Author Posts

July 19, 2016 at 9:24 pm

Hello again, I discovered that the command uncoded bad, but I do not understand what is wrong:

My Code :

$command = "(New-Object System.Net.WebClient).DownloadFile('http://localhost/update_program.exe','updater.exe'); Start-Process 'updater.exe'"
$bytes = [Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
echo $encodedCommand

Return

KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGU
AbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwBsAG8AYwBhAG
wAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAGUAeABlACcALAAnAHUAcABkA
GEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAnAHUAcABk
AGEAdABlAHIALgBlAHgAZQAnAA==

I try :

powershell -encodeCommand KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwBsAG8AYwBhAGwAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAGUAeABlACcALAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnAA==

Return

Missing expression after unary operator '-'.
In line: 1 Character: 2
+ - < <<< encodeCommand KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUA
dAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQ
AcAA6AC8ALwBsAG8AYwBhAGwAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAG
UAeABlACcALAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvA
GMAZQBzAHMAIAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnAA==
    + CategoryInfo          : ParserError: (-:String) [], ParentContainsErrorR
   ecordException
    + FullyQualifiedErrorId : MissingExpressionAfterOperator

Because my command coded fails?

July 19, 2016 at 9:33 pm

It's -EncodedCommand not -EncodeCommand.

July 19, 2016 at 9:50 pm

Noooooooooooooooo , Epic Fail , Mega Noob , Thanks Don Jones ajajajaja