2

I want to encode a powershell script from string, but I can't get it to be encoded in UTF16-LE.

I am using this to encode it to base64 string.

string encodedscript = "powershell -nop -enc " + Convert.ToBase64String(Encoding.UTF8.GetBytes(PowerShellScript));

But when i try to use UTF16-LE encoding, it does not work, for example:

string encodedscript = "powershell -nop -enc " + Convert.ToBase64String(Encoding.UTF16-LE.GetBytes(PowerShellScript));

So my question is how do i encode Powershell script using c# so it will be acceptable by powershell.

I am trying to achieve something like on this website in C#: https://raikia.com/tool-powershell-encoder/

This is code example, the powershell script PowerShellScript is extremly long.

Here is some example encoded script: https://pastesite.org/view/raw/74b98937

Example script: https://pastesite.org/view/raw/b573f289

Speed Runer
  • 75
  • 7
  • 3
    `Encoding.Unicode` – Theo Nov 13 '21 at 09:39
  • @Theo I keep getting this error: Program 'powershell.exe' failed to run: The filename or extension is too longAt line:1 char:1 + powershell -nop -enc DQAKACQAZwBHAEIATABkAHkAIAA9ACAAWwBTAHkAcwB0AGUA ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~. At line:1 char:1 + powershell -nop -enc DQAKACQAZwBHAEIATABkAHkAIAA9ACAAWwBTAHkAcwB0AGUA ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException + FullyQualifiedErrorId : NativeCommandFailed – Speed Runer Nov 13 '21 at 09:50
  • Also when i run from batch file i get this error: The system cannot execute the specified program. – Speed Runer Nov 13 '21 at 09:53
  • 1
    If I compare the result of "Get-Date" in the link you gave (result `RwBlAHQALQBEAGEAdABlAA==`) to PowerShell `[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("Get-Date"))` it gives me an equal result. That would mean in C# `Convert.ToBase64String(Encoding.Unicode.GetBytes(PowerShellScript))` would do the same I guess ? See also [this answer](https://stackoverflow.com/a/57404296/9898643) – Theo Nov 13 '21 at 10:26
  • Please show a complete, minimal code sample, that we can use to try and reproduce the issue. We don't know what `PowerShellScript` is, if and how you read it from disk and so on. – zett42 Nov 13 '21 at 10:49
  • @zett42 Here is some encoded example: https://pastesite.org/view/raw/74b98937 And here is the RAW script: https://pastesite.org/view/raw/b573f289 – Speed Runer Nov 13 '21 at 11:03
  • That link is 45,200 characters long. The maximum command line length is 8,191 characters. [Source](https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/command-line-string-limitation) – TessellatingHeckler Nov 14 '21 at 06:49
  • @TessellatingHeckler Is there any way to bypass it? – Speed Runer Nov 14 '21 at 09:44
  • @SpeedRuner going through CreateProcess API [gets you to 32,767](https://devblogs.microsoft.com/oldnewthing/20031210-00/?p=41553); other than that, put the code in a temp file I guess. – TessellatingHeckler Nov 14 '21 at 17:22
  • Ok thank everyone for helping out, i fixed it few minutes ago by creating this batch file: #^ &@@ECho Off && cls && powershell -exec bypass -nop -noni - < "%~f0" && exit /B #POWERSHELL CODE GOES HERE! – Speed Runer Nov 14 '21 at 19:59

2 Answers2

2

Ok thanks everyone, for helping me out, i came out with this batch script which relaunches it self as powershell script, still yet working. But it shows error at start. I am suppressing it with && cls

#^ &@@Echo Off && Cls && Powershell -exec bypass -nop -noni - < "%~f0" && exit /B
#POWERSHELL CODE GOES HERE!
Speed Runer
  • 75
  • 7
  • 1
    That is a pretty cool approach! Reminds me I have answered a question like it for [a script which is both Bash shell and PowerShell](https://stackoverflow.com/questions/39421131/is-it-possible-to-write-one-script-that-runs-in-bash-shell-and-powershell/39422067) , but I hadn't thought of anything like that for this use case. – TessellatingHeckler Nov 16 '21 at 05:04
  • @TessellatingHeckler Thanks! – Speed Runer Nov 16 '21 at 15:06
0

You want to first encode to Unicode then to Base64.

public class Powershell
{
    public static string Command(string command)
    {
        var plainTextBytes = Encoding.Unicode.GetBytes(command);
        var encodedCommand = Convert.ToBase64String(plainTextBytes);

        return $"powershell.exe -EncodedCommand {encodedCommand}";
    }
}
Adam Stephenson
  • 1
  • 1