PowerShell's-enc parameter allows a base64-encoded PowerShell script string to be passed as a parameter to execute the PowerShell script, which is often used to bypass the active defense mechanism of antivirus software.
This afternoon in a backdoor program, through the online base64 encoding website encoded string unexpectedly can not be-enc parameters of PowerShell resolution, parsing is all garbled, through find data finally solved the problem
This issue is recorded for subsequent use
Method reference from: http://www.pstips.net/question/5827.html
The required PowerShell script can be encoded using the following script, and the resulting string can be parsed by the-enc parameter of PowerShell
$fileContent = "script to encode"$bytes = [System.text.encoding]::unicode.getbytes ($ Filecontent)$encodedCommand = [Convert]::tobase64string ($bytes$ Encodedcommand
The encoded script can parse the execution with the following command
$encodedCommand
Powershell-enc parameter cannot decode Base64 encoded payload solution