Hi all.
I have discovered one cool feature in Poweshell. So Powershell can execute code as encoded 64Base text. And this encoded command we can insert in our script directly. We have to use the -EncodedCommand parameter.
For example:
# first step
$command = 'dir "c:\program files" '
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$myEncodedCommand = [Convert]::ToBase64String($bytes)
# second step
powershell.exe -EncodedCommand $myEncodedCommand
This is the same code as
powershell -EncodedCommand MQAuAC4AMQAwACAAfAAgACUAIAB7ACAAIgBQAG8A
dwBlAHIAUwBoAGUAbABsACAAUgBvAGMAawBzACIAIAB9AA==
Wow, it can be use for hide my command against, maybe, antivirus software).
For decoding our encoded command we can use this example:
$decodedCommand =
[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($encodedCommand));
$decodedCommand
Good luck.
No comments:
Post a Comment
А что вы думаете по этому поводу?