } } return(punchState); } else if (punchState.keyInfo.Key == ConsoleKey.Tab) { if (punchState.displayCmd.Length == 0) { return(punchState); } // setup autocomplete loop if (punchState.inLoop) { if (punchState.keyInfo.Modifiers == ConsoleModifiers.Shift && punchState.loopPos > 0) { punchState.loopPos -= 1; } else if (punchState.loopPos < punchState.results.Count) { punchState.loopPos += 1; } try { punchState.displayCmd = punchState.results[punchState.loopPos].BaseObject.ToString(); } catch { } return(punchState); } punchState.cmd = punchState.displayCmd; punchState.inLoop = true; punchState.cmd = "Get-Command " + punchState.cmd + "*"; punchState = PSExec(punchState); if (punchState.results.Count > 0) { punchState.displayCmd = punchState.results[punchState.loopPos].BaseObject.ToString(); } return(punchState); } else if (punchState.keyInfo.Key == ConsoleKey.Enter) { punchState.ClearLoop(); punchState.cmd = punchState.displayCmd; punchState.history.Add(punchState.cmd); if (punchState.cmd == "exit") { System.Environment.Exit(0); } else if (punchState.cmd == "clear") { Console.Clear(); punchState.displayCmd = ""; Display.Prompt(); } else if (punchState.cmd != null) { punchState = Processing.PSExec(punchState); Display.Output(punchState); } punchState.ClearIO(); } else { punchState.ClearLoop(); punchState.displayCmd += punchState.keyInfo.KeyChar; } return(punchState); }