Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added the Wow64 switch to Prepare-Payload 

Now, you can optionally output a call to the x86 (Wow64) version of
PowerShell.
This commit is contained in:
bitform 2012-12-14 19:45:10 -05:00
parent ff32d1b36b
commit 7fda3dffea
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Prepare-Payload.ps1
View File

@ -33,6 +33,10 @@ Outputs the option to not load the Windows PowerShell profile.
Outputs the option to not present an interactive prompt to the user.
.PARAMETER Wow64
Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.
.PARAMETER WindowStyle
Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.
@ -82,6 +86,9 @@ http://www.exploit-monday.com
[Switch]
$NonInteractive,
[Switch]
$Wow64,
[ValidateSet('Normal', 'Minimized', 'Maximized', 'Hidden')]
[String]
$WindowStyle
@ -124,7 +131,14 @@ http://www.exploit-monday.com
if ($PSBoundParameters['WindowStyle'])
{ $CommandlineOptions += "-WindowStyle $($PSBoundParameters['WindowStyle'])" }
if ($PSBoundParameters['Wow64'])
{
$CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"
}
else
{
$CommandLineOutput = "powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"
}
Write-Output $CommandLineOutput
}