Closed cobbr closed 7 years ago
Thanks, cobbr! Detailed issue report (and resolution) as always. Just pushed the fix in 63e694fa6ae3cab1a16ceb8ef0a968601bc1b808.
This or a similar issue seems to have reoccurred...
At line:1244 char:56
+ ... sMessageAttribute(("{3}{0}{1}{2}" -f'ShouldPro','c','ess','PS'), '')]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attribute argument must be a constant or a script block.
Not all parse errors were reported. Correct the reported errors and try again."
At Z:\tools\Infrastructure\RedTeam\Invoke-Obfuscation\Out-ObfuscatedTokenCommand.ps1:137 char:13
+ $ScriptString = Out-ObfuscatedTokenCommand ([ScriptBlock] ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ParseException
Above occurs when obfuscating powerup
Problem
Errors obfuscating the ParameterValidationAttribute 'OutputType'. The problem only arises when OutputType uses a TypeNameString instead of a TypeLiteral as described here.
I discovered this issue while attempting to obfuscate modules in the Empire project.
This error specifically was found while attempting to obfuscate PowerUp.ps1 and Invoke-Kerberoast.ps1.
Steps to reproduce
Solution
I was able to get rid of the error messages by adding OutputType to the $ParameterValidationAttributesToTreatStringAsScriptblock array.