-
Notifications
You must be signed in to change notification settings - Fork 33
/
B64.ps1
154 lines (126 loc) · 3.66 KB
/
B64.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
## Powershell function for quickly encoding a string
function Encode-Command
{
<#
.SYNOPSIS
PowerShell cmdlet for b64 encoding strings
.DESCRIPTION
this script is able to encode commands to run for PowerShell -Enc
.PARAMETER command
This is the string you want to base 64 encode
.EXAMPLE
PS C:\> Import-Module B64.ps1
PS C:\> Encode-Command -c "net user"
PS C:\> Powershell.exe -Enc bgBlAHQAIAB1AHMAZQByAA==
.LINK
https://github.com/ahhh/
http://lockboxx.blogspot.com/
https://blogs.msdn.microsoft.com/timid/2014/03/26/powershell-encodedcommand-and-round-trips/
.NOTES
EZ-Mode tool
#>
[CmdletBinding()] Param(
[Parameter(Mandatory = $true, ValueFromPipeline=$true)]
[Alias("c", "command")]
[String]
$Commandz
)
# To use the -EncodedCommand parameter:
$command = $Commandz
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
$encodedCommand
}
function Decode-Command
{
<#
.SYNOPSIS
PowerShell cmdlet for b64 encoding strings
.DESCRIPTION
this script is for decoding b64 commands that get run in PowerShell -Enc
.PARAMETER command
This is the string you want to base 64 decode
.EXAMPLE
PS C:\> Import-Module B64.ps1
PS C:\> Decode-Command -c bgBlAHQAIAB1AHMAZQByAA==
.LINK
https://github.com/ahhh/
http://lockboxx.blogspot.com/
https://blogs.msdn.microsoft.com/timid/2014/03/26/powershell-encodedcommand-and-round-trips/
.NOTES
EZ-Mode tool
#>
[CmdletBinding()] Param(
[Parameter(Mandatory = $true, ValueFromPipeline=$true)]
[Alias("c", "command")]
[String]
$Commandz
)
$decodedCommand = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Commandz));
$decodedCommand
}
function Encode-File
{
<#
.SYNOPSIS
PowerShell cmdlet for b64 encoding a file to get embeded in a script
.DESCRIPTION
this script is able to encode files to later be embeded and run in a script
.PARAMETER file
This is the location of the file you want to base64 encoded
.EXAMPLE
PS C:\> Import-Module B64.ps1
PS C:\> Encode-File -f "C:\lol.exe"
.LINK
https://github.com/ahhh/
http://lockboxx.blogspot.com/
http://www.getautomationmachine.com/en/company/news/item/embedding-files-in-powershell-scripts
.NOTES
EZ-Mode tool
#>
[CmdletBinding()] Param(
[Parameter(Mandatory = $true, ValueFromPipeline=$true)]
[Alias("f", "file")]
[String]
$filez
)
# To use embeded in a script
$Content = Get-Content -Path $filez -Encoding Byte
$Base64 = [System.Convert]::ToBase64String($Content)
$Base64
}
function Decode-File
{
<#
.SYNOPSIS
PowerShell cmdlet for dropping a file that has been base64 encoded into the script
.DESCRIPTION
this script is supposed to drop binary files from encoded bas64
.PARAMETER file
This is the location of the file you want to write with the decoded base64
.PARAMETER enc
This is the base64 encoded file content that you are decoding
.EXAMPLE
PS C:\> Import-Module B64.ps1
PS C:\> type .\file.b64.txt | Decode-File -f .\dropped.exe
.LINK
https://github.com/ahhh/
http://lockboxx.blogspot.com/
http://www.getautomationmachine.com/en/company/news/item/embedding-files-in-powershell-scripts
.NOTES
EZ-Mode tool
#>
[CmdletBinding()] Param(
[Parameter(Mandatory = $true, ValueFromPipeline=$true)]
[Alias("e", "EncodedFile", "c")]
[String]
$enc,
[Parameter(Mandatory = $true)]
[Alias("f", "file")]
[String]
$filez
)
$Content = [System.Convert]::FromBase64String($Enc)
Set-Content -Path $filez -Value $Content -Encoding Byte
Write-Host "Wrote out file $filez"
}