SSL working

bigttys0 · Nov 13, 2015 · 546b560 · 546b560
1 parent fa79f86
commit 546b560
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 62 deletions.
diff --git a/Functions/Connect-PowerCat.ps1 b/Functions/Connect-PowerCat.ps1
@@ -44,14 +44,14 @@
     DynamicParam { 
         $ParameterDictionary = New-Object Management.Automation.RuntimeDefinedParameterDictionary
 
-        if ($Mode -eq 'Smb') { $PipeNameParam = New-RuntimeParameter -Name PipeName -Type String -Mandatory -Position 2 -ParameterDictionary $ParameterDictionary }
-        else { $PortParam = New-RuntimeParameter -Name Port -Type Int -Mandatory -Position 2 -ParameterDictionary $ParameterDictionary }
+        if ($Mode -eq 'Smb') { New-RuntimeParameter -Name PipeName -Type String -Mandatory -Position 2 -ParameterDictionary $ParameterDictionary }
+        else { New-RuntimeParameter -Name Port -Type Int -Mandatory -Position 2 -ParameterDictionary $ParameterDictionary }
 
-        if ($Mode -ne 'Udp') { $SslParam = New-RuntimeParameter -Name SslKey -Type String -ParameterDictionary $ParameterDictionary }
+        if ($Mode -eq 'Tcp') { New-RuntimeParameter -Name SslCn -Type String -ParameterDictionary $ParameterDictionary }
 
         if ($Execute.IsPresent) { 
-            $ScriptBlockParam = New-RuntimeParameter -Name ScriptBlock -Type ScriptBlock -ParameterDictionary $ParameterDictionary 
-            $ArgumentListParam = New-RuntimeParameter -Name ArgumentList -Type Object[] -ParameterDictionary $ParameterDictionary 
+            New-RuntimeParameter -Name ScriptBlock -Type ScriptBlock -ParameterDictionary $ParameterDictionary 
+            New-RuntimeParameter -Name ArgumentList -Type Object[] -ParameterDictionary $ParameterDictionary 
         }
         return $ParameterDictionary
     }
@@ -64,12 +64,12 @@
 
         switch ($Mode) {
             'Smb' { 
-                try { $ClientStream = New-SmbStream $RemoteIp $ParameterDictionary.PipeName.Value $ParameterDictionary.SslKey.Value $Timeout  }
+                try { $ClientStream = New-SmbStream $RemoteIp $ParameterDictionary.PipeName.Value $Timeout }
                 catch { Write-Warning "Failed to open Smb stream. $($_.Exception.Message)" ; return }
                 continue 
             }
             'Tcp' { 
-                try { $ClientStream = New-TcpStream $ServerIp $ParameterDictionary.Port.Value $ParameterDictionary.SslKey.Value $Timeout }
+                try { $ClientStream = New-TcpStream $ServerIp $ParameterDictionary.Port.Value $ParameterDictionary.SslCn.Value $Timeout }
                 catch { Write-Warning "Failed to open Tcp stream. $($_.Exception.Message)" ; return }
                 continue 
             }
@@ -246,7 +246,7 @@
         }
     }
     End { # Cleanup
-        [console]::TreatControlCAsInput = $false
+        Write-Host "`n"
 
         if ($PSCmdlet.ParameterSetName -eq 'ReceiveFile') { $FileStream.Flush() ; $FileStream.Dispose() }
 
@@ -257,5 +257,6 @@
             try { Close-NetworkStream $RelayMode $RelayStream }
             catch { Write-Warning "Failed to close relay stream. $($_.Exception.Message)" }
         }
+        [console]::TreatControlCAsInput = $false
     }
 }
diff --git a/Functions/Helpers/New-X509Certificate.ps1 b/Functions/Helpers/New-X509Certificate.ps1
@@ -1,24 +1,23 @@
 function New-X509Certificate { 
-    [CmdletBinding()]
     Param (
         [Parameter(Position = 0, Mandatory = $true)]
         [ValidateNotNullOrEmpty()]
-        [String]$SslKey,
-
-        [Parameter(Position = 0, Mandatory = $true)]
-        [ValidateSet(1024,2048)]
-        [Int]$KeyLength = 1024
+        [String]$CommonName
     )      
     $DN = New-Object -ComObject 'X509Enrollment.CX500DistinguishedName.1'
-    $DN.Encode("CN=$ServerName", 0)
+    $DN.Encode("CN=$CommonName", 0)
 
     $PrivateKey = New-Object -ComObject 'X509Enrollment.CX509PrivateKey.1'
     $PrivateKey.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
-    $PrivateKey.KeySpec = 1
-    $PrivateKey.Length = $KeyLength
-    $PrivateKey.MachineContext = 1
+    $PrivateKey.KeySpec = 1 # XCN_AT_KEYEXCHANGE
+    $PrivateKey.ExportPolicy = 2 # XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG
+    $PrivateKey.MachineContext = $true
+    $PrivateKey.Length = 2048
     $PrivateKey.Create()
 
+    $HashAlg = New-Object -ComObject 'X509Enrollment.CObjectId.1'
+    $HashAlg.InitializeFromAlgorithmName(1, 0, 0, 'SHA512')
+
     $ServerAuthOid = New-Object -ComObject 'X509Enrollment.CObjectId.1'
     $ServerAuthOid.InitializeFromValue('1.3.6.1.5.5.7.3.1')
     $EkuOid = New-Object -ComObject 'X509Enrollment.CObjectIds.1'
@@ -27,13 +26,24 @@
     $EkuExtension.InitializeEncode($EkuOid)
 
     $Certificate = New-Object -ComObject 'X509Enrollment.CX509CertificateRequestCertificate.1'
-    $Certificate.InitializeFromPrivateKey(2, $PrivateKey, "")
+    $Certificate.InitializeFromPrivateKey(2, $PrivateKey, '')
     $Certificate.Subject = $DN
     $Certificate.Issuer = $Certificate.Subject
     $Certificate.NotBefore = [DateTime]::Now.AddDays(-1)
     $Certificate.NotAfter = $Certificate.NotBefore.AddDays(90)
     $Certificate.X509Extensions.Add($EkuExtension)
+    $Certificate.HashAlgorithm = $HashAlg
     $Certificate.Encode()
+
+    $Enroll = New-Object -ComObject 'X509Enrollment.CX509Enrollment.1'
+    $Enroll.InitializeFromRequest($Certificate)
+    $Enroll.CertificateFriendlyName = $CommonName
+    $Csr = $Enroll.CreateRequest()
+    $Enroll.InstallResponse(2, $Csr, 1, '')
+    $Base64 = $Enroll.CreatePFX('', 0)
+
+    $Bytes = [Convert]::FromBase64String($Base64)
+    $X509Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2($Bytes, '')
 
-    return $Certificate
+    return $X509Cert
 }
diff --git a/Functions/NetworkStreams/Close-NetworkStream.ps1 b/Functions/NetworkStreams/Close-NetworkStream.ps1
@@ -9,23 +9,23 @@
     switch ($Mode) {
         'Smb' { 
             try { $Stream.Pipe.Dispose() }
-            catch { Write-Verbose "Failed to dispose Smb stream. $($_.Exception.Message)." }
+            catch { Write-Verbose "Failed to close Smb stream. $($_.Exception.Message)." }
             continue 
         }
         'Tcp' { 
             try { 
                 if ($PSVersionTable.CLRVersion.Major -lt 4) { $Stream.Socket.Close() ; $Stream.TcpStream.Close() }
                 else { $Stream.Socket.Dispose() ; $Stream.TcpStream.Dispose() }
             }
-            catch { Write-Verbose "Failed to dispose Tcp socket. $($_.Exception.Message)." }
+            catch { Write-Verbose "Failed to close Tcp stream. $($_.Exception.Message)." }
             continue 
         }
         'Udp' { 
             try { 
                 if ($PSVersionTable.CLRVersion.Major -lt 4) { $Stream.Socket.Close() ; $Stream.UdpClient.Close() }
                 else { $Stream.Socket.Dispose() ; $Stream.UdpClient.Dispose() }
             }
-            catch { Write-Verbose "Failed to dispose Udp socket. $($_.Exception.Message)." }
+            catch { Write-Verbose "Failed to close Udp stream. $($_.Exception.Message)." }
         }
     }
 }
diff --git a/Functions/NetworkStreams/New-SmbStream.ps1 b/Functions/NetworkStreams/New-SmbStream.ps1
@@ -9,10 +9,7 @@
 
         [Parameter(Position = 1)]
         [ValidateNotNullorEmpty()]
-        [String]$PipeName, 
-
-        [Parameter(Position = 2)]
-        [String]$SslKey, 
+        [String]$PipeName,  
 
         [Parameter(Position = 3)]
         [Int]$Timeout = 60,
@@ -61,13 +58,6 @@
         Write-Verbose "Connection from client accepted."
 
         $Buffer = New-Object Byte[] $BufferSize
-
-        if ($PSBoundParameters.SslKey) { 
-            $PipeServer = New-Object System.Net.Security.SslStream($PipeServer, $false,{ param($Sender, $Cert, $Chain, $Policy) return $true })
-            $Certificate = New-X509Certificate -SslKey $SslKey
-            $PipeServer.AuthenticateAsServer($Certificate)
-            Write-Verbose "SSL Encrypted: $($PipeServer.IsEncrypted)"
-        }
 
         $Properties = @{
             Pipe = $PipeServer
@@ -88,12 +78,6 @@
         Write-Verbose "Connected to $ServerIp`:$PipeName."
 
         $Buffer = New-Object Byte[] $BufferSize
-
-        if ($PSBoundParameters.SslKey) { 
-            $PipeClient = New-Object System.Net.Security.SslStream($PipeClient, $false,{ param($Sender, $Cert, $Chain, $Policy) return $true })
-            $PipeClient.AuthenticateAsClient($SslKey)
-            Write-Verbose "SSL Encrypted: $($PipeClient.IsEncrypted)"
-        }
 
         $Properties = @{
             Pipe = $PipeClient

diff --git a/Functions/NetworkStreams/New-TcpStream.ps1 b/Functions/NetworkStreams/New-TcpStream.ps1
@@ -11,7 +11,7 @@
         [Int]$Port, 
 
         [Parameter(Position = 2)]
-        [String]$SslKey, 
+        [String]$SslCn, 
 
         [Parameter(Position = 3)]
         [Int]$Timeout = 60
@@ -26,10 +26,10 @@
         Write-Verbose "Listening on 0.0.0.0:$Port [tcp]"
 
         $Stopwatch = [Diagnostics.Stopwatch]::StartNew()
-        [console]::TreatControlCAsInput = $true
+        #[console]::TreatControlCAsInput = $true
 
         do {
-            if ([console]::KeyAvailable) {          
+            <#if ([console]::KeyAvailable) {          
                 $Key = [console]::ReadKey($true)
                 if ($Key.Key -eq [Consolekey]::Escape) {
                     Write-Warning 'Caught escape sequence, stopping TCP setup.'
@@ -38,17 +38,17 @@
                     $Stopwatch.Stop()
                     return
                 }
-            }
+            }#>
             if ($Stopwatch.Elapsed.TotalSeconds -gt $Timeout) {
                 Write-Warning 'Timeout exceeded, stopping TCP setup.'
-                [console]::TreatControlCAsInput = $false
+                #[console]::TreatControlCAsInput = $false
                 $TcpListener.Stop()
                 $Stopwatch.Stop()
                 return
             }
         } until ($ConnectResult.IsCompleted)
 
-        [console]::TreatControlCAsInput = $false
+        #[console]::TreatControlCAsInput = $false
         $Stopwatch.Stop() 
 
         $TcpClient = $TcpListener.EndAcceptTcpClient($ConnectResult)
@@ -61,9 +61,9 @@
         $TcpStream = $TcpClient.GetStream()
         $Buffer = New-Object Byte[] $TcpClient.ReceiveBufferSize
 
-        if ($PSBoundParameters.SslKey) { 
-            $TcpStream = New-Object System.Net.Security.SslStream($TcpStream, $false,{ param($Sender, $Cert, $Chain, $Policy) return $true })
-            $Certificate = New-X509Certificate -SslKey $SslKey
+        if ($PSBoundParameters.SslCn) { 
+            $TcpStream = New-Object System.Net.Security.SslStream($TcpStream, $false)
+            $Certificate = New-X509Certificate $SslCn
             $TcpStream.AuthenticateAsServer($Certificate)
             Write-Verbose "SSL Encrypted: $($TcpStream.IsEncrypted)"
         }
@@ -122,9 +122,9 @@
         $TcpStream = $TcpClient.GetStream()
         $Buffer = New-Object Byte[] $TcpClient.ReceiveBufferSize
 
-        if ($PSBoundParameters.SslKey) { 
-            $TcpStream = New-Object System.Net.Security.SslStream($TcpStream, $false,{ param($Sender, $Cert, $Chain, $Policy) return $true })
-            $TcpStream.AuthenticateAsClient($SslKey)
+        if ($PSBoundParameters.SslCn) { 
+            $TcpStream = New-Object System.Net.Security.SslStream($TcpStream, $false, { param($Sender, $Cert, $Chain, $Policy) return $true })
+            $TcpStream.AuthenticateAsClient($SslCn)
             Write-Verbose "SSL Encrypted: $($TcpStream.IsEncrypted)"
         }
 

diff --git a/Functions/Start-PowerCat.ps1 b/Functions/Start-PowerCat.ps1
@@ -37,13 +37,15 @@
     DynamicParam {
         $ParameterDictionary = New-Object Management.Automation.RuntimeDefinedParameterDictionary
 
-        if ($Mode -eq 'Smb') { $PipeNameParam = New-RuntimeParameter -Name PipeName -Type String -Mandatory -Position 1 -ParameterDictionary $ParameterDictionary }
-        else { $PortParam = New-RuntimeParameter -Name Port -Type Int -Mandatory -Position 1 -ParameterDictionary $ParameterDictionary }
+        if ($Mode -eq 'Smb') { New-RuntimeParameter -Name PipeName -Type String -Mandatory -Position 1 -ParameterDictionary $ParameterDictionary }
+        else { New-RuntimeParameter -Name Port -Type Int -Mandatory -Position 1 -ParameterDictionary $ParameterDictionary }
+
+        if ($Mode -eq 'Tcp') { New-RuntimeParameter -Name SslCn -Type String -ParameterDictionary $ParameterDictionary }
 
         if ($Execute.IsPresent) { 
-            $ScriptBlockParam = New-RuntimeParameter -Name ScriptBlock -Type ScriptBlock -ParameterDictionary $ParameterDictionary 
-            $ArgumentListParam = New-RuntimeParameter -Name ArgumentList -Type Object[] -ParameterDictionary $ParameterDictionary 
-            $KeepAliveParam = New-RuntimeParameter -Name KeepAlive -Type Switch -ParameterDictionary $ParameterDictionary
+            New-RuntimeParameter -Name ScriptBlock -Type ScriptBlock -ParameterDictionary $ParameterDictionary 
+            New-RuntimeParameter -Name ArgumentList -Type Object[] -ParameterDictionary $ParameterDictionary 
+            New-RuntimeParameter -Name KeepAlive -Type Switch -ParameterDictionary $ParameterDictionary
         }
         return $ParameterDictionary
     }
@@ -52,14 +54,14 @@
         while ($true) {
             switch ($Mode) {
                 'Smb' { 
-                    try { $ServerStream = New-SmbStream -Listener $ParameterDictionary.PipeName.Value -TimeOut $Timeout }
+                    try { $ServerStream = New-SmbStream -Listener $ParameterDictionary.PipeName.Value $Timeout }
                     catch { Write-Warning "Failed to open Smb stream. $($_.Exception.Message)" ; return }
                     continue 
                 }
                 'Tcp' { 
                     if ((Test-Port -Number $ParameterDictionary.Port.Value -Transport Tcp)) {
-                        try { $ServerStream = New-TcpStream -Listener $ParameterDictionary.Port.Value -TimeOut $Timeout }
-                        catch { Write-Warning "$($_.Exception.Message)" }
+                        try { $ServerStream = New-TcpStream -Listener $ParameterDictionary.Port.Value $ParameterDictionary.SslCn.Value $Timeout }
+                        catch { Write-Warning "Failed to open Tcp stream. $($_.Exception.Message)" ; return }
                     }
                     continue 
                 }
@@ -234,8 +236,7 @@
             }
 
             # Cleanup
-            [console]::TreatControlCAsInput = $false
-
+            Write-Host "`n"
             if ($PSCmdlet.ParameterSetName -eq 'ReceiveFile') { $FileStream.Flush() ; $FileStream.Dispose() }
 
             try { Close-NetworkStream $Mode $ServerStream }
@@ -245,6 +246,7 @@
                 try { Close-NetworkStream $RelayMode $RelayStream }
                 catch { Write-Warning "Failed to close relay stream. $($_.Exception.Message)" }
             }           
+            [console]::TreatControlCAsInput = $false
             if (!$ParameterDictionary.KeepAlive.IsSet) { break }
         }
     }

diff --git a/PowerCat.psd1 b/PowerCat.psd1