Главная

Saturday, 14 April 2018

EncodedCommand in Powershell.


Hi all.

I have discovered one cool feature in Poweshell. So  Powershell can execute code as encoded 64Base text. And this encoded command we can insert in our script directly. We have to use the -EncodedCommand parameter.


For example:
# first step
     $command = 'dir "c:\program files" '
     $bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
     $myEncodedCommand = [Convert]::ToBase64String($bytes)
# second step
  powershell.exe -EncodedCommand $myEncodedCommand
This is the same code as
powershell -EncodedCommand MQAuAC4AMQAwACAAfAAgACUAIAB7ACAAIgBQAG8A
dwBlAHIAUwBoAGUAbABsACAAUgBvAGMAawBzACIAIAB9AA==

Wow, it can be use for hide my command against, maybe, antivirus software).

For decoding our encoded command we can use this example:
     $decodedCommand =
[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($encodedCommand));
     $decodedCommand

Good luck.

No comments:

Post a Comment

А что вы думаете по этому поводу?