Feature iex alternatives

[sempervictus]

Implement alternatives to IEX-style invocation in the download and exec string methods. Cleanup redundant escape for single quotes option in command composition.

[sempervictus]

Still a bit WIP - works, but spec is out of line. Trying to neatly fix up the semantics to let us use the single quotes option as intended without breaking psexec on one platform or another.

[sempervictus]

Ping @dmaloney-r7: i've reviewed the spec failures, and something is very wrong in the way it counts command outputs. For instance:

Rex::Powershell::Command.generate_psh_args(executionpolicy: "bypass").count('-')

returns 1, and the options hash is also only of length 1. The spec failure however reads:

Failures:
  1) Rex::Powershell::Command::generate_psh_args should generate correct arguments for {:executionpolicy=>"bypass"}
     Failure/Error: expect(short_args.count('-')).to eql opt_length

       expected: 11
            got: 12

       (compared using eql?)
     # ./spec/rex/powershell/command_spec.rb:392:in `block (5 levels) in <top (required)>'

How is it expecting 11 options and getting 12 when the return for that is -c Z? Is the iteration over permutations somehow poisoning the variables inside the loop? Rspec seems weird in the way it handles execution control - i threw an exit 1 when checking _short_args.count('-')) == optlength and the whole spec still executed.

[sempervictus]

@busterb: can I get a manual override on spec? Something's amiss. Others should be good to merge

[thelightcosine]

@sempervictus go ahead and delete these lines out of the spec:

expect(short_args.count('-')).to eql opt_length
expect(long_args.count('-')).to eql opt_length

These tests are pretty terrible and i don't see a lot of value to those counts

[sempervictus]

Woo! Spec trimming! Thanks boss. Any idea why the deuce it behaves that way? Whole thing looks magical, and where there's magic, there's gremlins and goblins under every uncaught exception.

[sempervictus]

@dmaloney-r7: could you give all three of these a try on your end? I've had them in my codebase since PR, work for me and bypass AMSI nicely. Once we update the gem I'll refresh the MSF side so we can move on to better things - like staging through named pipes (which I think will give us pivoting payloads for indirect exec while avoiding some logging facilities).

[sempervictus]

Woo, thx. That should "fix" amsi for now.

[jmartin-tech]

Note: (this is as much a commiter's issue as submitter's) when something changes in the expected behavior of a library the version should change to reflect updates will be needed upstream, in this case changes to the command contract removing :use_single_quotes and adding :wrap_double_quotes should have triggered at least a minor version bump instead of a patch.

Noting here due to a bit of a headache trying to consume newer versions including this PR.

[sempervictus]

I'll start asking for ver bumps on api changes. That's my fault for being a bad team player, and thank you for digging to the bottom of it - I didn't properly update the MSF side when I did the three Rex PRs.

[timwr]

Excellent work guys