Home > Back-end >  Powershell read shellcode from file
Powershell read shellcode from file

Time:01-27


I have a powershell script which execute the shellcode.
$code = 0xe8,0x3b,0x3d,0x03,0x00,0x3b,0x3d,0x03
$code.GetType()
[Byte[]] $buf = $code
$buf.Length

The output of above command is

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array
8

But when i save the shellcode in text file and executes it, it doesn't execute and buffer length is also different.

$codes = @(Get-Content -Raw C:\Users\abc\Downloads\code.txt)
$codes.GetType()
[Byte[]] $buf = $codes.ToCharArray()
echo $buf.Length

The Output of above command

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array
39

By any chance can i execute the above shellcode from text file and keeping the buffer length same.

CodePudding user response:

If the file consists of 8 bytes, use Get-Content -Encoding Byte:

# Windows PowerShell
$codes = @(Get-Content C:\Users\abc\Downloads\code.txt -Encoding Byte)

# PowerShell 7
$codes = @(Get-Content C:\Users\abc\Downloads\code.txt -AsByteStream)

If the file instead contains the literal string 0xe8,0x3b,0x3d,0x03,0x00,0x3b,0x3d,0x03, you'll need to split up the list and parse them as numerical values first:

$codes = @(Get-Content -Raw C:\Users\abc\Downloads\code.txt)
$codes = $codes.Trim() -split '(?s)[\s,] ' -as [byte[]]
  • Related