How to use an encoded command in PowerShell?

0
PowerShell_Encode_Decode_Header1

Sometimes you want to store a PowerShell command not readable at first read. This is so called an obfuscation. It is an action to make something unreadable for humans. For example, this could be used when storing a PowerShell command in a task schedular job or something similar.

How to encode your command?

First you must store your command in a variable, for example $PlainCommand. After that you encode that variable with the following command:

[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($string))

How to run the encoded command?

To run the encoded command simple, execute powershell.exe with the parameter -EncodedCommand followed by your variable.

How to decode the encoded command?

To decode the encoded variable, you can use:

[Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($EncodedCommand))

Another method to encode/ decode!

A nice way to also decode and encode your command is via the Base64 Decode and Encode website:

Base64 Decode and Encode – Online

And of course, the same for encoding your command!

How to decode a PowerShell command from a running process?

Microsoft has a nice write up about how to decode running process, this because PowerShell stores running commands in also as an encoded command:

https://learn.microsoft.com/en-us/powershell/scripting/samples/decode-powershell-command-from-a-running-process?view=powershell-7.4

Thank for reading this short blog, hopefully it was informational and helpful when you need to encode your commands!

Leave a Reply

Your email address will not be published. Required fields are marked *