Powershell 从文件中读取 shellcode
[英]Powershell read shellcode from file
问题描述
I have a powershell script which execute the shellcode.
我有一个执行 shellcode 的 powershell 脚本。
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True Object[] System.Array
8
The output of above command is上面命令的output是
$codes = @(Get-Content -Raw C:\Users\abc\Downloads\code.txt)
$codes.GetType()
[Byte[]] $buf = $codes.ToCharArray()
echo $buf.Length
But when i save the shellcode in text file and executes it, it doesn't execute and buffer length is also different.但是当我将 shellcode 保存在文本文件中并执行它时,它不会执行并且缓冲区长度也不同。
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True Object[] System.Array
39
The Output of above command以上命令的Output
IsPublic IsSerial Name BaseType -------- -------- ---- -------- True True Object[] System.Array 39
By any chance can i execute the above shellcode from text file and keeping the buffer length same.我可以通过任何机会从文本文件执行上述 shellcode 并保持缓冲区长度不变。
1 个解决方案
解决方案1
0 已采纳 2023-01-26 11:29:56
If the file consists of 8 bytes, use Get-Content -Encoding Byte :如果文件包含 8 个字节,请使用Get-Content -Encoding Byte :
# Windows PowerShell
$codes = @(Get-Content C:\Users\abc\Downloads\code.txt -Encoding Byte)
# PowerShell 7
$codes = @(Get-Content C:\Users\abc\Downloads\code.txt -AsByteStream)
If the file instead contains the literal string 0xe8,0x3b,0x3d,0x03,0x00,0x3b,0x3d,0x03 , you'll need to split up the list and parse them as numerical values first:如果文件改为包含文字字符串0xe8,0x3b,0x3d,0x03,0x00,0x3b,0x3d,0x03 ,则需要拆分列表并首先将它们解析为数值:
$codes = @(Get-Content -Raw C:\Users\abc\Downloads\code.txt)
$codes = $codes.Trim() -split '(?s)[\s,]+' -as [byte[]]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.