Kali Rolling and PowerShell Core
This is a post primarily so I don't forget what I did to make these two play nice together. Specifically, the current version of Microsoft PowerShell Core (i.e., 6.0.1-1 at time of writing) had dependency issues that prevented it from installing on Kali Rolling. Persistence pays off and these are the steps to get it working. Note that my current version of Kali is 2018.1.
1. Download the latest PowerShell Core
Visit https://github.com/PowerShell/PowerShell and grab the latest version. Try and install it first, as updates may have resolved the issue. Installation is simple, just type the following to install:
# dpkg -i powershell_6.0.1-1.ubuntu.16.04_amd64.deb
If this worked then congrats you win and move on to investigating cool things like Daniel Bohannon's Invoke-CradleCrafter project ;)
2. Otherwise, you get these errors...Oh Nooos
You may have gotten these errors, which scream of unmet dependencies.
Note that liblttng-ust0 is a current package within Kali's source repos, so you can install by typing:
# apt-get install liblttng-ust0
But the problems lies with libicu55, which is not found in the Kali repos. Rather, version libicu57 is the current binary available. I thought, no problem, I will just download and install libicu55 from a deb package. WARNING: DO NOT DO THAT. YOU WILL SEG FAULT. Instead...
3. Hex Edit the Deb build and repackage
The problem with the install is that the Debian control file contains references to both outdated versions of OpenSSL (may as well use the latest) and libicu55. Let's fix that.
Unpack the Debian package and edit
Firs,t create a powershell_tmp directory
# mkdir powershell_tmp
Next, move powershell_6.0.1-1.ubuntu.16.04_amd64.deb into the directory
# mv powershell_6.0.1-1.ubuntu.16.04_amd64.deb powershell_tmp/
Then, extract the archive contents so we can manipulate it
# ar x powershell_6.0.1-1.ubuntu.16.04_amd64.deb
Lastly, we unpack the control.tar.gz archive
# tar xzpf control.tar.gz
At this point your directory should have something similar to this:
# ls
control control.tar.gz data.tar.gz debian-binary md5sums postinst postrm
We need to modify the contents of the control, as I previously mentioned. Crack open your hex editor of choice. I typically use Bless, but whatever is clever. Examine the file and note the highlighted selection within the text column, right side:
Now make it look like this:
Save the file. It is time to repackage back into a usable Deb.
Repack the deb and install PowerShell Core
# tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control
# ar rcs powershell.deb debian-binary control.tar.gz data.tar.gz
If all went well you know have a file called powershell.deb. Install it just as you would any other deb package:
# dpkg -i powershell.deb
With it installed, we can test it out:
# pwsh
PS /root/Desktop/Tools/OpSec/Invoke-CradleCrafter> Invoke
Invoke-CradleCrafter.ps1 Invoke-History
Invoke-CradleCrafter.psd1 Invoke-Item
Invoke-Command Invoke-OutCradle
Invoke-CradleCrafter Invoke-RestMethod
Invoke-Expression Invoke-WebRequest
Conclusion
This one was a brief trivial post but something that I fought with for a minute. As such, I figured I would share as I would imagine others may have or will run into this problem. Enjoy and always forward.