elkentaro Posted April 21, 2017 Share Posted April 21, 2017 (edited) So a new extension I wrote to avoid to have to escape special characters for complex powershells. This extension takes a text file containing the powershell command. Example: RUNPOWER switch1/pstxt.txt inside the pstxt.txt file : Set-WinUserLanguageList -LanguageList en-US -force; Basically it takes the contents of the text file and encodes it to a base64 string and passes it to powershell as an encoded command. (also works as obfuscation of the attack code) https://github.com/elkentaro/bashbunny-payloads/blob/master/library/extensions/runpower.sh @elkentaro Edited April 21, 2017 by elkentaro 2 Quote Link to comment Share on other sites More sharing options...
elkentaro Posted April 21, 2017 Author Share Posted April 21, 2017 my bad. The very first one had an typo. its fixed now. I guess I shouldn't commit codes at 4am. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 27, 2017 Share Posted April 27, 2017 So that is is how you do Unicode base64 encoding in bash. :-) I can see myself using this instead of encoding commands myself when I want to use them via a quack. Only things I would change would be to make it have an extra parameter that I can use to add a string of parameters to be prepended before the encoded command like if I wanted to hide the powershell window or make it non interactive, etc. Second is I would make it just out put the powershell command. no gui r or anything. Reason being is most have been doing prep work before running their script like from the run command getting a UAC bypassed cmd shell to run their powershell in. Quote Link to comment Share on other sites More sharing options...
elkentaro Posted April 27, 2017 Author Share Posted April 27, 2017 Hm..cool ideas. I'll think about adding some more stuff to it , once I get back from being on the road. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.