Lets make Bashing Powershell easier shall we...

[PoSHMagiC0de]

Oneliners got you down?  Trying to type out all that text and including escapes getting confusing and then modifying later on is even more frustrating?  Well, lets try having our one liner a multiliner in the beginning and encode it, all from bash.  Complete with all the bash variables you want to pass and powershell variables you want to be unharmed.

The original premise is from @elkentaro post about PowerRun he wrote using iconv.  This can convert files to whatever encoding you want.  Well, we are not converting files here, we will be converting echoed text...or echoed variable.  Lets do the example as a payload since most of you may not run linux or if you do, do not run Powershell 6 on it to test seamlessly.

This is a hacky way of doing it but it works.

LED SETUP
MYTEXT="Charles"
MYSCRIPT="
\$name = \"$MYTEXT\";
cls;
Start-Sleep -s 2;
Write-Host \"Hello there, \$(\$name).\";
"
ENCODED=$(echo $MYSCRIPT | iconv -t utf-16le | base64 -w 0)

ATTACKMODE HID
Q DELAY 5000
LED ATTACK
GUI r
Q STRING "cmd"
Q DELAY 500
Q ENTER
Q DELAY 2000
Q STRING "powershell -E \"$ENCODED\""
Q DELAY 700
Q ENTER
LED FINISH

So, you still have to escape (") when inside quotes or use single quotes instead but isn't that much easier to follow?  You also still need to escape ($) where you want to them passed to powershell rather than bash replace with its own value it has.  Also, since bash concatenates each line, you will have to add a semicolon to each line except where a loop starts and begin or statement like below.

 

MYTEXT="
while \$true
{
    Start-Sleep -s 1;
    Write-Host \"Running loop\";
}
"

#or
MYTEXT="
if(\$i -eq 4)
{
    Write-Host \"Item is 4.\";
}
"

Now, if you do not need to pass any values to from bash then you can have all your Powershell in a file all neat and formatted without all the escapes and stuff and then use the PowerRun method to encode.  This is a lost gem I decided to resurrect and show a spin on.