Powershell History Module Loses Capitalization

[dmlino]

Describe the bug
I was testing the powershell_history module and I noticed that the stings lose the capitalization, leading to incorrect passwords, for example:

cat .\ConsoleHost_history.txt $passwd = ConvertTo-SecureString ""?SeCretPassWord!"" -AsPlainText -Force $creds = New-Object System.Management.Automation.PSCredential (""domain.local\Administrator"", $passwd)
Becomes:

$passwd = convertto-securestring ""?secretpassword!"" -asplaintext -force $creds = new-object system.management.automation.pscredential (""domain.local\administrator"", $passwd)

This also affects the exported file.

To Reproduce
Steps to reproduce the behavior i.e.:
Command: netexec smb -u username -p password -M powershell_history

Expected behavior
The output should contain the same capilatizaion as the original file in windows.

NetExec info

• OS: Kali
• Version of nxc: v1.3.0
• Installed from: Github

[termanix]

Thank you for the bug! I will look at it soon.

[Dfte]

Is because of these:

file_content = buf.read().decode("utf-8", errors="ignore").lower()                
keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword in file_content]

I used these to match string without storing a copy of the file's content as it is. Making a temp variable that will be stored in the export will fix it :)