├── Invoke-Obfuscation-Bypass ├── Invoke-Obfuscation.ps1 ├── Invoke-Obfuscation.psd1 ├── Invoke-Obfuscation.psm1 ├── Out-CompressedCommand.ps1 ├── Out-EncodedAsciiCommand.ps1 ├── Out-EncodedBXORCommand.ps1 ├── Out-EncodedBinaryCommand.ps1 ├── Out-EncodedHexCommand.ps1 ├── Out-EncodedOctalCommand.ps1 ├── Out-EncodedSpecialCharOnlyCommand.ps1 ├── Out-EncodedWhitespaceCommand.ps1 ├── Out-ObfuscatedAst.ps1 ├── Out-ObfuscatedStringCommand.ps1 ├── Out-ObfuscatedTokenCommand.ps1 ├── Out-PowerShellLauncher.ps1 └── Out-SecureStringCommand.ps1 ├── README.md └── ps2exe.ps1 /Invoke-Obfuscation-Bypass/Invoke-Obfuscation.psd1: -------------------------------------------------------------------------------- 1 | # This file is part of Invoke-Obfuscation. 2 | # 3 | # Copyright 2017 Daniel Bohannon <@danielhbohannon> 4 | # while at Mandiant 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | 19 | 20 | # 21 | # Module manifest for module 'Invoke-Obfuscation' 22 | # 23 | # Generated by: Daniel Bohannon (@danielhbohannon) 24 | # 25 | # Generated on: 2017-01-19 26 | # 27 | 28 | 29 | 30 | @{ 31 | 32 | # Version number of this module. 33 | ModuleVersion = '1.1' 34 | 35 | # ID used to uniquely identify this module 36 | GUID = 'd0a9150d-b6a4-4b17-a325-e3a24fed0aa9' 37 | 38 | # Author of this module 39 | Author = 'Daniel Bohannon (@danielhbohannon)' 40 | 41 | # Copyright statement for this module 42 | Copyright = 'Apache License, Version 2.0' 43 | 44 | # Description of the functionality provided by this module 45 | Description = 'PowerShell module file for importing all required modules for the Invoke-Obfuscation framework.' 46 | 47 | # Minimum version of the Windows PowerShell engine required by this module 48 | PowerShellVersion = '2.0' 49 | 50 | # Minimum version of the Windows PowerShell host required by this module 51 | PowerShellHostVersion = '2.0' 52 | 53 | # Script files (.ps1) that are run in the caller's environment prior to importing this module 54 | ScriptsToProcess = @('Out-ObfuscatedTokenCommand.ps1','Out-ObfuscatedAst.ps1','Out-ObfuscatedStringCommand.ps1','Out-EncodedAsciiCommand.ps1','Out-EncodedHexCommand.ps1','Out-EncodedOctalCommand.ps1','Out-EncodedBinaryCommand.ps1','Out-SecureStringCommand.ps1','Out-EncodedBXORCommand.ps1','Out-EncodedSpecialCharOnlyCommand.ps1','Out-EncodedWhitespaceCommand.ps1','Out-CompressedCommand.ps1','Out-PowerShellLauncher.ps1','Invoke-Obfuscation.ps1') 55 | 56 | # Functions to export from this module 57 | FunctionsToExport = '*' 58 | 59 | # HelpInfo URI of this module 60 | # HelpInfoURI = '' 61 | 62 | } -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Invoke-Obfuscation.psm1: -------------------------------------------------------------------------------- 1 | # This file is part of Invoke-Obfuscation. 2 | # 3 | # Copyright 2017 Daniel Bohannon <@danielhbohannon> 4 | # while at Mandiant 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | 19 | 20 | # Get location of this script no matter what the current directory is for the process executing this script. 21 | $ScriptDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition) 22 | 23 | Write-Host "`n[*] Invoke-Obfuscation.psm1 has been decomissioned." -ForegroundColor Red 24 | Write-Host "[*] Please run" -NoNewLine -ForegroundColor Red 25 | Write-Host " Import-Module $ScriptDir\Invoke-Obfuscation.psd1 " -NoNewLine -ForegroundColor Yellow 26 | Write-Host "instead." -ForegroundColor Red 27 | 28 | 29 | 30 | <# 31 | .SYNOPSIS 32 | 33 | PowerShell module file for importing all required modules for the Invoke-Obfuscation framework. 34 | 35 | Invoke-Obfuscation Module Loader 36 | Author: Daniel Bohannon (@danielhbohannon) 37 | License: Apache License, Version 2.0 38 | Required Dependencies: None 39 | Optional Dependencies: None 40 | 41 | .DESCRIPTION 42 | 43 | PowerShell module file for importing all required modules for the Invoke-Obfuscation framework. 44 | 45 | .EXAMPLE 46 | 47 | C:\PS> Import-Module .\Invoke-Obfuscation.psm1 48 | 49 | .NOTES 50 | 51 | PowerShell module file for importing all required modules for the Invoke-Obfuscation framework. 52 | This is a personal project developed by Daniel Bohannon while an employee at MANDIANT, A FireEye Company. 53 | 54 | .LINK 55 | 56 | http://www.danielbohannon.com 57 | #> 58 | <# 59 | # Confirm all necessary commands are loaded and import appropriate .ps1 files in current directory if necessary. 60 | Write-Host "`n[*] Validating necessary commands are loaded into current PowerShell session.`n" 61 | 62 | $RequiredFunctions = @() 63 | $RequiredFunctions += 'Out-ObfuscatedTokenCommand' 64 | $RequiredFunctions += 'Out-ObfuscatedStringCommand' 65 | $RequiredFunctions += 'Out-EncodedAsciiCommand' 66 | $RequiredFunctions += 'Out-EncodedHexCommand' 67 | $RequiredFunctions += 'Out-EncodedOctalCommand' 68 | $RequiredFunctions += 'Out-EncodedBinaryCommand' 69 | $RequiredFunctions += 'Out-SecureStringCommand' 70 | $RequiredFunctions += 'Out-EncodedBXORCommand' 71 | $RequiredFunctions += 'Out-PowerShellLauncher' 72 | $RequiredFunctions += 'Invoke-Obfuscation' 73 | 74 | # Get location of this script no matter what the current directory is for the process executing this script. 75 | $ScriptDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition) 76 | 77 | $UnloadedFunctionExists = $FALSE 78 | ForEach($Function in $RequiredFunctions) 79 | { 80 | # Check if $Function is loaded. 81 | If(!(Get-Command * | Where-Object {$_.Name -like $Function})) 82 | { 83 | # Validate that appropriate .ps1 file exists. 84 | If(Test-Path $ScriptDir\$Function.ps1) 85 | { 86 | # Import module. 87 | Import-Module $ScriptDir\$Function.ps1 88 | 89 | # Re-check if $Function is loaded. 90 | If((Get-Command * | Where-Object {$_.Name -like $Function}).Name) 91 | { 92 | Write-Host "[*] Function Loaded :: $Function" -ForegroundColor Green 93 | } 94 | Else 95 | { 96 | Write-Host "[*] Function Not Loaded :: $Function (After running Import-Module $ScriptDir\$Function.ps1)" -ForegroundColor Red 97 | $UnloadedFunctionExists = $TRUE 98 | } 99 | } 100 | Else { 101 | Write-Host "[*] Function Not Loaded :: $Function (Cannot locate $ScriptDir\$Function.ps1)" -ForegroundColor Red 102 | $UnloadedFunctionExists = $TRUE 103 | } 104 | } 105 | Else { 106 | Write-Host "[*] Function Already Loaded :: $Function" -ForegroundColor Green 107 | } 108 | } 109 | 110 | # Show error and warning if any functions were not properly loaded. 111 | If($UnloadedFunctionExists) 112 | { 113 | Write-Host "`n[*] One or more above functions are not loaded." -ForegroundColor Red 114 | Write-Host " Ensure Invoke-Obfuscation.psm1 is in the same directory as above scripts.`n" -ForegroundColor Red 115 | } 116 | Else 117 | { 118 | Write-Host "`n[*] All modules loaded and ready to run " -NoNewLine 119 | 120 | # Write output below string in interactive format. 121 | ForEach($Char in [Char[]]'Invoke-Obfuscation') 122 | { 123 | Write-Host $Char -NoNewline -ForegroundColor Green 124 | Start-Sleep -Milliseconds (Get-Random -Input @(25..200)) 125 | } 126 | Start-Sleep -Milliseconds 500 127 | Write-Host "`n" 128 | } 129 | #> -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-CompressedCommand.ps1: -------------------------------------------------------------------------------- 1 | ${9DU`S1z} =[tyPe]("{2}{1}{0}"-f'LE','FI','IO.'); &("{1}{0}{2}"-f 'T-Var','Se','iAbLe') ("e5Sc"+"Lv") ( [Type]("{2}{0}{3}{1}"-f'.EN','ing','tEXT','CoD') ) ; ${I`mL} =[TyPE]("{6}{7}{8}{1}{4}{5}{2}{3}{0}"-f 'e','n','sI','onmod','.CoMpR','es','i','O.COmPRess','Io') ; &("{2}{1}{0}"-f '-itEM','T','SE') ("V"+"A"+"RIabLe"+":lwYh") ( [TyPE]("{1}{0}"-F'ERT','CoNv') ) ; 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function ouT-C`O`m`P`REs`S`EdcOmmand 21 | { 22 | 23 | 24 | [CmdletBinding(defaUlTPaRAMeTERsetnAme = {"{1}{0}"-f 'Path','File'})] Param ( 25 | [Parameter(posITiOn = 0, vaLUefrOMPIpelINE = ${tr`Ue}, paRamETERsetNaME = "s`c`RIptbL`oCK")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${s`CripTB`l`oCk}, 29 | 30 | [Parameter(pOsITion = 0, PArAMEtErSetNaME = "F`ilEp`ATh")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${Pa`TH}, 34 | 35 | [Switch] 36 | ${NO`eXiT}, 37 | 38 | [Switch] 39 | ${nOp`ROfI`le}, 40 | 41 | [Switch] 42 | ${NOnInt`eRa`C`TiVE}, 43 | 44 | [Switch] 45 | ${noL`OGo}, 46 | 47 | [Switch] 48 | ${Wo`W64}, 49 | 50 | [Switch] 51 | ${C`Omm`AnD}, 52 | 53 | [ValidateSet({"{0}{1}"-f'Norm','al'}, {"{2}{0}{1}"-f'inimize','d','M'}, {"{2}{0}{1}"-f'imiz','ed','Max'}, {"{0}{1}"-f 'H','idden'})] 54 | [String] 55 | ${WIndo`W`STy`lE}, 56 | 57 | [ValidateSet({"{0}{1}"-f 'Bypas','s'}, {"{1}{2}{3}{0}" -f 'ed','Un','res','trict'}, {"{2}{0}{1}"-f'S','igned','Remote'}, {"{2}{1}{0}" -f 'gned','i','AllS'}, {"{2}{0}{1}" -f'trict','ed','Res'})] 58 | [String] 59 | ${EX`E`CUti`onP`oLiCY}, 60 | 61 | [Switch] 62 | ${p`Ass`ThRU} 63 | ) 64 | 65 | 66 | If(${pSbo`UNdPA`Ra`M`EteRS}[("{1}{0}"-f'h','Pat')]) 67 | { 68 | &("{1}{2}{0}" -f'ildItem','G','et-Ch') ${P`Ath} -ErrorAction ("{0}{1}"-f'Sto','p') | &("{1}{0}"-f'l','Out-Nul') 69 | ${S`cRIP`T`STri`Ng} = ( &("{1}{3}{2}{0}" -f 'ble','G','rIa','Et-va') ("9D"+"uS"+"1Z")).ValUE::("{0}{2}{1}"-f'Re','ytes','adAllB').Invoke((&("{3}{0}{1}{2}" -f'-','Pa','th','Resolve') ${Pa`TH})) 70 | } 71 | Else 72 | { 73 | ${scr`I`pTstRING} = ( (&("{1}{0}{3}{2}" -f '-V','gET','rIablE','a') ("E5Sc"+"LV") ).vALUE::"As`cIi").("{2}{1}{0}" -f'es','t','GetBy').Invoke(${sc`RIPtb`lO`CK}) 74 | } 75 | 76 | 77 | 78 | ${C`OmpRessE`DSTr`EAM} = &("{1}{2}{3}{0}"-f'bject','N','ew-','O') ("{0}{1}{2}{3}"-f'IO','.Mem','oryStre','am') 79 | ${D`Eflates`TRE`Am} = &("{0}{2}{1}" -f'N','-Object','ew') ("{2}{1}{4}{3}{0}{5}{6}"-f'n.D','mpr','IO.Co','io','ess','eflat','eStream') (${COm`pr`e`sS`eDs`TREam}, ${I`ml}::"c`OM`PRESs") 80 | ${deFlat`Es`TReAM}.("{1}{0}"-f 'e','Writ').Invoke(${sCR`IpT`sTR`iNg}, 0, ${SCRI`PTsTR`inG}."len`gTh") 81 | ${deFlat`esTr`E`AM}.("{1}{0}{2}"-f'os','Disp','e').Invoke() 82 | ${co`M`preSse`dScRIpTb`Ytes} = ${COMPrE`SS`eDS`TRE`AM}.("{1}{0}{2}"-f 'a','ToArr','y').Invoke() 83 | ${C`o`M`PRES`SeDST`Ream}.("{1}{0}"-f 'ispose','D').Invoke() 84 | ${encode`DCO`m`p`RE`sSedSCr`ipT} = (&('LS') ("V"+"A"+"RIaBLe"+":LWYH")).VaLuE::"toBASE`64`St`R`ing"(${c`oM`PREsS`EDs`cRiPT`By`TEs}) 85 | 86 | 87 | ${sTR`EaM`Re`ADER} = &("{2}{1}{0}"-f 'andom','-R','Get') -Input @(("{0}{3}{2}{1}"-f'I','eamReader','.Str','O'),("{5}{0}{3}{2}{4}{1}" -f 'r','ader','a','e','mRe','System.IO.St')) 88 | ${def`lA`T`eSTr`eam} = &("{1}{0}{2}" -f 'nd','Get-Ra','om') -Input @(("{0}{3}{4}{1}{2}{6}{5}" -f 'IO.','on.','Defl','Compres','si','tream','ateS'),("{4}{3}{2}{6}{1}{0}{5}"-f'Strea','late','O.Compression.D','stem.I','Sy','m','ef')) 89 | ${memOrYs`T`R`EAM} = &("{2}{0}{1}" -f'-Ran','dom','Get') -Input @(("{2}{1}{3}{4}{0}" -f 'tream','e','IO.M','mor','yS'),("{0}{4}{5}{1}{2}{3}"-f 'S','Mem','ory','Stream','ystem','.IO.')) 90 | ${c`OnVe`Rt} = &("{1}{0}{2}" -f 'nd','Get-Ra','om') -Input @(("{0}{1}" -f'Conve','rt'),("{3}{2}{0}{1}" -f 's','tem.Convert','y','S')) 91 | ${Co`Mpr`esS`ionM`oDe} = &("{2}{1}{0}" -f 'ndom','et-Ra','G') -Input @(("{4}{6}{5}{7}{3}{2}{0}{1}" -f'ompr','essionMode','.C','on','IO.','om','C','pressi'),("{2}{5}{3}{4}{6}{0}{1}"-f 'n.Compres','sionMode','Sy','Compr','ess','stem.IO.','io')) 92 | ${e`N`c`OdINg} = &("{0}{3}{2}{1}" -f'Ge','Random','-','t') -Input @(("{0}{1}{2}" -f'Text','.Enc','oding'),("{5}{0}{2}{3}{4}{1}"-f'yst','ng','em','.T','ext.Encodi','S')) 93 | ${foRea`C`Hob`jECT} = &("{0}{1}{2}"-f'Get','-Rand','om') -Input @(("{0}{1}" -f'ForE','ach'),("{1}{2}{0}"-f 't','ForEach-Obje','c'),'%') 94 | ${s`TReA`mre`Ad`er} = ([Char[]]${St`R`eamRE`ADeR} | &("{1}{0}{2}" -f'ch-O','ForEa','bject') {${cH`AR} = ${_}.("{1}{2}{0}"-f'g','To','Strin').Invoke().("{2}{0}{1}" -f 'oL','ower','T').Invoke(); If(&("{2}{1}{0}" -f'om','t-Rand','Ge') -Input @(0..1)) {${C`HAR} = ${Ch`Ar}.("{1}{2}{0}" -f'er','ToUp','p').Invoke()} ${c`hAR}}) -Join '' 95 | ${d`e`FlatE`sTrEAm} = ([Char[]]${dEflATES`TRe`AM} | &("{2}{0}{3}{1}"-f'o','t','F','rEach-Objec') {${C`HAR} = ${_}.("{1}{2}{0}"-f'g','ToStr','in').Invoke().("{2}{1}{0}" -f'r','oLowe','T').Invoke(); If(&("{1}{0}{2}{3}"-f 'an','Get-R','d','om') -Input @(0..1)) {${C`haR} = ${cH`Ar}.("{1}{0}"-f'pper','ToU').Invoke()} ${CH`Ar}}) -Join '' 96 | ${memorys`T`ReaM} = ([Char[]]${MEM`o`RyST`REaM} | &("{1}{2}{3}{4}{0}"-f '-Object','F','or','E','ach') {${CH`AR} = ${_}.("{1}{0}" -f'ing','ToStr').Invoke().("{0}{1}" -f'ToLo','wer').Invoke(); If(&("{1}{2}{0}" -f 'om','Get-Ra','nd') -Input @(0..1)) {${CH`Ar} = ${C`HAR}.("{0}{1}"-f 'T','oUpper').Invoke()} ${ch`AR}}) -Join '' 97 | ${Co`N`VeRT} = ([Char[]]${cOn`Ve`RT} | &("{2}{0}{1}"-f 'ach-O','bject','ForE') {${CH`AR} = ${_}.("{0}{1}" -f'ToStrin','g').Invoke().("{0}{1}" -f'T','oLower').Invoke(); If(&("{2}{1}{0}"-f'om','Rand','Get-') -Input @(0..1)) {${CH`AR} = ${C`haR}.("{0}{1}{2}"-f'To','U','pper').Invoke()} ${CH`Ar}}) -Join '' 98 | ${CO`MPresSi`o`NM`ODE} = ([Char[]]${co`Mpr`e`ssiOnMOde} | &("{0}{1}{2}{3}" -f'ForEach-','O','bjec','t') {${CH`AR} = ${_}.("{2}{1}{0}" -f'ing','oStr','T').Invoke().("{0}{1}" -f 'ToLow','er').Invoke(); If(&("{2}{0}{1}"-f 't-Rando','m','Ge') -Input @(0..1)) {${C`har} = ${cH`Ar}.("{2}{0}{1}"-f'oU','pper','T').Invoke()} ${ch`AR}}) -Join '' 99 | ${EN`CO`diNg} = ([Char[]]${enCo`Di`Ng} | &("{3}{1}{2}{0}{4}"-f'-Ob','rE','ach','Fo','ject') {${ch`AR} = ${_}.("{0}{1}" -f 'To','String').Invoke().("{2}{1}{0}"-f'er','Low','To').Invoke(); If(&("{0}{1}{2}" -f 'Get-','R','andom') -Input @(0..1)) {${c`HaR} = ${ch`AR}.("{0}{1}" -f'To','Upper').Invoke()} ${Ch`AR}}) -Join '' 100 | ${new`OB`JECt} = ([Char[]]("{0}{2}{1}" -f 'N','Object','ew-') | &("{4}{1}{0}{3}{2}"-f'b','ach-O','ect','j','ForE') {${c`haR} = ${_}.("{1}{0}{2}"-f 'oStrin','T','g').Invoke().("{1}{0}"-f 'wer','ToLo').Invoke(); If(&("{2}{1}{0}" -f 'm','ando','Get-R') -Input @(0..1)) {${c`har} = ${c`hAr}.("{0}{1}" -f 'To','Upper').Invoke()} ${c`hAr}}) -Join '' 101 | ${FRO`MBASe`64} = ([Char[]]("{3}{4}{1}{2}{0}"-f'ring','s','e64St','From','Ba') | &("{4}{1}{0}{2}{3}"-f 'j','orEach-Ob','e','ct','F') {${C`hAR} = ${_}.("{1}{2}{0}"-f'ng','ToSt','ri').Invoke().("{0}{1}"-f'ToLo','wer').Invoke(); If(&("{1}{0}{2}" -f 'Ran','Get-','dom') -Input @(0..1)) {${C`har} = ${Ch`AR}.("{1}{0}" -f'r','ToUppe').Invoke()} ${ch`Ar}}) -Join '' 102 | ${DeCoMpr`e`ss} = ([Char[]]("{0}{1}{2}" -f 'Decomp','res','s') | &("{2}{3}{0}{1}" -f'ach-Obj','ect','Fo','rE') {${cH`AR} = ${_}.("{1}{2}{0}"-f 'g','T','oStrin').Invoke().("{0}{1}" -f 'ToL','ower').Invoke(); If(&("{2}{1}{0}"-f'm','ando','Get-R') -Input @(0..1)) {${cH`AR} = ${cH`AR}.("{1}{0}"-f'pper','ToU').Invoke()} ${CH`Ar}}) -Join '' 103 | ${A`SCIi} = ([Char[]]("{0}{1}"-f'Asc','ii') | &("{2}{1}{0}" -f 'ch-Object','a','ForE') {${c`hAr} = ${_}.("{1}{0}"-f 'ng','ToStri').Invoke().("{0}{1}" -f'ToLow','er').Invoke(); If(&("{0}{2}{3}{1}" -f'Get','om','-Ran','d') -Input @(0..1)) {${C`HAr} = ${CH`Ar}.("{0}{2}{1}" -f 'ToU','r','ppe').Invoke()} ${C`haR}}) -Join '' 104 | ${r`E`A`DtoEND} = ([Char[]]("{2}{1}{0}"-f'nd','adToE','Re') | &("{0}{3}{1}{4}{2}"-f'For','h-O','ct','Eac','bje') {${Ch`AR} = ${_}.("{2}{0}{1}"-f 'oStrin','g','T').Invoke().("{1}{0}" -f'r','ToLowe').Invoke(); If(&("{0}{2}{1}"-f 'Get-Rand','m','o') -Input @(0..1)) {${c`HaR} = ${C`har}.("{1}{0}"-f'Upper','To').Invoke()} ${c`har}}) -Join '' 105 | ${Fo`REa`chOB`j`ect} = ([Char[]]${fOrEAC`h`oB`JECT} | &("{2}{1}{4}{3}{0}" -f 'ect','o','F','Obj','rEach-') {${cH`AR} = ${_}.("{0}{1}{2}" -f'ToStr','in','g').Invoke().("{1}{0}" -f'oLower','T').Invoke(); If(&("{1}{2}{0}" -f 'andom','G','et-R') -Input @(0..1)) {${C`hAR} = ${ch`AR}.("{0}{1}" -f 'To','Upper').Invoke()} ${cH`Ar}}) -Join '' 106 | ${FoR`E`AcHo`BJe`Ct2} = ([Char[]]${foREA`chO`B`je`ct} | &("{2}{0}{3}{1}"-f 'rEac','-Object','Fo','h') {${cH`AR} = ${_}.("{2}{0}{1}" -f'Stri','ng','To').Invoke().("{1}{0}" -f 'oLower','T').Invoke(); If(&("{0}{1}{2}{3}"-f 'G','et-Ra','nd','om') -Input @(0..1)) {${C`HAr} = ${C`hAR}.("{1}{2}{0}" -f'per','To','Up').Invoke()} ${cH`AR}}) -Join '' 107 | 108 | 109 | ${B`Ase64} = ' '*(&("{1}{0}{2}"-f'an','Get-R','dom') -Input @(0,1)) + "[$Convert]::$FromBase64(" + ' '*(&("{1}{2}{0}" -f 'm','Get-','Rando') -Input @(0,1)) + "'$EncodedCompressedScript'" + ' '*(&("{0}{2}{1}" -f'Get-Ra','dom','n') -Input @(0,1)) + ")" + ' '*(&("{3}{0}{2}{1}" -f't-','andom','R','Ge') -Input @(0,1)) 110 | ${de`FLAte`StRe`AmsY`NTAx} = ' '*(&("{3}{1}{0}{2}"-f'ando','R','m','Get-') -Input @(0,1)) + "$DeflateStream(" + ' '*(&("{2}{0}{1}"-f 'et','-Random','G') -Input @(0,1)) + "[$MemoryStream]$Base64," + ' '*(&("{0}{2}{1}" -f 'Get','om','-Rand') -Input @(0,1)) + "[$CompressionMode]::$Decompress" + ' '*(&("{1}{3}{0}{2}"-f'nd','Get-R','om','a') -Input @(0,1)) + ")" + ' '*(&("{2}{1}{0}" -f'm','o','Get-Rand') -Input @(0,1)) 111 | 112 | 113 | ${NE`wsC`RIpTa`R`Ray} = @() 114 | ${NEWSC`R`I`pTARray} += "(" + ' '*(&("{1}{0}{2}"-f 't-Ran','Ge','dom') -Input @(0,1)) + ("$NewObject "+'') + ' '*(&("{2}{3}{0}{1}"-f 'd','om','Get-Ra','n') -Input @(0,1)) + "$StreamReader(" + ' '*(&("{2}{1}{0}"-f 'Random','t-','Ge') -Input @(0,1)) + "(" + ' '*(&("{0}{1}{2}"-f 'G','et-Ran','dom') -Input @(0,1)) + ("$NewObject "+"$DeflateStreamSyntax)") + ' '*(&("{2}{0}{1}" -f'e','t-Random','G') -Input @(0,1)) + "," + ' '*(&("{0}{1}{2}"-f'G','et-Rand','om') -Input @(0,1)) + "[$Encoding]::$Ascii)" + ' '*(&("{2}{3}{1}{0}" -f'om','d','G','et-Ran') -Input @(0,1)) + ").$ReadToEnd(" + ' '*(&("{1}{0}{2}" -f'Ra','Get-','ndom') -Input @(0,1)) + ")" 115 | ${NE`wSc`RipTarrAy} += "(" + ' '*(&("{2}{0}{1}" -f 't-','Random','Ge') -Input @(0,1)) + ("$NewObject "+"$DeflateStreamSyntax|") + ' '*(&("{0}{2}{1}{3}"-f'G','Ra','et-','ndom') -Input @(0,1)) + "$ForEachObject" + ' '*(&("{2}{0}{1}"-f'-','Random','Get') -Input @(0,1)) + "{" + ' '*(&("{2}{1}{0}"-f 'ndom','Ra','Get-') -Input @(0,1)) + ("$NewObject "+'') + ' '*(&("{1}{0}{2}"-f'-Rando','Get','m') -Input @(0,1)) + "$StreamReader(" + ' '*(&("{0}{2}{1}" -f 'Get-R','dom','an') -Input @(0,1)) + "`$_" + ' '*(&("{2}{1}{0}{3}" -f 'n','a','Get-R','dom') -Input @(0,1)) + "," + ' '*(&("{2}{1}{0}"-f'Random','et-','G') -Input @(0,1)) + "[$Encoding]::$Ascii" + ' '*(&("{1}{0}{2}"-f '-','Get','Random') -Input @(0,1)) + ")" + ' '*(&("{0}{3}{1}{2}" -f 'Get','an','dom','-R') -Input @(0,1)) + "}" + ' '*(&("{0}{1}{2}" -f 'Ge','t-Rand','om') -Input @(0,1)) + ").$ReadToEnd(" + ' '*(&("{1}{0}{2}" -f 'R','Get-','andom') -Input @(0,1)) + ")" 116 | ${nEws`CRIP`TAr`R`AY} += "(" + ' '*(&("{2}{1}{0}"-f'andom','R','Get-') -Input @(0,1)) + ("$NewObject "+"$DeflateStreamSyntax|") + ' '*(&("{1}{0}{2}"-f 'et-Rando','G','m') -Input @(0,1)) + "$ForEachObject" + ' '*(&("{1}{0}{2}" -f 'Ra','Get-','ndom') -Input @(0,1)) + "{" + ' '*(&("{2}{1}{0}"-f'ndom','t-Ra','Ge') -Input @(0,1)) + ("$NewObject "+'') + ' '*(&("{3}{1}{0}{2}" -f 'o','et-Rand','m','G') -Input @(0,1)) + "$StreamReader(" + ' '*(&("{0}{2}{1}"-f 'Get','m','-Rando') -Input @(0,1)) + "`$_" + ' '*(&("{1}{0}{2}"-f'et-Ra','G','ndom') -Input @(0,1)) + "," + ' '*(&("{0}{2}{1}"-f 'G','andom','et-R') -Input @(0,1)) + "[$Encoding]::$Ascii" + ' '*(&("{0}{2}{1}"-f 'Ge','andom','t-R') -Input @(0,1)) + ")" + ' '*(&("{2}{0}{1}" -f'do','m','Get-Ran') -Input @(0,1)) + "}" + ' '*(&("{1}{2}{0}" -f 'ndom','Get-','Ra') -Input @(0,1)) + "|" + ' '*(&("{0}{2}{1}"-f 'Get-','dom','Ran') -Input @(0,1)) + "$ForEachObject2" + ' '*(&("{1}{0}{3}{2}"-f't-','Ge','ndom','Ra') -Input @(0,1)) + "{" + ' '*(&("{0}{1}{2}" -f 'Get','-Rand','om') -Input @(0,1)) + "`$_.$ReadToEnd(" + ' '*(&("{1}{2}{0}"-f'om','Ge','t-Rand') -Input @(0,1)) + ")" + ' '*(&("{3}{0}{2}{1}" -f'n','m','do','Get-Ra') -Input @(0,1)) + "}" + ' '*(&("{3}{1}{2}{0}" -f'ndom','-','Ra','Get') -Input @(0,1)) + ")" 117 | 118 | 119 | ${n`EWs`CRIpt} = (&("{0}{1}{3}{2}"-f'Ge','t','andom','-R') -Input ${nE`W`sC`Ript`ArRAY}) 120 | 121 | 122 | 123 | ${INVO`K`eE`xpr`EssIONsYntax} = @() 124 | ${inVO`KeeXpreSs`iON`SyN`T`AX} += (&("{1}{2}{0}" -f 'ndom','Get-R','a') -Input @('IEX',("{0}{2}{3}{1}" -f'In','n','voke','-Expressio'))) 125 | 126 | 127 | 128 | ${iNvocAt`i`on`o`P`erATOr} = (&("{0}{1}{2}"-f 'G','et-Ra','ndom') -Input @('.','&')) + ' '*(&("{2}{0}{1}"-f 'e','t-Random','G') -Input @(0,1)) 129 | ${I`NVo`keEx`pRe`sSions`YnTAx} += ${InVOc`AT`IONopERa`TOR} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 130 | ${INV`okeE`XPrE`s`S`io`NsyntaX} += ${IN`VOcA`TI`ONoPEra`Tor} + ('( '+"`$PSHome[") + (&("{1}{2}{0}" -f '-Random','G','et') -Input @(4,21)) + "]+`$PSHome[" + (&("{2}{0}{3}{1}" -f'e','andom','G','t-R') -Input @(30,34)) + ((("{0}{3}{2}{1}"-f ']',')','SA','+wSAxw'))."Re`pl`AcE"(([ChaR]119+[ChaR]83+[ChaR]65),[sTRing][ChaR]39)) 131 | ${iN`VoK`EEXpREssI`O`NsY`NTAx} += ${IN`VOca`TI`OnOpERA`TOR} + ('( '+"`$env:ComSpec[4,") + (&("{2}{1}{0}" -f 'andom','R','Get-') -Input @(15,24,26)) + (((("{2}{1}{3}{4}{0}"-f'}{0})','25]-',',','Join{','0')) -f [ChAR]39)) 132 | ${IN`V`OKeEXpre`sSi`O`Nsyn`Tax} += ${i`NVOCat`I`oN`OpERA`TOr} + "((" + (&("{0}{2}{1}"-f'Get','andom','-R') -Input @(("{2}{1}{0}"-f '-Variable','et','G'),'GV',("{2}{0}{1}"-f 'ari','able','V'))) + (((("{5}{4}{3}{2}{9}{1}{8}{7}{0}{6}" -f'J','Na','M','*mdr*hZ','ZM',' h','oinhZMhZM)','[3,11,2]-','me',').')) -crePlAcE'hZM',[CHar]39)) 133 | ${InVo`k`eeXPResS`iOnsyNt`AX} += ${inv`O`caTiOnO`pe`Ra`TOR} + "( " + (&("{1}{2}{0}"-f 'ndom','Get-','Ra') -Input @(((('cziVerbosePr'+'efer'+'ence'+'.'+'To'+'Stri'+'ng()') -cRePlACE 'czi',[ChaR]36)),(('([Str'+'in'+'g]{0}'+'Verb'+'ose'+'Pre'+'f'+'e'+'ren'+'ce)') -F[ChaR]36))) + (((("{1}{0}{2}{3}{6}{4}{5}"-f'3','[1,',']+rD','LxrD','-JoinrDL','rDL)','L')) -crEpLaCE ([Char]114+[Char]68+[Char]76),[Char]39)) 134 | 135 | 136 | 137 | 138 | ${inv`ok`EEXP`R`eSsiON} = (&("{1}{2}{0}"-f 'om','Get-Ra','nd') -Input ${in`V`OKE`Exp`RE`sSio`NS`yntax}) 139 | 140 | 141 | ${INvOkeEx`PR`eS`SI`ON} = ([Char[]]${In`VO`k`EeXpRESsIOn} | &("{0}{2}{1}{3}" -f'F','Ea','or','ch-Object') {${C`HaR} = ${_}.("{0}{1}"-f'ToStrin','g').Invoke().("{0}{1}" -f'ToLow','er').Invoke(); If(&("{0}{2}{3}{1}"-f'G','ndom','e','t-Ra') -Input @(0..1)) {${CH`AR} = ${C`haR}.("{1}{0}" -f'oUpper','T').Invoke()} ${C`hAR}}) -Join '' 142 | 143 | 144 | ${INV`O`keO`Pti`ONs} = @() 145 | ${I`N`V`OKeOPtIo`NS} += ' '*(&("{2}{0}{1}"-f 'ando','m','Get-R') -Input @(0,1)) + ${i`Nv`OkEEX`Pr`eSSI`on} + ' '*(&("{2}{0}{3}{1}"-f 't-R','dom','Ge','an') -Input @(0,1)) + ${NE`w`s`CriPT} + ' '*(&("{0}{1}{2}" -f 'Get-R','and','om') -Input @(0,1)) 146 | ${INVok`eo`P`TioNs} += ' '*(&("{2}{0}{1}"-f't-Rando','m','Ge') -Input @(0,1)) + ${neWs`CrI`pT} + ' '*(&("{2}{0}{1}{3}" -f'R','an','Get-','dom') -Input @(0,1)) + '|' + ' '*(&("{2}{0}{1}" -f't','-Random','Ge') -Input @(0,1)) + ${iNVoKE`E`xpRe`ssIOn} 147 | 148 | ${NEWScR`I`pt} = (&("{2}{0}{1}"-f'an','dom','Get-R') -Input ${inVOK`E`Op`TiO`Ns}) 149 | 150 | 151 | If(!${P`sBOunD`pA`Ra`MEters}[("{1}{0}{2}" -f 'a','P','ssThru')]) 152 | { 153 | 154 | ${PoW`ERsheL`l`Flags} = @() 155 | 156 | 157 | 158 | ${cOmMAnD`L`InEOPtI`o`Ns} = &("{0}{1}{2}"-f 'Ne','w-Obje','ct') ("{1}{0}{2}" -f't','S','ring[]')(0) 159 | If(${P`sb`OunDpaR`A`mETE`RS}[("{0}{1}"-f 'N','oExit')]) 160 | { 161 | ${FU`llArgUM`eNt} = ("{1}{0}" -f 'it','-NoEx'); 162 | ${comMa`NDL`INe`OPTIo`Ns} += ${fuLlArgU`mE`NT}.("{1}{0}{2}" -f 'ubSt','S','ring').Invoke(0,(&("{1}{2}{0}"-f'dom','Get','-Ran') -Minimum 4 -Maximum (${FulLAr`GuM`ENT}."lE`Ng`TH"+1))) 163 | } 164 | If(${Psbo`UnDPa`R`AMe`T`ErS}[("{0}{1}{2}" -f 'NoPr','ofil','e')]) 165 | { 166 | ${fUl`La`RgumENt} = ("{0}{1}{2}"-f'-NoPro','fi','le'); 167 | ${CoM`mA`NdliNEoP`TIO`Ns} += ${f`UlLA`Rg`Um`EnT}.("{2}{0}{1}"-f'Stri','ng','Sub').Invoke(0,(&("{0}{1}{2}"-f 'Get','-R','andom') -Minimum 4 -Maximum (${fulLarGu`ME`Nt}."LeN`G`Th"+1))) 168 | } 169 | If(${p`SbOUnD`pARa`M`ETe`RS}[("{4}{2}{3}{1}{0}" -f 'active','er','n','t','NonI')]) 170 | { 171 | ${f`ULlArguM`E`NT} = ("{1}{3}{2}{0}{4}" -f'i','-NonI','act','nter','ve'); 172 | ${cOmMandlI`N`E`oPTIO`NS} += ${fU`llaR`g`UMeNT}.("{1}{2}{0}" -f'ng','SubStr','i').Invoke(0,(&("{0}{1}{2}"-f'G','et-Rand','om') -Minimum 5 -Maximum (${fu`LL`ARG`UMEnt}."LEN`G`TH"+1))) 173 | } 174 | If(${psBO`U`NDpar`Am`eT`eRs}[("{0}{2}{1}" -f'No','ogo','L')]) 175 | { 176 | ${F`UllA`RgUm`Ent} = ("{1}{0}{2}" -f'NoL','-','ogo'); 177 | ${c`OMmaND`L`i`Ne`OpTIoNs} += ${fu`ll`ARG`UMe`NT}.("{2}{0}{1}"-f'trin','g','SubS').Invoke(0,(&("{2}{0}{3}{1}"-f't','m','Ge','-Rando') -Minimum 4 -Maximum (${fU`llARg`UMe`Nt}."Len`GtH"+1))) 178 | } 179 | If(${pSBOU`NdPAr`A`metErs}[("{0}{3}{1}{2}" -f'Wind','wSty','le','o')] -OR ${WINDoWS`s`TYLE}) 180 | { 181 | ${Ful`LaRg`UmenT} = ("{1}{0}{2}"-f 'ndowS','-Wi','tyle') 182 | If(${w`i`NdoWS`s`TyLe}) {${Ar`GumEnTV`ALUE} = ${WiND`OWs`STy`lE}} 183 | Else {${argume`N`Tv`Al`UE} = ${psb`oUnDPa`RA`MeTeRs}[("{2}{1}{0}" -f 'e','yl','WindowSt')]} 184 | 185 | 186 | Switch(${ARguMEn`T`V`A`LuE}.("{0}{1}{2}"-f'ToLow','e','r').Invoke()) 187 | { 188 | ("{0}{1}" -f'norma','l') {If(&("{0}{1}{2}"-f'Get-','Rando','m') -Input @(0..1)) {${a`RGuMEntVa`L`Ue} = 0}} 189 | ("{1}{0}" -f 'idden','h') {If(&("{3}{0}{1}{2}"-f 't-R','a','ndom','Ge') -Input @(0..1)) {${Ar`G`UM`enT`VaLUe} = 1}} 190 | ("{0}{1}" -f'min','imized') {If(&("{1}{2}{0}"-f '-Random','G','et') -Input @(0..1)) {${aR`gUMe`Ntv`ALuE} = 2}} 191 | ("{0}{1}{3}{2}" -f'maximi','z','d','e') {If(&("{0}{1}{2}" -f'Get-','R','andom') -Input @(0..1)) {${aRG`UMe`NT`VALuE} = 3}} 192 | ("{1}{0}" -f 'ault','def') {&("{3}{0}{1}{2}"-f'e','-Er','ror','Writ') ('A'+'n '+'inva'+'li'+'d '+"`$ArgumentValue "+'va'+'lue'+' '+"($ArgumentValue) "+'wa'+'s '+'pa'+'ssed '+'t'+'o '+'s'+'wi'+'tch '+'bl'+'o'+'ck '+'for'+' '+'O'+'ut'+'-Powe'+'rShell'+'L'+'au'+'ncher.'); Exit;} 193 | } 194 | 195 | ${POWeRs`HE`LLfLags} += ${FuLlA`R`gUME`NT}.("{2}{0}{1}"-f 'trin','g','SubS').Invoke(0,(&("{2}{0}{1}"-f't-Ra','ndom','Ge') -Minimum 2 -Maximum (${Ful`LAR`gu`MeNt}."lE`NGTh"+1))) + ' '*(&("{1}{2}{0}"-f'm','Get-Rand','o') -Minimum 1 -Maximum 3) + ${arG`UM`ENt`VALuE} 196 | } 197 | If(${p`sbO`Und`PArAmETERs}[("{2}{3}{0}{1}"-f 'onP','olicy','Execut','i')] -OR ${E`Xec`UTio`NPoL`iCY}) 198 | { 199 | ${f`UlLA`RgUME`Nt} = ("{3}{2}{0}{4}{1}"-f'c','cy','xe','-E','utionPoli') 200 | If(${E`X`EcUtIO`NpOLICY}) {${ArgU`mEnt`VA`LUe} = ${ex`e`cu`TIONPO`Licy}} 201 | Else {${A`R`GUMeNT`VALue} = ${psbO`UnDp`ARA`M`eTErS}[("{1}{2}{0}{3}"-f'ution','E','xec','Policy')]} 202 | 203 | ${ex`e`CuTiO`NPol`ICYFLa`gs} = @() 204 | ${Exe`cuTiO`NpoLI`CYFL`AgS} += '-EP' 205 | For(${In`dEx}=3; ${inD`eX} -le ${f`U`Ll`ARgUMenT}."l`Eng`TH"; ${I`N`dEx}++) 206 | { 207 | ${Ex`ECuT`Io`NPOliCyFLa`GS} += ${FullaR`G`UMeNT}.("{0}{1}{2}" -f'S','ub','String').Invoke(0,${I`NdEX}) 208 | } 209 | ${e`xEC`Ut`I`ONPolIcyFLaG} = &("{1}{2}{0}"-f 'ndom','Get','-Ra') -Input ${EXE`cUtIO`NpOl`IcY`FLA`Gs} 210 | ${pOwERsHE`Llfl`AgS} += ${e`xecut`IONPOl`icY`Fl`AG} + ' '*(&("{2}{1}{0}"-f '-Random','t','Ge') -Minimum 1 -Maximum 3) + ${aRGUmeNT`Va`l`UE} 211 | } 212 | 213 | 214 | 215 | If(${COM`MAnd`LIneOpTIo`NS}."cO`Unt" -gt 1) 216 | { 217 | ${CommaN`DL`INeOPT`IoNS} = &("{3}{0}{1}{2}"-f 'a','nd','om','Get-R') -InputObject ${comm`AND`l`i`NE`oP`TIONS} -Count ${comM`AnD`lIN`Eo`Pt`ionS}."C`OuNt" 218 | } 219 | 220 | 221 | If(${PSBoUNdPar`Amet`E`Rs}[("{2}{0}{1}" -f'o','mmand','C')]) 222 | { 223 | ${fUlLar`gu`M`e`NT} = ("{0}{2}{1}" -f'-C','d','omman') 224 | ${C`OMm`AndLi`NeOptiO`NS} += ${f`U`lLarG`UMENt}.("{1}{2}{0}" -f'ring','SubS','t').Invoke(0,(&("{2}{1}{0}" -f'om','-Rand','Get') -Minimum 2 -Maximum (${fuL`Lar`g`UMENT}."LE`Ngth"+1))) 225 | } 226 | 227 | 228 | For(${I}=0; ${i} -lt ${pOw`E`RSHEL`l`FLAGs}."cOU`NT"; ${I}++) 229 | { 230 | ${PoWeRshe`L`lF`laGs}[${i}] = ([Char[]]${PO`weRs`HeLLFL`A`gS}[${I}] | &("{4}{2}{3}{0}{1}" -f 'j','ect','h-','Ob','ForEac') {${c`HaR} = ${_}.("{1}{0}{2}"-f 'oStr','T','ing').Invoke().("{0}{1}" -f'ToLo','wer').Invoke(); If(&("{2}{1}{0}{3}" -f 'Ran','t-','Ge','dom') -Input @(0..1)) {${C`HAR} = ${c`hAr}.("{1}{0}"-f 'per','ToUp').Invoke()} ${ch`Ar}}) -Join '' 231 | } 232 | 233 | 234 | ${comm`And`Lin`Eo`pTIONs} = (${C`omm`AN`dl`IneoP`TiO`NS} | &("{0}{1}{2}{3}" -f'ForEac','h-','Obj','ect') {${_} + " "*(&("{2}{3}{1}{0}"-f 'm','Rando','Get','-') -Minimum 1 -Maximum 3)}) -Join '' 235 | ${C`omMANdlI`NeOPtio`NS} = " "*(&("{3}{1}{0}{2}" -f '-Rando','et','m','G') -Minimum 0 -Maximum 3) + ${coMmaND`LIN`eO`PT`IONs} + " "*(&("{1}{2}{0}"-f 'm','Get-Ra','ndo') -Minimum 0 -Maximum 3) 236 | 237 | 238 | If(${psBo`UnDp`ARA`mEtERs}[("{1}{0}" -f'4','Wow6')]) 239 | { 240 | ${C`omMaNDLIn`EOUt`pUt} = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 241 | } 242 | Else 243 | { 244 | 245 | 246 | ${cOMMaNDL`INE`Out`pUt} = "powershell $($CommandlineOptions) `"$NewScript`" " 247 | } 248 | 249 | 250 | ${CM`DM`AX`lengTH} = 8190 251 | If(${Com`MaNDLin`eo`UTput}."le`NGth" -gt ${Cm`d`MAXl`Eng`TH}) 252 | { 253 | &("{1}{0}{2}{3}" -f'ite','Wr','-W','arning') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 254 | } 255 | 256 | ${nEw`sc`R`IPt} = ${c`O`MMANdl`Ineo`UtPUT} 257 | } 258 | 259 | Return ${neW`s`cRIPT} 260 | } 261 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedAsciiCommand.ps1: -------------------------------------------------------------------------------- 1 | $NSDF= [tyPE]("{2}{1}{0}"-F '.fIlE','o','i') ; 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function o`UT-enC`OdE`da`sciIcOMManD 21 | { 22 | 23 | 24 | [CmdletBinding(dEFaULtparAMeteRSetname = {"{1}{0}" -f 'ath','FileP'})] Param ( 25 | [Parameter(POsiTION = 0, vaLUEfrompipeLINE = ${tr`Ue}, pARAMeTERSETNamE = "S`crIpTb`lOCK")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${SCR`ipTbl`Ock}, 29 | 30 | [Parameter(PositION = 0, pARaMEtERsETnaMe = "File`pATh")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${P`Ath}, 34 | 35 | [Switch] 36 | ${NOeX`IT}, 37 | 38 | [Switch] 39 | ${NoP`Ro`FiLe}, 40 | 41 | [Switch] 42 | ${nO`N`InTe`Ra`ctivE}, 43 | 44 | [Switch] 45 | ${N`oLo`go}, 46 | 47 | [Switch] 48 | ${WO`w64}, 49 | 50 | [Switch] 51 | ${c`Omm`AnD}, 52 | 53 | [ValidateSet({"{1}{2}{0}"-f'l','Norm','a'}, {"{1}{0}{2}"-f'n','Mi','imized'}, {"{0}{1}{2}"-f 'Ma','ximize','d'}, {"{0}{2}{1}"-f'Hi','n','dde'})] 54 | [String] 55 | ${W`I`N`dOwstYLe}, 56 | 57 | [ValidateSet({"{0}{1}"-f'Byp','ass'}, {"{2}{0}{3}{1}" -f 'tric','ed','Unres','t'}, {"{3}{1}{0}{2}" -f'ig','eS','ned','Remot'}, {"{2}{1}{0}"-f'gned','llSi','A'}, {"{1}{2}{0}"-f'd','Rest','ricte'})] 58 | [String] 59 | ${e`X`ec`UTIO`NpoliCy}, 60 | 61 | [Switch] 62 | ${pASs`THru} 63 | ) 64 | 65 | 66 | If(${p`sBOun`d`pa`RamEtErS}[("{0}{1}" -f 'Pat','h')]) 67 | { 68 | &("{3}{2}{4}{1}{0}"-f 'm','Ite','t-','Ge','Child') ${PA`Th} -ErrorAction ("{0}{1}"-f'St','op') | &("{0}{2}{1}"-f'O','t-Null','u') 69 | ${scRipt`S`TRI`NG} = $NSDf::("{2}{3}{0}{1}"-f'dAl','lText','Re','a').Invoke((&("{2}{1}{3}{0}" -f 'e-Path','eso','R','lv') ${pa`TH})) 70 | } 71 | Else 72 | { 73 | ${s`CR`IPt`StRInG} = [String]${ScR`i`ptBlO`Ck} 74 | } 75 | 76 | 77 | 78 | ${rA`N`DOM`DelIMi`TeRS} = @('_','-',',','{','}','~','!','@','%','&','<','>',';',':') 79 | 80 | 81 | @('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') | &("{3}{2}{0}{1}" -f'h-Obje','ct','orEac','F') {${upPerLowE`RC`H`AR} = ${_}; If(((&("{1}{2}{0}"-f'dom','Get-','Ran') -Input @(1..2))-1 -eq 0)) {${u`ppErLo`w`eRcHaR} = ${U`p`pE`RLow`ERchAr}.("{0}{2}{1}"-f'ToUp','r','pe').Invoke()} ${RaN`DOMD`e`Li`m`iTers} += ${up`pEr`LO`We`RCHar}} 82 | 83 | 84 | ${RANdoMDelim`i`T`eRs} = (&("{2}{1}{3}{0}" -f 'om','R','Get-','and') -Input ${r`AnDOM`dEl`imitERs} -Count (${RAndO`m`DeLi`m`i`TerS}."Co`UnT"/4)) 85 | 86 | 87 | ${dELIm`ItEDE`NCODe`d`AR`R`Ay} = '' 88 | ([Char[]]${sC`RI`PtS`TRiNg}) | &("{1}{3}{2}{0}" -f 'ct','For','bje','Each-O') {${delImi`TED`EncO`DeDArr`Ay} += ([String]([Int][Char]${_}) + (&("{0}{1}{3}{2}" -f 'G','e','andom','t-R') -Input ${RAN`d`omDel`imiteRs}))} 89 | 90 | 91 | ${De`lImiTe`denC`oDE`dar`RAy} = ${dEL`I`Mit`EdenCod`eD`ARR`Ay}.("{2}{0}{1}"-f 'ubS','tring','S').Invoke(0,${D`eLiMITEdE`NCod`E`dARray}."LEnG`TH"-1) 92 | 93 | 94 | ${rAnDO`MdeliM`i`Terst`O`pRi`NT} = (&("{0}{1}{2}"-f'Get-R','a','ndom') -Input ${rANd`oMdEL`imIT`E`Rs} -Count ${rAND`OMd`EL`IMiT`eRS}."LE`NGTH") -Join '' 95 | 96 | 97 | ${fo`ReachO`BJ`ECT} = &("{0}{3}{1}{2}" -f 'Ge','o','m','t-Rand') -Input @(("{0}{1}"-f 'Fo','rEach'),("{3}{1}{4}{0}{2}"-f 'je','orEach','ct','F','-Ob'),'%') 98 | ${sT`RJo`in} = ([Char[]]("{1}{3}{2}{0}"-f 'n','[S','Joi','tring]::') | &("{4}{0}{2}{1}{3}" -f 'or','-Ob','Each','ject','F') {${C`HaR} = ${_}.("{1}{2}{0}" -f'ing','ToSt','r').Invoke().("{0}{1}{2}"-f 'ToL','owe','r').Invoke(); If(&("{2}{1}{0}"-f 'm','et-Rando','G') -Input @(0..1)) {${cH`AR} = ${C`haR}.("{0}{1}{2}" -f'ToU','ppe','r').Invoke()} ${C`hAR}}) -Join '' 99 | ${St`RsTR} = ([Char[]]("{0}{1}{2}"-f '[St','ri','ng]') | &("{2}{4}{3}{0}{1}"-f'e','ct','F','ach-Obj','orE') {${C`har} = ${_}.("{1}{2}{0}" -f 'g','T','oStrin').Invoke().("{1}{0}{2}"-f'Low','To','er').Invoke(); If(&("{1}{3}{2}{0}" -f'm','Ge','Rando','t-') -Input @(0..1)) {${Ch`Ar} = ${C`har}.("{0}{2}{1}"-f 'ToU','er','pp').Invoke()} ${cH`Ar}}) -Join '' 100 | ${j`OIn} = ([Char[]]("{0}{1}" -f'-Joi','n') | &("{3}{2}{1}{0}" -f't','bjec','orEach-O','F') {${c`HAr} = ${_}.("{1}{0}" -f'oString','T').Invoke().("{1}{2}{0}" -f 'Lower','T','o').Invoke(); If(&("{1}{0}{2}"-f't-R','Ge','andom') -Input @(0..1)) {${ch`Ar} = ${Ch`AR}.("{2}{0}{1}" -f'o','Upper','T').Invoke()} ${C`HAr}}) -Join '' 101 | ${CHa`R`stR} = ([Char[]]("{0}{1}" -f'Ch','ar') | &("{0}{2}{1}"-f'ForEach','ect','-Obj') {${CH`Ar} = ${_}.("{2}{1}{0}"-f'ng','tri','ToS').Invoke().("{0}{1}" -f'ToLowe','r').Invoke(); If(&("{1}{0}{2}" -f 'and','Get-R','om') -Input @(0..1)) {${C`Har} = ${cH`AR}.("{0}{1}{2}" -f 'To','Upp','er').Invoke()} ${C`hAr}}) -Join '' 102 | ${i`NT} = ([Char[]]'Int' | &("{0}{1}{2}"-f'ForE','ach-Ob','ject') {${CH`Ar} = ${_}.("{1}{2}{0}"-f 'g','T','oStrin').Invoke().("{2}{1}{0}"-f'r','we','ToLo').Invoke(); If(&("{2}{1}{0}"-f'om','nd','Get-Ra') -Input @(0..1)) {${Ch`Ar} = ${CH`AR}.("{1}{0}" -f'oUpper','T').Invoke()} ${C`Har}}) -Join '' 103 | ${f`o`REAc`hoBj`ECT} = ([Char[]]${FoREach`ObJE`Ct} | &("{1}{3}{2}{4}{0}"-f'Object','For','ac','E','h-') {${C`HAR} = ${_}.("{2}{1}{0}" -f'ng','tri','ToS').Invoke().("{0}{1}"-f 'To','Lower').Invoke(); If(&("{3}{2}{1}{0}"-f 'ndom','Ra','-','Get') -Input @(0..1)) {${cH`Ar} = ${C`HAr}.("{0}{1}" -f'ToUp','per').Invoke()} ${C`haR}}) -Join '' 104 | 105 | 106 | ${rAn`DOmD`el`iMi`TErSto`p`RINtfoR`DASHSp`lIt} = '' 107 | ForEach(${r`A`NDO`md`EliMitER} in ${ran`Do`mde`L`IM`ITERs}) 108 | { 109 | 110 | ${s`pliT} = ([Char[]]("{0}{1}"-f'Sp','lit') | &("{0}{3}{1}{2}"-f 'ForEac','Objec','t','h-') {${C`Har} = ${_}.("{0}{1}{2}" -f'ToSt','rin','g').Invoke().("{0}{2}{1}" -f'T','er','oLow').Invoke(); If(&("{2}{0}{1}" -f'R','andom','Get-') -Input @(0..1)) {${cH`Ar} = ${C`HaR}.("{1}{2}{0}" -f 'r','To','Uppe').Invoke()} ${cH`AR}}) -Join '' 111 | 112 | ${rA`N`D`oM`D`Elim`ItersTOp`RintFoR`DaShS`Pl`It} += ('-' + ${S`PLit} + ' '*(&("{1}{2}{0}" -f'andom','Get','-R') -Input @(0,1)) + "'" + ${RAndO`MdEl`iM`IT`er} + "'" + ' '*(&("{2}{0}{1}" -f 'et-Rando','m','G') -Input @(0,1))) 113 | } 114 | ${R`A`NdOMD`eLI`mITERStOPr`iN`TfORdAsHSPLit} = ${RanDOM`dE`lIm`iTERSToPRIntFOrdAs`hspL`IT}.("{0}{1}"-f 'Tr','im').Invoke() 115 | 116 | 117 | ${rA`ND`omcO`NVERSI`onSyntAX} = @() 118 | ${Ra`NdOMcoN`VeRsiO`NSY`NtAx} += "[$CharStr]" + ' '*(&("{2}{1}{0}"-f 'm','do','Get-Ran') -Input @(0,1)) + "[$Int]" + ' '*(&("{0}{1}{2}" -f'Get-','Ra','ndom') -Input @(0,1)) + '$_' 119 | ${R`AnDOmcOn`Ve`RSIoN`SyntAx} += ("[$Int]" + ' '*(&("{2}{1}{0}" -f'om','et-Rand','G') -Input @(0,1)) + '$_' + ' '*(&("{1}{2}{0}" -f'ndom','Ge','t-Ra') -Input @(0,1)) + (&("{1}{2}{0}"-f '-Random','Ge','t') -Input @('-as','-As','-aS','-AS')) + ' '*(&("{1}{0}{2}" -f'a','Get-R','ndom') -Input @(0,1)) + "[$CharStr]") 120 | ${r`AnDOMCONvER`s`IoNSY`N`TAX} = (&("{1}{2}{3}{0}"-f 'm','G','et-R','ando') -Input ${r`ANDomcOn`VERsiO`Ns`yN`TAx}) 121 | 122 | 123 | ${En`Co`deda`RraY} = '' 124 | ([Char[]]${scrip`TST`RI`Ng}) | &("{1}{4}{2}{0}{3}"-f '-Objec','F','h','t','orEac') {${E`NC`Od`eda`RRay} += ([String]([Int][Char]${_}) + ' '*(&("{1}{0}{2}"-f 't-R','Ge','andom') -Input @(0,1)) + ',' + ' '*(&("{1}{0}{2}"-f'-Rand','Get','om') -Input @(0,1)))} 125 | 126 | 127 | ${E`NCOd`edAr`RAY} = ('(' + ' '*(&("{2}{3}{0}{1}"-f 'ndo','m','G','et-Ra') -Input @(0,1)) + ${e`NcOD`e`DArRay}.("{1}{0}"-f 'm','Tri').Invoke().("{1}{0}" -f 'rim','T').Invoke(',') + ')') 128 | 129 | 130 | 131 | 132 | 133 | ${sE`Tof`svaR`SYnTax} = @() 134 | ${Se`Tofs`VAr`syNTAx} += ("{0}{1}" -f 'S','et-Item') + ' '*(&("{1}{0}{3}{2}" -f 'et','G','dom','-Ran') -Input @(1,2)) + ((("{0}{4}{1}{3}{2}"-f'{','Varia',':OFS{0}','ble','0}'))-F [cHAR]39) + ' '*(&("{2}{0}{1}"-f'et-Ran','dom','G') -Input @(1,2)) + "''" 135 | ${SeT`ofsVa`RS`yNtax} += (&("{0}{2}{1}" -f'Get-','andom','R') -Input @(("{0}{2}{1}{3}" -f'S','ari','et-V','able'),'SV','SET')) + ' '*(&("{0}{2}{1}" -f 'Get-R','ndom','a') -Input @(1,2)) + ((("{0}{2}{1}" -f'yLmO','Lm','FSy')) -crePLace 'yLm',[Char]39) + ' '*(&("{2}{1}{0}"-f'dom','an','Get-R') -Input @(1,2)) + "''" 136 | ${S`etOfs`VAR} = (&("{0}{1}{2}"-f'Get-Ra','ndo','m') -Input ${SE`T`ofsV`ArSY`NTAX}) 137 | 138 | ${S`Et`ofsVArb`AC`KsYN`TAX} = @() 139 | ${SeTOF`sv`ARB`ACKS`y`NTax} += ("{2}{1}{0}"-f'm','Ite','Set-') + ' '*(&("{0}{1}{2}"-f'G','e','t-Random') -Input @(1,2)) + ((("{1}{0}{2}" -f 'Variable:OFS','{0}','{0}')) -f [Char]39) + ' '*(&("{0}{1}{2}" -f 'Ge','t-Ran','dom') -Input @(1,2)) + "' '" 140 | ${S`EtoFSVArBa`C`ksy`NTaX} += (&("{0}{3}{2}{1}"-f 'G','Random','t-','e') -Input @(("{1}{2}{0}"-f'e','Se','t-Variabl'),'SV','SET')) + ' '*(&("{3}{0}{1}{2}" -f '-','Rando','m','Get') -Input @(1,2)) + ((("{1}{0}"-f'}OFS{0}','{0'))-F [char]39) + ' '*(&("{1}{0}{2}"-f 't-Rando','Ge','m') -Input @(1,2)) + "' '" 141 | ${Se`TOfS`V`ArBa`Ck} = (&("{1}{2}{0}" -f 'andom','Get','-R') -Input ${SeT`Of`sVa`R`BaCKSyNTax}) 142 | 143 | 144 | ${SE`TO`Fs`VAr} = ([Char[]]${s`EtO`F`svAR} | &("{1}{2}{0}"-f'bject','ForEach-','O') {${ch`Ar} = ${_}.("{1}{0}{2}"-f 'oStr','T','ing').Invoke().("{1}{0}" -f 'Lower','To').Invoke(); If(&("{3}{0}{2}{1}" -f'and','m','o','Get-R') -Input @(0..1)) {${C`har} = ${ch`Ar}.("{2}{0}{1}" -f'ppe','r','ToU').Invoke()} ${Ch`Ar}}) -Join '' 145 | ${sEtO`Fsv`ARBacK} = ([Char[]]${S`eTOfsVa`RBA`Ck} | &("{1}{0}{2}" -f'ch','ForEa','-Object') {${ch`AR} = ${_}.("{1}{0}" -f 'g','ToStrin').Invoke().("{0}{1}"-f'ToL','ower').Invoke(); If(&("{2}{3}{0}{1}" -f'a','ndom','G','et-R') -Input @(0..1)) {${C`hAr} = ${C`hAR}.("{1}{0}" -f'Upper','To').Invoke()} ${c`haR}}) -Join '' 146 | 147 | 148 | ${BaSEsCRi`P`T`A`RrAY} = @() 149 | ${bASE`sC`Rip`TarRAY} += "[$CharStr[]]" + ' '*(&("{0}{1}{2}"-f 'Get-Ra','ndo','m') -Input @(0,1)) + ${e`NcoDEdA`RR`Ay} 150 | ${bAs`EscrIPTa`R`RAy} += '(' + ' '*(&("{3}{0}{1}{2}"-f'-','Ran','dom','Get') -Input @(0,1)) + "'" + ${De`Li`mItED`EN`COdEDAR`RaY} + "'." + ${sPl`it} + "(" + ' '*(&("{2}{1}{0}" -f'ndom','a','Get-R') -Input @(0,1)) + "'" + ${raNdo`Md`eL`imIters`T`op`RINT} + "'" + ' '*(&("{0}{2}{1}"-f'Get-','m','Rando') -Input @(0,1)) + ')' + ' '*(&("{0}{2}{1}" -f 'Ge','andom','t-R') -Input @(0,1)) + '|' + ' '*(&("{0}{1}{2}"-f'Get','-Ra','ndom') -Input @(0,1)) + ${FOr`EA`C`HoBjEct} + ' '*(&("{1}{0}{2}" -f 'et-Ran','G','dom') -Input @(0,1)) + '{' + ' '*(&("{1}{2}{0}"-f 'ndom','Ge','t-Ra') -Input @(0,1)) + '(' + ' '*(&("{0}{1}{2}"-f 'Get-Ra','ndo','m') -Input @(0,1)) + ${randomc`on`VERs`IoN`Syn`T`Ax} + ')' + ' '*(&("{1}{2}{0}" -f 'Random','G','et-') -Input @(0,1)) + '}' + ' '*(&("{1}{3}{0}{2}"-f '-','Ge','Random','t') -Input @(0,1)) + ')' 151 | ${baSeScr`I`PTaR`Ray} += '(' + ' '*(&("{2}{1}{0}"-f'andom','R','Get-') -Input @(0,1)) + "'" + ${D`eLimI`TEd`EnCOd`edArr`AY} + "'" + ' '*(&("{2}{1}{0}"-f'Random','-','Get') -Input @(0,1)) + ${R`AN`DO`m`dELiM`IT`ERs`ToPRiNtfordASHSPLiT} + ' '*(&("{2}{0}{1}"-f 't-Rand','om','Ge') -Input @(0,1)) + '|' + ' '*(&("{2}{1}{0}{3}"-f 't-Rando','e','G','m') -Input @(0,1)) + ${fOREAchO`B`j`eCT} + ' '*(&("{2}{0}{3}{1}" -f't-R','om','Ge','and') -Input @(0,1)) + '{' + ' '*(&("{2}{1}{0}"-f'ndom','-Ra','Get') -Input @(0,1)) + '(' + ' '*(&("{1}{0}{2}"-f'nd','Get-Ra','om') -Input @(0,1)) + ${R`A`N`d`OMConvERsi`ONSyntAx} + ')' + ' '*(&("{1}{0}{2}"-f'R','Get-','andom') -Input @(0,1)) + '}' + ' '*(&("{0}{1}{2}" -f 'Get','-Rando','m') -Input @(0,1)) + ')' 152 | ${B`As`escr`ipTAr`Ray} += '(' + ' '*(&("{1}{2}{0}{3}" -f '-Rando','Ge','t','m') -Input @(0,1)) + ${ENcOd`EdarR`AY} + ' '*(&("{0}{1}{2}" -f 'Get-Ra','nd','om') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}" -f 'om','Get','-Rand') -Input @(0,1)) + ${f`OR`eacHob`jE`cT} + ' '*(&("{1}{0}{2}" -f'n','Get-Ra','dom') -Input @(0,1)) + '{' + ' '*(&("{2}{1}{0}" -f'andom','-R','Get') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}{3}"-f'd','Ran','Get-','om') -Input @(0,1)) + ${RAnD`om`COn`VerSI`oNS`y`NtAX} + ')' + ' '*(&("{2}{3}{1}{0}" -f 'm','ndo','Get','-Ra') -Input @(0,1)) + '}' + ' '*(&("{2}{3}{0}{1}" -f't-Rando','m','G','e') -Input @(0,1)) + ')' 153 | 154 | 155 | ${NEWSc`R`iptA`R`RAY} = @() 156 | ${neWsC`RIpT`A`Rr`AY} += (&("{1}{0}{2}" -f'et-Ra','G','ndom') -Input ${ba`SESCri`pT`Array}) + ' '*(&("{1}{2}{0}"-f 'm','Ge','t-Rando') -Input @(0,1)) + ${jO`in} + ' '*(&("{0}{2}{1}" -f'Get-Rand','m','o') -Input @(0,1)) + "''" 157 | ${nE`wScRip`TAR`RAy} += ${J`Oin} + ' '*(&("{2}{1}{0}" -f'om','d','Get-Ran') -Input @(0,1)) + (&("{3}{0}{2}{1}" -f 't-Ra','dom','n','Ge') -Input ${b`ASesCri`pTAr`RAy}) 158 | ${ne`WSCRI`PTar`RAY} += ${strj`o`In} + '(' + ' '*(&("{0}{1}{2}"-f'Get-R','ando','m') -Input @(0,1)) + "''" + ' '*(&("{1}{2}{0}"-f 'm','Get-R','ando') -Input @(0,1)) + ',' + ' '*(&("{1}{0}{2}"-f'a','Get-R','ndom') -Input @(0,1)) + (&("{2}{0}{1}"-f 'et-R','andom','G') -Input ${b`ASESc`RIpTa`R`RaY}) + ' '*(&("{0}{2}{1}" -f 'Get','andom','-R') -Input @(0,1)) + ')' 159 | ${nEwsCRI`p`T`ARRaY} += '"' + ' '*(&("{2}{1}{0}"-f'ndom','a','Get-R') -Input @(0,1)) + '$(' + ' '*(&("{1}{3}{0}{2}" -f 'Ra','Get','ndom','-') -Input @(0,1)) + ${s`EtofSV`AR} + ' '*(&("{0}{1}{2}"-f'G','et-','Random') -Input @(0,1)) + ')' + ' '*(&("{1}{2}{0}"-f 'om','Ge','t-Rand') -Input @(0,1)) + '"' + ' '*(&("{1}{3}{0}{2}"-f'o','G','m','et-Rand') -Input @(0,1)) + '+' + ' '*(&("{0}{1}{2}" -f'Get-Ran','do','m') -Input @(0,1)) + ${StRs`TR} + (&("{0}{2}{1}"-f'G','-Random','et') -Input ${bASeScRIpTa`R`R`Ay}) + ' '*(&("{2}{0}{1}" -f'o','m','Get-Rand') -Input @(0,1)) + '+' + '"' + ' '*(&("{1}{2}{0}" -f'om','Get-Ran','d') -Input @(0,1)) + '$(' + ' '*(&("{1}{2}{0}"-f'om','G','et-Rand') -Input @(0,1)) + ${sETOFsva`R`BAcK} + ' '*(&("{2}{0}{1}"-f 'et-R','andom','G') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}"-f'Get-R','a','ndom') -Input @(0,1)) + '"' 160 | 161 | 162 | ${NewS`cr`I`Pt} = (&("{0}{1}{2}" -f'Ge','t','-Random') -Input ${N`eW`ScR`iPtArr`Ay}) 163 | 164 | 165 | 166 | ${i`NvOKEe`xpr`ess`iO`NsyNtaX} = @() 167 | ${INVOKee`x`PR`eSs`i`ONsYNTAX} += (&("{1}{0}{2}" -f'e','G','t-Random') -Input @('IEX',("{3}{2}{0}{1}" -f 'xpr','ession','E','Invoke-'))) 168 | 169 | 170 | 171 | ${InVOcatiONo`Pe`RA`Tor} = (&("{1}{2}{0}" -f'-Random','Ge','t') -Input @('.','&')) + ' '*(&("{2}{1}{0}" -f'm','et-Rando','G') -Input @(0,1)) 172 | ${iNVokeeXPres`si`OnsY`NTAX} += ${i`NvocA`TIo`N`opeRATor} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 173 | ${I`N`VOK`eEXPrESsIo`NSyntaX} += ${invOC`ATIonO`P`er`A`Tor} + ('( '+"`$PSHome[") + (&("{0}{1}{2}{3}"-f'Get-','R','an','dom') -Input @(4,21)) + "]+`$PSHome[" + (&("{2}{0}{1}" -f'et-Ran','dom','G') -Input @(30,34)) + (((("{2}{1}{0}"-f '{0})','}x',']+{0')) -F [chAR]39)) 174 | ${invOKEex`prESsIons`Y`NT`Ax} += ${iN`VO`CATIONOPe`RA`ToR} + ('( '+"`$env:ComSpec[4,") + (&("{2}{0}{1}"-f't-Ran','dom','Ge') -Input @(15,24,26)) + (((("{0}{2}{1}{4}{3}" -f',25]-J','n','oi','R9)','lR9l'))-CRePlaCe 'lR9',[ChaR]39)) 175 | ${INV`oKEeXPRe`SsiOns`y`Ntax} += ${iN`V`OcaTI`O`NOPeRA`T`OR} + "((" + (&("{3}{0}{2}{1}" -f 'et','om','-Rand','G') -Input @(("{2}{0}{1}{3}"-f 'V','a','Get-','riable'),'GV',("{1}{2}{0}" -f 'le','V','ariab'))) + (((("{6}{2}{3}{5}{1}{4}{9}{8}{7}{0}{11}{10}" -f'n','.','3Nq*mdr','*3Nq','Name',')',' ','i','11,2]-Jo','[3,','3Nq)','3Nq')) -RepLAcE ([cHaR]51+[cHaR]78+[cHaR]113),[cHaR]39)) 176 | ${IN`VOK`eeXPR`eSsI`oNsyNTAx} += ${INVO`c`AtiONO`p`erat`oR} + "( " + (&("{3}{2}{1}{0}"-f 'm','ndo','et-Ra','G') -Input @((('{'+'0}Ver'+'bosePr'+'e'+'ference'+'.T'+'o'+'Stri'+'ng()')-F [cHar]36),(('([Str'+'ing'+']hP8Ve'+'r'+'boseP'+'reference)')."reP`laCE"(([chAR]104+[chAR]80+[chAR]56),'$')))) + ((("{4}{3}{0}{5}{1}{2}" -f 'n','o','inn2fn2f)','3]+','[1,','2fxn2f-J'))."R`ePl`ACE"(([cHar]110+[cHar]50+[cHar]102),[stRINg][cHar]39)) 177 | 178 | 179 | 180 | 181 | ${iNvOk`Ee`xpR`ESSIon} = (&("{2}{1}{0}" -f'm','ndo','Get-Ra') -Input ${IN`Vok`E`ex`PRESsio`N`sYNTAx}) 182 | 183 | 184 | ${inVoKeExP`ReSs`i`On} = ([Char[]]${inv`okeEXP`REs`SiOn} | &("{2}{1}{3}{0}"-f 'ject','rEac','Fo','h-Ob') {${ch`Ar} = ${_}.("{1}{0}" -f'ing','ToStr').Invoke().("{0}{1}"-f'To','Lower').Invoke(); If(&("{0}{2}{1}" -f 'Get-Ra','dom','n') -Input @(0..1)) {${c`haR} = ${C`haR}.("{0}{1}{2}"-f'T','oUppe','r').Invoke()} ${C`HaR}}) -Join '' 185 | 186 | 187 | ${iN`Vo`k`EOPtiONs} = @() 188 | ${invO`kE`OPt`i`onS} += ' '*(&("{1}{2}{3}{0}" -f 'om','Get','-Ran','d') -Input @(0,1)) + ${iNv`o`KEe`x`PRES`sIoN} + ' '*(&("{0}{2}{1}"-f'Ge','Random','t-') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}" -f 'dom','et-Ran','G') -Input @(0,1)) + ${neW`scR`IPt} + ' '*(&("{2}{0}{1}{3}"-f 'Ra','ndo','Get-','m') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{1}"-f 'n','dom','Get-Ra') -Input @(0,1)) 189 | ${In`VoKEO`pTiO`NS} += ' '*(&("{2}{1}{0}" -f '-Random','et','G') -Input @(0,1)) + ${N`ewS`cRIpt} + ' '*(&("{2}{0}{1}" -f 'nd','om','Get-Ra') -Input @(0,1)) + '|' + ' '*(&("{1}{0}{2}" -f 'nd','Get-Ra','om') -Input @(0,1)) + ${i`N`VO`KeExPRe`S`SIoN} 190 | 191 | ${n`EWsCRi`pt} = (&("{1}{2}{0}"-f 'dom','G','et-Ran') -Input ${I`NvO`KEop`TIOns}) 192 | 193 | 194 | If(!${P`sB`OU`NDPa`RAmE`TERs}[("{0}{1}{2}"-f'Pa','ss','Thru')]) 195 | { 196 | 197 | ${p`Ower`SHe`LLFl`AGS} = @() 198 | 199 | 200 | 201 | ${cOM`mA`ND`L`INE`oPtIONs} = &("{0}{2}{1}" -f 'New-','bject','O') ("{1}{2}{0}" -f']','String','[')(0) 202 | If(${Ps`BouN`DpARaM`eT`eRS}[("{0}{2}{1}"-f 'N','t','oExi')]) 203 | { 204 | ${fU`LlaRG`U`menT} = ("{0}{1}"-f'-NoEx','it'); 205 | ${C`o`mm`ANDlIN`EoPt`ions} += ${fu`L`larGUMENt}.("{2}{0}{1}"-f 'b','String','Su').Invoke(0,(&("{0}{1}{2}" -f'G','et-','Random') -Minimum 4 -Maximum (${fULl`A`RguMenT}."LEn`G`TH"+1))) 206 | } 207 | If(${Ps`BoU`NdpaRAme`TErs}[("{1}{2}{3}{0}" -f 'e','N','oPr','ofil')]) 208 | { 209 | ${FUlL`Ar`GuME`NT} = ("{0}{1}{2}"-f'-N','oPr','ofile'); 210 | ${coMMANdl`i`N`eOpTIoNs} += ${F`UL`LARGUme`NT}.("{1}{2}{0}{3}" -f 'trin','Sub','S','g').Invoke(0,(&("{1}{2}{0}" -f 'andom','Ge','t-R') -Minimum 4 -Maximum (${FU`Ll`A`RGUMEnt}."lENg`Th"+1))) 211 | } 212 | If(${p`sbOU`N`Dp`ARameTers}[("{0}{2}{3}{1}" -f 'NonInt','ive','er','act')]) 213 | { 214 | ${fUlL`A`RGU`MEnT} = ("{2}{4}{0}{1}{3}"-f 'In','t','-N','eractive','on'); 215 | ${COmMANdlINE`o`PTIo`NS} += ${FU`Ll`A`RGumeNt}.("{0}{2}{1}" -f'Su','ng','bStri').Invoke(0,(&("{0}{2}{1}"-f'Get','m','-Rando') -Minimum 5 -Maximum (${Ful`l`Ar`GUment}."le`NG`TH"+1))) 216 | } 217 | If(${P`Sb`OUndParAM`E`T`ERS}[("{0}{1}" -f'N','oLogo')]) 218 | { 219 | ${fU`llarGu`M`ENT} = ("{2}{0}{1}" -f'Lo','go','-No'); 220 | ${COMmaN`d`liNe`O`PTIOns} += ${ful`la`R`GuMe`NT}.("{2}{1}{0}"-f 'String','ub','S').Invoke(0,(&("{2}{1}{0}"-f'andom','t-R','Ge') -Minimum 4 -Maximum (${f`UlL`ArgUM`Ent}."LEn`GTH"+1))) 221 | } 222 | If(${ps`BOun`dpa`RAMeTers}[("{0}{1}{2}" -f 'WindowS','ty','le')] -OR ${wI`NDOw`S`sTy`lE}) 223 | { 224 | ${fulLa`Rgum`eNt} = ("{2}{0}{3}{1}" -f'S','e','-Window','tyl') 225 | If(${WI`Ndow`SS`TyLE}) {${aR`GUm`enT`Val`UE} = ${w`IN`d`owsSTyle}} 226 | Else {${argumeNT`VA`lue} = ${PsBo`U`ND`P`ArAM`Eters}[("{0}{1}{2}"-f 'W','indow','Style')]} 227 | 228 | 229 | Switch(${a`RGUmE`NTV`AluE}.("{0}{1}{2}"-f 'T','oLo','wer').Invoke()) 230 | { 231 | ("{1}{0}"-f 'l','norma') {If(&("{0}{1}{2}" -f'Get','-R','andom') -Input @(0..1)) {${aRgUmEnt`V`AL`UE} = (&("{0}{2}{1}"-f'G','andom','et-R') -Input @('0','n','no','nor',("{1}{0}" -f 'rm','no'),("{0}{1}" -f 'n','orma')))}} 232 | ("{0}{1}"-f 'hidde','n') {If(&("{2}{1}{0}" -f'm','ndo','Get-Ra') -Input @(0..1)) {${Ar`GuMeN`TvaLuE} = (&("{1}{2}{0}"-f'om','G','et-Rand') -Input @('1','h','hi','hid',("{0}{1}"-f'hid','d'),("{0}{1}"-f'hid','de')))}} 233 | ("{2}{0}{1}"-f 'z','ed','minimi') {If(&("{2}{1}{0}"-f 'andom','R','Get-') -Input @(0..1)) {${AR`GUmENT`V`ALuE} = (&("{2}{1}{0}"-f'Random','t-','Ge') -Input @('2','mi','min',("{0}{1}"-f 'mi','ni'),("{0}{1}" -f'min','im'),("{1}{2}{0}" -f'i','m','inim'),("{0}{1}" -f'mini','miz'),("{1}{0}{2}" -f'miz','mini','e')))}} 234 | ("{1}{3}{2}{0}"-f 'zed','ma','mi','xi') {If(&("{0}{1}{2}{3}" -f 'Get-','Ran','do','m') -Input @(0..1)) {${a`RGuMe`NTVal`UE} = (&("{1}{0}{2}{3}" -f 'et-R','G','an','dom') -Input @('3','ma','max',("{0}{1}" -f 'max','i'),("{1}{0}"-f 'im','max'),("{1}{0}"-f 'mi','maxi'),("{0}{1}"-f'maxi','miz'),("{0}{1}"-f 'maximi','ze')))}} 235 | ("{1}{0}"-f 'efault','d') {&("{1}{2}{0}"-f 'rror','Write','-E') ('An'+' '+'i'+'nvalid '+"`$ArgumentValue "+'v'+'alue '+"($ArgumentValue) "+'was'+' '+'pa'+'sse'+'d '+'t'+'o '+'switc'+'h '+'b'+'lock '+'fo'+'r '+'Ou'+'t-'+'PowerS'+'hel'+'lLa'+'uncher.'); Exit;} 236 | } 237 | 238 | ${po`werS`HEll`FlA`gS} += ${fulLAR`gu`MenT}.("{1}{0}{2}"-f 'bS','Su','tring').Invoke(0,(&("{1}{2}{0}"-f'dom','G','et-Ran') -Minimum 2 -Maximum (${f`U`lL`ARGuMeNt}."le`NGTh"+1))) + ' '*(&("{1}{2}{0}" -f 'dom','Ge','t-Ran') -Minimum 1 -Maximum 3) + ${ar`Gu`M`ENt`VAlue} 239 | } 240 | If(${Ps`BOu`ND`ParAMEtERS}[("{0}{1}{2}{3}{4}"-f'E','xecution','Po','l','icy')] -OR ${E`xEC`UtIoNP`Ol`ICy}) 241 | { 242 | ${Fu`l`LaRGU`mENt} = ("{1}{4}{3}{2}{0}"-f 'y','-Exec','ic','ol','utionP') 243 | If(${ex`ECu`TIOn`p`oLICY}) {${A`R`g`UmE`NTVaLUE} = ${E`xEC`Ut`ION`PoLIcy}} 244 | Else {${a`Rg`UMENtvALuE} = ${psBo`U`ND`PArAmEt`ErS}[("{3}{1}{0}{2}" -f'olic','nP','y','Executio')]} 245 | 246 | ${E`XECUtIOnP`o`l`IcYflags} = @() 247 | ${e`x`E`cUtiONpOLICYFLAGs} += '-EP' 248 | For(${i`N`dEx}=3; ${iN`dex} -le ${fUlLArG`UmE`Nt}."LEN`Gth"; ${i`N`DEx}++) 249 | { 250 | ${E`Xec`U`TIOnpoLI`cy`FLags} += ${F`ULLaRg`UMeNT}.("{2}{0}{1}"-f 'bS','tring','Su').Invoke(0,${in`D`Ex}) 251 | } 252 | ${ExECuTio`NPOl`i`cYfl`AG} = &("{2}{0}{1}"-f 'e','t-Random','G') -Input ${eX`ec`UtIo`NpoLi`cY`FLa`Gs} 253 | ${PoWeRSHel`LF`LaGS} += ${E`XEcut`ioNPOL`Ic`Yf`lAg} + ' '*(&("{2}{0}{1}" -f'n','dom','Get-Ra') -Minimum 1 -Maximum 3) + ${aRgumE`Ntva`l`UE} 254 | } 255 | 256 | 257 | 258 | If(${coMm`A`NDLinEopt`I`O`NS}."cOu`Nt" -gt 1) 259 | { 260 | ${COMMaN`dLiNe`oP`TI`ONS} = &("{1}{0}{2}"-f '-Rand','Get','om') -InputObject ${coMMANd`L`I`NEOP`T`I`OnS} -Count ${c`omm`An`dlIN`EOPt`ioNS}."Co`UNT" 261 | } 262 | 263 | 264 | If(${Ps`Bo`UNDPAR`Am`eTerS}[("{1}{0}" -f 'mand','Com')]) 265 | { 266 | ${f`U`L`LargU`ment} = ("{0}{1}{2}" -f'-','Co','mmand') 267 | ${Co`M`MaNDli`N`eoPTI`O`Ns} += ${full`A`Rg`UMEnT}.("{0}{1}{2}" -f 'Su','b','String').Invoke(0,(&("{0}{2}{1}" -f 'Get','om','-Rand') -Minimum 2 -Maximum (${FU`lL`Arg`UMent}."L`ENGtH"+1))) 268 | } 269 | 270 | 271 | For(${i}=0; ${I} -lt ${pO`WERs`hE`llFlagS}."c`OuNt"; ${i}++) 272 | { 273 | ${POw`erSH`elLf`LAgS}[${i}] = ([Char[]]${p`oweRsHE`LL`FlagS}[${I}] | &("{2}{0}{1}{3}" -f 'o','rEa','F','ch-Object') {${CH`Ar} = ${_}.("{2}{1}{0}"-f'ing','r','ToSt').Invoke().("{1}{0}{2}"-f 'o','T','Lower').Invoke(); If(&("{1}{0}{2}"-f 'et-Rand','G','om') -Input @(0..1)) {${C`har} = ${C`HAr}.("{1}{0}{2}"-f 'o','T','Upper').Invoke()} ${ch`Ar}}) -Join '' 274 | } 275 | 276 | 277 | ${CO`MmANd`lIN`eoP`TIO`Ns} = (${C`oMM`ANdL`In`eopTiOnS} | &("{2}{3}{1}{0}"-f 'ect','-Obj','Fo','rEach') {${_} + " "*(&("{0}{2}{1}"-f 'Get-Rand','m','o') -Minimum 1 -Maximum 3)}) -Join '' 278 | ${CO`MmAND`LI`N`eoptiONs} = " "*(&("{2}{1}{0}"-f 'andom','t-R','Ge') -Minimum 0 -Maximum 3) + ${C`om`MAndlINeOp`TiONS} + " "*(&("{1}{3}{2}{0}" -f 'm','Get-R','ndo','a') -Minimum 0 -Maximum 3) 279 | 280 | 281 | If(${psBoUn`D`Pa`R`AMETErs}[("{0}{1}" -f 'W','ow64')]) 282 | { 283 | ${cOmMaN`D`Lineo`U`TPut} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 284 | } 285 | Else 286 | { 287 | 288 | 289 | ${Co`mM`Andl`IN`e`oUTPuT} = "powershell $($CommandlineOptions) `"$NewScript`" " 290 | } 291 | 292 | 293 | ${c`mDMAxLeng`TH} = 8190 294 | If(${co`mma`NDlInE`OUtP`Ut}."leN`GTh" -gt ${c`mdm`AxLe`N`gth}) 295 | { 296 | &("{1}{2}{3}{0}"-f 'g','Writ','e-Wa','rnin') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 297 | } 298 | 299 | ${NEw`S`cR`IPT} = ${COMmaNdLi`NeO`U`TpUT} 300 | } 301 | 302 | Return ${NeWS`Cr`Ipt} 303 | } 304 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedBXORCommand.ps1: -------------------------------------------------------------------------------- 1 | sEt-VARiABle oYdRIa ( [Type]("{1}{0}" -f 'IlE','Io.F') ); 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function ou`T-ENCODeDBXOR`CoMm`A`ND 21 | { 22 | 23 | 24 | [CmdletBinding(dEFauLTpAraMeTERSETnaME = {"{2}{1}{0}"-f'th','Pa','File'})] Param ( 25 | [Parameter(PoSITIoN = 0, valuEFrOMpIpelinE = ${t`Rue}, PaRaMeTErSEtnAME = "s`CRI`pT`BLOcK")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${ScrIp`T`B`LoCk}, 29 | 30 | [Parameter(POsitIOn = 0, PARAMEtERSETnamE = "fi`Le`patH")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${Pa`Th}, 34 | 35 | [Switch] 36 | ${no`e`Xit}, 37 | 38 | [Switch] 39 | ${No`PR`ofile}, 40 | 41 | [Switch] 42 | ${nOniNte`R`Acti`Ve}, 43 | 44 | [Switch] 45 | ${nOl`ogo}, 46 | 47 | [Switch] 48 | ${wo`w64}, 49 | 50 | [Switch] 51 | ${co`m`MAnD}, 52 | 53 | [ValidateSet({"{0}{1}" -f'No','rmal'}, {"{2}{1}{0}" -f'd','imize','Min'}, {"{1}{0}{2}"-f 'x','Ma','imized'}, {"{0}{1}"-f'Hid','den'})] 54 | [String] 55 | ${w`INDOw`S`TYLE}, 56 | 57 | [ValidateSet({"{0}{1}" -f'Bypa','ss'}, {"{1}{3}{2}{0}"-f 'estricted','U','r','n'}, {"{0}{1}{2}{3}"-f'Re','mote','Signe','d'}, {"{2}{0}{1}" -f 'llSi','gned','A'}, {"{0}{1}{2}"-f 'Res','tr','icted'})] 58 | [String] 59 | ${Ex`EcUt`iONPo`LIcy}, 60 | 61 | [Switch] 62 | ${p`As`sThrU} 63 | ) 64 | 65 | 66 | If(${PsBOUN`dPARA`meT`ERs}[("{0}{1}"-f 'Pa','th')]) 67 | { 68 | &("{0}{1}{4}{2}{3}"-f 'Get-Ch','i','dIte','m','l') ${P`ATh} -ErrorAction ("{0}{1}" -f 'S','top') | &("{2}{1}{0}"-f'll','t-Nu','Ou') 69 | ${SC`R`i`pTStR`ING} = $OYDRiA::("{2}{0}{1}{3}" -f'e','adAll','R','Text').Invoke((&("{1}{0}{3}{2}" -f'es','R','e-Path','olv') ${pa`TH})) 70 | } 71 | Else 72 | { 73 | ${s`c`RiptsTri`Ng} = [String]${SCRi`pTbL`ock} 74 | } 75 | 76 | 77 | 78 | ${R`A`NdoMdEliMi`T`ErS} = @('_','-',',','{','}','~','!','@','%','&','<','>') 79 | 80 | 81 | @('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') | &("{0}{1}{2}" -f'F','o','rEach-Object') {${UP`P`eRLOWErcH`AR} = ${_}; If(((&("{1}{2}{0}"-f'Random','G','et-') -Input @(1..2))-1 -eq 0)) {${UPpe`R`l`owe`RchaR} = ${U`PP`erlOW`eRchAR}.("{1}{0}"-f'r','ToUppe').Invoke()} ${randOMDElI`MI`TE`Rs} += ${uPP`ErL`owe`RC`HaR}} 82 | 83 | 84 | ${RAnDo`MDELi`mIT`Ers} = (&("{2}{1}{0}"-f 'dom','t-Ran','Ge') -Input ${rANDomD`EL`IMi`TeRs} -Count (${r`AnDo`mdElIMIt`e`Rs}."cOu`Nt"/4)) 85 | 86 | 87 | ${hE`X`D`iGi`TRAnGE} = @(0,1,2,3,4,5,6,7,8,9,'a','A','b','B','c','C','d','D','e','E','f','F') 88 | ${BxOrVa`L`UE} = '0x' + (&("{1}{2}{0}"-f 'dom','Get-','Ran') -Input @(0..5)) + (&("{0}{3}{2}{1}" -f 'G','m','t-Rando','e') -Input ${Hexd`I`GItR`Ange}) 89 | 90 | 91 | ${D`ELI`MItEdEnCO`d`e`DarR`AY} = '' 92 | ([Char[]]${sCRIpt`St`Ri`Ng}) | &("{2}{0}{4}{3}{1}" -f'orEac','t','F','-Objec','h') {${DEl`imIte`D`en`Co`DedAr`RAY} += ([String]([Int][Char]${_} -BXOR ${BxO`RVa`L`UE}) + (&("{2}{0}{1}"-f'et-Ra','ndom','G') -Input ${raNd`OMdE`liMi`T`e`RS}))} 93 | 94 | 95 | ${deLiMI`TeDenco`DeDAr`R`AY} = ${de`lIMi`Te`de`NCoDEdaRrAY}.("{0}{1}{2}"-f'SubS','tr','ing').Invoke(0,${dELim`i`Te`denc`O`DEDArR`Ay}."lEng`TH"-1) 96 | 97 | 98 | ${rAn`doMDelIM`i`T`ERSt`OPRinT} = (&("{0}{2}{1}"-f'G','andom','et-R') -Input ${rA`NDo`M`dELimIteRs} -Count ${ra`N`dom`d`ELiMItE`Rs}."LE`NGTH") -Join '' 99 | 100 | 101 | ${FOR`EA`Ch`OBjE`CT} = &("{3}{1}{2}{0}" -f'om','an','d','Get-R') -Input @(("{2}{0}{1}" -f 'rEa','ch','Fo'),("{1}{2}{3}{0}{4}" -f'ch-Objec','Fo','rE','a','t'),'%') 102 | ${s`T`RJoiN} = ([Char[]]("{1}{3}{0}{2}"-f 'ng]','[St','::Join','ri') | &("{1}{2}{0}"-f 'ect','F','orEach-Obj') {${Ch`AR} = ${_}.("{0}{1}"-f 'To','String').Invoke().("{1}{0}" -f'ower','ToL').Invoke(); If(&("{1}{0}{2}" -f'-','Get','Random') -Input @(0..1)) {${ch`Ar} = ${ch`Ar}.("{0}{2}{1}"-f'ToU','r','ppe').Invoke()} ${c`hAR}}) -Join '' 103 | ${s`TR`str} = ([Char[]]("{0}{1}"-f '[St','ring]') | &("{2}{1}{0}{3}"-f'bje','rEach-O','Fo','ct') {${CH`Ar} = ${_}.("{2}{0}{1}"-f 'oStrin','g','T').Invoke().("{1}{0}" -f'er','ToLow').Invoke(); If(&("{2}{1}{3}{0}" -f'm','-Ran','Get','do') -Input @(0..1)) {${c`haR} = ${c`hAR}.("{1}{0}{2}" -f 'U','To','pper').Invoke()} ${C`hAr}}) -Join '' 104 | ${j`OIN} = ([Char[]]("{0}{1}"-f '-','Join') | &("{0}{1}{3}{2}"-f 'F','orEach','ject','-Ob') {${c`HAr} = ${_}.("{2}{0}{1}"-f 'n','g','ToStri').Invoke().("{0}{2}{1}" -f 'To','wer','Lo').Invoke(); If(&("{1}{0}{2}"-f't-Ran','Ge','dom') -Input @(0..1)) {${cH`Ar} = ${Ch`AR}.("{1}{2}{0}"-f 'r','ToUp','pe').Invoke()} ${ch`AR}}) -Join '' 105 | ${BX`or} = ([Char[]]("{1}{0}"-f'BXOR','-') | &("{4}{2}{1}{0}{3}" -f 'h-','c','Ea','Object','For') {${c`hAr} = ${_}.("{2}{0}{1}" -f 'i','ng','ToStr').Invoke().("{2}{1}{0}" -f'r','owe','ToL').Invoke(); If(&("{2}{3}{0}{1}" -f'd','om','Get-Ra','n') -Input @(0..1)) {${C`haR} = ${C`HaR}.("{2}{1}{0}" -f 'r','pe','ToUp').Invoke()} ${c`HaR}}) -Join '' 106 | ${cha`RsTR} = ([Char[]]("{1}{0}"-f'har','C') | &("{1}{3}{2}{0}" -f'ject','ForEa','h-Ob','c') {${CH`Ar} = ${_}.("{0}{2}{1}"-f 'To','ng','Stri').Invoke().("{1}{0}" -f'Lower','To').Invoke(); If(&("{1}{2}{0}" -f 'dom','Get-R','an') -Input @(0..1)) {${CH`Ar} = ${cH`Ar}.("{1}{2}{0}" -f 'er','T','oUpp').Invoke()} ${CH`Ar}}) -Join '' 107 | ${I`Nt} = ([Char[]]'Int' | &("{0}{2}{1}{3}" -f 'F','Each-','or','Object') {${CH`AR} = ${_}.("{1}{2}{0}" -f'ing','To','Str').Invoke().("{1}{0}" -f 'wer','ToLo').Invoke(); If(&("{1}{2}{3}{0}" -f'om','Get','-R','and') -Input @(0..1)) {${c`HAR} = ${ch`Ar}.("{0}{1}{2}" -f 'ToUp','pe','r').Invoke()} ${c`HAr}}) -Join '' 108 | ${forEA`cH`o`BJECt} = ([Char[]]${foR`EacHO`Bject} | &("{3}{2}{0}{1}" -f'bje','ct','Each-O','For') {${C`haR} = ${_}.("{0}{1}" -f'To','String').Invoke().("{0}{2}{1}"-f'To','wer','Lo').Invoke(); If(&("{1}{0}{2}" -f'ando','Get-R','m') -Input @(0..1)) {${C`hAR} = ${CH`Ar}.("{0}{1}" -f'ToUp','per').Invoke()} ${c`Har}}) -Join '' 109 | 110 | 111 | ${Ra`NdomdELIMiT`eR`sto`p`Rin`Tfo`RDaShS`Pl`It} = '' 112 | ForEach(${r`A`NdO`MDe`lIMit`er} in ${RA`N`DOM`DEL`ImIT`eRS}) 113 | { 114 | 115 | If(${SCR`Ip`TSTR`Ing}.("{1}{0}"-f 'ontains','C').Invoke('^')) 116 | { 117 | ${S`P`LIt} = ([Char[]]("{1}{0}" -f 't','Spli') | &("{0}{3}{2}{1}"-f'For','ect','ach-Obj','E') {${ch`Ar} = ${_}.("{0}{1}{2}"-f 'ToStr','i','ng').Invoke().("{1}{0}" -f'wer','ToLo').Invoke(); If(&("{2}{0}{1}"-f'a','ndom','Get-R') -Input @(0..1)) {${C`hAR} = ${Ch`Ar}.("{1}{0}{2}"-f'U','To','pper').Invoke()} ${C`hAR}}) -Join '' 118 | ${Rand`OMde`lImi`TERS`T`O`PRin`TFO`RdAS`HsPLiT} += '(' + (&("{1}{2}{3}{0}"-f 'om','G','et','-Rand') -Input @(("{0}{1}"-f'-R','eplace'),("{0}{2}{1}" -f'-','lace','CRep'))) + (' '+(('h7'+'F^h7F,h'+'7Fh'+'7F ') -REplACE 'h7F',[ChAr]39)+"-$Split") + ' '*(&("{2}{0}{1}" -f't-Ra','ndom','Ge') -Input @(0,1)) + "'" + ${R`A`NDO`M`dELImiTer} + "'" + ' '*(&("{1}{0}{2}" -f'o','Get-Rand','m') -Input @(0,1)) 119 | ${spl`it} = ([Char[]]((("{3}{5}{0}{1}{4}{2}"-f ',{0}','{0}).S','it','Replace({0}^{','pl','0}')) -F [cHar]39) | &("{0}{3}{1}{2}" -f 'F','ach-','Object','orE') {${cH`AR} = ${_}.("{2}{0}{1}" -f'o','String','T').Invoke().("{1}{0}"-f'wer','ToLo').Invoke(); If(&("{2}{1}{0}"-f 'om','et-Rand','G') -Input @(0..1)) {${C`Har} = ${ch`Ar}.("{1}{0}" -f 'pper','ToU').Invoke()} ${c`har}}) -Join '' 120 | } 121 | Else 122 | { 123 | ${s`p`LiT} = ([Char[]]("{1}{0}" -f 'lit','Sp') | &("{1}{0}{2}{3}" -f 'orEach','F','-Objec','t') {${c`haR} = ${_}.("{2}{0}{1}"-f 't','ring','ToS').Invoke().("{0}{2}{1}" -f 'T','r','oLowe').Invoke(); If(&("{1}{2}{0}" -f 'dom','Get-','Ran') -Input @(0..1)) {${CH`AR} = ${CH`Ar}.("{1}{0}"-f 'r','ToUppe').Invoke()} ${Ch`AR}}) -Join '' 124 | ${RAN`d`oM`DeliMI`TErStOP`R`i`Ntf`O`Rda`sHsPLIt} += ('-' + ${S`plIt} + ' '*(&("{0}{1}{3}{2}"-f'Ge','t-Ra','m','ndo') -Input @(0,1)) + "'" + ${rA`ND`Omd`ELIm`ITEr} + "'" + ' '*(&("{1}{2}{0}"-f'om','Get-','Rand') -Input @(0,1))) 125 | } 126 | 127 | 128 | ${s`pLIT} = ([Char[]]${spl`IT} | &("{0}{1}{3}{2}{4}"-f 'For','E','bjec','ach-O','t') {${Ch`Ar} = ${_}.("{0}{1}" -f 'ToStr','ing').Invoke().("{0}{1}{2}"-f'ToLo','we','r').Invoke(); If(&("{0}{2}{1}" -f'Get','om','-Rand') -Input @(0..1)) {${cH`Ar} = ${c`hAr}.("{0}{1}"-f'ToU','pper').Invoke()} ${c`HAR}}) -Join '' 129 | ${R`AndomdE`lI`mI`TerSTOPrINt`FordA`shSpL`IT} = ([Char[]]${rAndomdE`l`imit`e`RSto`prIn`TfOrDAs`h`Sp`L`It} | &("{2}{1}{0}" -f'ject','Each-Ob','For') {${c`hAR} = ${_}.("{1}{2}{0}" -f 'ring','ToS','t').Invoke().("{1}{0}"-f'Lower','To').Invoke(); If(&("{2}{1}{0}" -f'm','do','Get-Ran') -Input @(0..1)) {${cH`Ar} = ${c`HAR}.("{2}{0}{1}"-f 'pe','r','ToUp').Invoke()} ${C`har}}) -Join '' 130 | } 131 | ${raNdoMDeLiMiTER`STOPriNt`ForD`As`Hs`PL`it} = ${ra`NDo`M`DEL`iMIteRsto`p`R`i`Nt`F`orDAsHsPlit}.("{0}{1}" -f'T','rim').Invoke() 132 | 133 | 134 | ${en`co`DED`ArraY} = '' 135 | ([Char[]]${scrIpTSt`R`inG}) | &("{4}{1}{2}{0}{3}"-f'ch-','orE','a','Object','F') {${EncOD`E`DA`RRAY} += ([String]([Int][Char]${_} -BXOR ${b`xOR`VA`lue})) + ' '*(&("{0}{2}{1}" -f'Get-Ran','om','d') -Input @(0,1)) + ',' + ' '*(&("{2}{1}{0}"-f'dom','n','Get-Ra') -Input @(0,1))} 136 | 137 | 138 | ${ENcOdE`dar`RAy} = ('(' + ' '*(&("{2}{3}{1}{0}"-f'andom','R','Ge','t-') -Input @(0,1)) + ${En`co`DEdarrAy}.("{1}{0}"-f 'rim','T').Invoke().("{1}{0}"-f 'im','Tr').Invoke(',') + ')') 139 | 140 | 141 | 142 | 143 | 144 | ${Set`oFsVAr`synT`Ax} = @() 145 | ${s`e`TOF`sv`ARSynTaX} += ("{1}{0}" -f 'Item','Set-') + ' '*(&("{2}{1}{0}"-f'-Random','t','Ge') -Input @(1,2)) + ((("{0}{1}{2}{3}{4}" -f 'bNoV','ariab','le:OF','Sb','No'))."rE`p`LAce"(([CHAr]98+[CHAr]78+[CHAr]111),[sTrINg][CHAr]39)) + ' '*(&("{1}{0}{2}" -f't-Ra','Ge','ndom') -Input @(1,2)) + "''" 146 | ${se`ToFsvARSYnT`Ax} += (&("{1}{2}{3}{0}" -f'ndom','G','et-R','a') -Input @(("{0}{1}{3}{2}" -f 'S','e','able','t-Vari'),'SV','SET')) + ' '*(&("{1}{0}{2}"-f 'Rando','Get-','m') -Input @(1,2)) + ((("{2}{0}{1}" -f'tWOFSi','tW','i')) -REpLaCe([ChAR]105+[ChAR]116+[ChAR]87),[ChAR]39) + ' '*(&("{2}{0}{1}" -f'Rand','om','Get-') -Input @(1,2)) + "''" 147 | ${SeTOF`S`V`Ar} = (&("{0}{1}{2}" -f'Get-Rand','o','m') -Input ${S`e`Tof`SvaR`Syn`TaX}) 148 | 149 | ${sETofs`V`A`RBaCKs`yNTAx} = @() 150 | ${SetOfSvAr`B`AC`KsYNt`AX} += ("{1}{2}{0}" -f 'm','Set','-Ite') + ' '*(&("{1}{2}{0}" -f'dom','Get','-Ran') -Input @(1,2)) + ((("{4}{1}{2}{0}{6}{5}{3}" -f 'a','}','Vari','{0}','{0','e:OFS','bl')) -f [chAR]39) + ' '*(&("{0}{1}{2}" -f'G','et-R','andom') -Input @(1,2)) + "' '" 151 | ${sE`TOFSVA`R`BAckS`yntAX} += (&("{1}{0}{2}{3}"-f't-Ra','Ge','ndo','m') -Input @(("{2}{1}{0}" -f 'riable','t-Va','Se'),'SV','SET')) + ' '*(&("{0}{1}{2}"-f'Get','-Ra','ndom') -Input @(1,2)) + ((("{3}{1}{0}{2}"-f'F','qnO','SSqn','S'))."rEp`LA`ce"(([Char]83+[Char]113+[Char]110),[sTRinG][Char]39)) + ' '*(&("{1}{0}{2}" -f 'Ran','Get-','dom') -Input @(1,2)) + "' '" 152 | ${Se`TofsvAR`B`AcK} = (&("{2}{0}{1}" -f '-Rando','m','Get') -Input ${sET`of`sv`ARBAckSynT`AX}) 153 | 154 | 155 | ${SeT`ofS`VAR} = ([Char[]]${SE`ToFsv`AR} | &("{1}{2}{3}{0}" -f 'ect','ForE','ach-O','bj') {${cH`Ar} = ${_}.("{1}{0}"-f 'ng','ToStri').Invoke().("{0}{1}"-f 'T','oLower').Invoke(); If(&("{2}{0}{1}" -f 'nd','om','Get-Ra') -Input @(0..1)) {${c`Har} = ${c`HAR}.("{0}{2}{1}" -f 'ToU','er','pp').Invoke()} ${cH`Ar}}) -Join '' 156 | ${sEto`FsVAR`BAck} = ([Char[]]${SE`TOfSvARB`AcK} | &("{3}{0}{2}{1}" -f'a','h-Object','c','ForE') {${c`hAr} = ${_}.("{1}{0}{2}" -f 'oSt','T','ring').Invoke().("{2}{0}{1}" -f 'ow','er','ToL').Invoke(); If(&("{1}{0}{3}{2}"-f 't-R','Ge','m','ando') -Input @(0..1)) {${ch`Ar} = ${cH`AR}.("{1}{0}"-f 'oUpper','T').Invoke()} ${C`hAr}}) -Join '' 157 | 158 | 159 | ${q`U`OtEs} = &("{2}{1}{0}"-f'dom','t-Ran','Ge') -Input @('"',"'",' ') 160 | ${b`xO`RSyn`Tax} = ${bX`Or} + ' '*(&("{0}{2}{1}"-f'G','dom','et-Ran') -Input @(0,1)) + ${Q`UOtes} + ${bXO`R`VAl`UE} + ${quO`T`Es} 161 | ${bx`orcO`Nv`Ers`ion} = '{' + ' '*(&("{1}{0}{2}"-f't-Rand','Ge','om') -Input @(0,1)) + "[$CharStr]" + ' '*(&("{2}{1}{0}{3}"-f 'nd','a','Get-R','om') -Input @(0,1)) + '(' + ' '*(&("{0}{2}{1}"-f'Get','dom','-Ran') -Input @(0,1)) + '$_' + ' '*(&("{2}{1}{0}"-f'Random','et-','G') -Input @(0,1)) + ${bxO`RS`ynT`Ax} + ' '*(&("{1}{2}{0}" -f'andom','Get-','R') -Input @(0,1)) + ')' + ' '*(&("{0}{2}{1}"-f'Get-Ra','om','nd') -Input @(0,1)) + '}' 162 | 163 | 164 | ${b`ASesc`RIPTa`Rr`AY} = @() 165 | ${ba`seS`CrIp`TArrAy} += '(' + ' '*(&("{0}{3}{1}{2}"-f 'Ge','-R','andom','t') -Input @(0,1)) + "[$CharStr[]]" + ' '*(&("{1}{0}{3}{2}" -f'et-Rand','G','m','o') -Input @(0,1)) + ${ENc`OdeD`A`RrAY} + ' '*(&("{3}{1}{2}{0}" -f 'dom','et-','Ran','G') -Input @(0,1)) + '|' + ' '*(&("{3}{1}{0}{2}" -f'Rand','t-','om','Ge') -Input @(0,1)) + ${f`oR`eAc`hOB`Ject} + ' '*(&("{1}{0}{2}"-f'do','Get-Ran','m') -Input @(0,1)) + ${bxoRCo`Nve`Rsi`ON} + ' '*(&("{2}{0}{3}{1}" -f'et-Ran','om','G','d') -Input @(0,1)) + ')' 166 | ${baSESc`R`IP`TarrAy} += '(' + ' '*(&("{0}{2}{1}"-f 'Get-Ran','om','d') -Input @(0,1)) + "'" + ${d`EL`imiTeD`ENcODe`D`ARRAy} + "'." + ${Sp`LiT} + "(" + ' '*(&("{0}{1}{2}" -f'Get','-R','andom') -Input @(0,1)) + "'" + ${rAn`DoMd`eLimI`T`er`s`TOp`RiNT} + "'" + ' '*(&("{2}{0}{1}" -f 'd','om','Get-Ran') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}" -f 'm','et-Rando','G') -Input @(0,1)) + '|' + ' '*(&("{1}{3}{2}{0}"-f 'm','Get-','ando','R') -Input @(0,1)) + ${F`oR`ea`ch`oBJECt} + ' '*(&("{0}{1}{2}"-f'Ge','t-Ran','dom') -Input @(0,1)) + ${bX`or`c`onVersi`on} + ' '*(&("{0}{1}{2}{3}" -f 'Get-R','a','ndo','m') -Input @(0,1)) + ')' 167 | ${bA`SesC`R`i`PTarRAY} += '(' + ' '*(&("{0}{2}{1}" -f'Get-R','m','ando') -Input @(0,1)) + "'" + ${deLIm`iT`Ed`eNcodE`DarRaY} + "'" + ' '*(&("{0}{2}{1}{3}"-f'Get','Rando','-','m') -Input @(0,1)) + ${RaN`Do`mdeli`m`ite`RS`ToprI`Nt`FordaS`HSPlit} + ' '*(&("{1}{2}{0}{3}" -f'-Ra','G','et','ndom') -Input @(0,1)) + '|' + ' '*(&("{2}{0}{1}"-f 'et-','Random','G') -Input @(0,1)) + ${fOR`e`AcHoBJe`ct} + ' '*(&("{0}{1}{2}"-f 'G','et-Ra','ndom') -Input @(0,1)) + ${B`xO`RC`oNve`RsiON} + ' '*(&("{3}{2}{1}{0}"-f 'm','Rando','t-','Ge') -Input @(0,1)) + ')' 168 | ${BaS`Es`criptarr`AY} += '(' + ' '*(&("{2}{1}{0}" -f'm','Rando','Get-') -Input @(0,1)) + ${enC`O`DEDarr`Ay} + ' '*(&("{2}{0}{1}"-f 't','-Random','Ge') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}" -f 'om','Ge','t-Rand') -Input @(0,1)) + ${F`OREac`H`Ob`jECt} + ' '*(&("{0}{2}{1}" -f'Get-Ra','dom','n') -Input @(0,1)) + ${b`Xor`cO`NVe`RsIoN} + ' '*(&("{1}{2}{0}{3}"-f't-Ra','G','e','ndom') -Input @(0,1)) + ')' 169 | 170 | 171 | ${N`Ewsc`RiPT`A`RRay} = @() 172 | ${Ne`W`ScRIP`Ta`RRAy} += (&("{1}{2}{0}" -f'ndom','G','et-Ra') -Input ${bAsEsc`R`IP`TArRay}) + ' '*(&("{0}{2}{1}"-f 'G','-Random','et') -Input @(0,1)) + ${j`oIN} + ' '*(&("{1}{0}{3}{2}"-f't-Ra','Ge','m','ndo') -Input @(0,1)) + "''" 173 | ${neWs`crIptA`R`RAy} += ${JO`in} + ' '*(&("{3}{1}{2}{0}" -f'm','t-Ra','ndo','Ge') -Input @(0,1)) + (&("{1}{2}{0}" -f'om','G','et-Rand') -Input ${baSe`scRIp`Ta`RRay}) 174 | ${NE`W`SCrIp`T`ARrAy} += ${Strj`o`In} + '(' + ' '*(&("{1}{2}{0}" -f'dom','G','et-Ran') -Input @(0,1)) + "''" + ' '*(&("{1}{2}{0}" -f'dom','Get-R','an') -Input @(0,1)) + ',' + ' '*(&("{2}{0}{1}" -f'-R','andom','Get') -Input @(0,1)) + (&("{0}{3}{2}{1}" -f 'Get-','dom','an','R') -Input ${BAS`eScriPT`ArRAy}) + ' '*(&("{1}{2}{0}"-f'm','Get','-Rando') -Input @(0,1)) + ')' 175 | ${N`ews`cRip`Ta`RraY} += '"' + ' '*(&("{0}{1}{2}"-f'Get-','Ra','ndom') -Input @(0,1)) + '$(' + ' '*(&("{0}{1}{2}"-f 'G','et-','Random') -Input @(0,1)) + ${sETof`s`Var} + ' '*(&("{0}{1}{2}"-f 'Get','-Ra','ndom') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{1}"-f'o','m','Get-Rand') -Input @(0,1)) + '"' + ' '*(&("{2}{1}{0}" -f 'ndom','Ra','Get-') -Input @(0,1)) + '+' + ' '*(&("{2}{1}{3}{0}"-f'dom','et','G','-Ran') -Input @(0,1)) + ${Strs`TR} + (&("{0}{2}{1}" -f'Get-Rand','m','o') -Input ${baSeSC`RI`pT`ARR`Ay}) + ' '*(&("{1}{2}{0}"-f 'm','Get-Rand','o') -Input @(0,1)) + '+' + '"' + ' '*(&("{1}{0}{2}"-f 'd','Get-Ran','om') -Input @(0,1)) + '$(' + ' '*(&("{0}{2}{1}" -f 'Get','Random','-') -Input @(0,1)) + ${sE`TOFSVARB`A`ck} + ' '*(&("{2}{0}{1}" -f 'et-Ra','ndom','G') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Ge','t-Rand','om') -Input @(0,1)) + '"' 176 | 177 | 178 | ${n`ew`sCri`pt} = (&("{0}{2}{1}" -f'G','m','et-Rando') -Input ${nEW`sc`R`ipt`ARrAY}) 179 | 180 | 181 | 182 | ${InVok`EEx`Pre`SsIon`SynTaX} = @() 183 | ${iN`VO`keEx`presSI`Ons`y`NtAx} += (&("{1}{2}{0}"-f'ndom','Get','-Ra') -Input @('IEX',("{2}{4}{0}{1}{3}" -f'oke-','Expre','In','ssion','v'))) 184 | 185 | 186 | 187 | ${In`VocaT`iONo`p`EratOr} = (&("{1}{3}{2}{0}"-f 'ndom','G','a','et-R') -Input @('.','&')) + ' '*(&("{2}{1}{0}"-f'dom','-Ran','Get') -Input @(0,1)) 188 | ${I`Nvo`keEXP`R`ESsIoNSY`NTaX} += ${Inv`oCa`TioNO`peRA`ToR} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 189 | ${inVoKeEXPRe`sSio`N`s`yN`TAx} += ${i`NVOCat`iONO`PE`RAT`or} + ('( '+"`$PSHome[") + (&("{2}{1}{0}"-f 'ndom','-Ra','Get') -Input @(4,21)) + "]+`$PSHome[" + (&("{0}{1}{2}{3}" -f 'Ge','t-R','a','ndom') -Input @(30,34)) + (((("{1}{0}{2}" -f '+YEyxYEy',']',')')) -cREPlACe 'YEy',[CHar]39)) 190 | ${inV`oK`eexPrEs`SionSYn`TaX} += ${i`NV`OcatIoNoPERAT`or} + ('( '+"`$env:ComSpec[4,") + (&("{1}{0}{2}" -f'-Rando','Get','m') -Input @(15,24,26)) + (((("{5}{3}{4}{2}{1}{0}" -f'0})','{','}','-Join{','0',',25]'))-F [chaR]39)) 191 | ${inVoKEEX`PRes`sIOns`y`N`TAx} += ${InVOC`A`Tio`N`oPErat`Or} + "((" + (&("{2}{0}{1}"-f 't','-Random','Ge') -Input @(("{2}{1}{0}{3}" -f 't-Variab','e','G','le'),'GV',("{0}{1}{2}" -f'Varia','b','le'))) + ((("{2}{0}{4}{5}{1}{6}{3}"-f 'zU','zU',' zU3*mdr*',')','3).Name[3,11,2',']-Join','3zU3'))."r`e`PLAce"(([Char]122+[Char]85+[Char]51),[STRInG][Char]39)) 192 | ${InvO`KeEXpRE`sS`Ions`yN`TAX} += ${INvOCA`TI`ONOPerA`TOr} + "( " + (&("{0}{1}{2}" -f 'Get','-Ra','ndom') -Input @(((('g'+'f'+'8Ve'+'rbosePrefere'+'nce.T'+'o'+'String('+')')-CREPlACe 'gf8',[cHaR]36)),((('([Stri'+'n'+'g]ve'+'SVe'+'rbosePr'+'e'+'f'+'erence'+')') -RepLACE ([char]118+[char]101+[char]83),[char]36)))) + (((("{3}{0}{4}{2}{1}{5}"-f '{0}','0','0}-Join{','[1,3]+','x{','}{0})')) -F[cHaR]39)) 193 | 194 | 195 | 196 | 197 | ${I`NVo`ke`eXPr`Ession} = (&("{1}{2}{0}{3}"-f'nd','Ge','t-Ra','om') -Input ${iNVoKee`xPR`ES`SIOnSy`NtAx}) 198 | 199 | 200 | ${IN`VO`kEeXPreS`SI`on} = ([Char[]]${inVOKeEx`p`R`E`sSiOn} | &("{1}{2}{3}{4}{0}" -f'ect','ForEa','c','h','-Obj') {${CH`AR} = ${_}.("{1}{0}"-f 'g','ToStrin').Invoke().("{0}{2}{1}" -f'T','r','oLowe').Invoke(); If(&("{0}{2}{1}" -f'Get','ndom','-Ra') -Input @(0..1)) {${C`hAr} = ${C`haR}.("{0}{1}"-f 'To','Upper').Invoke()} ${C`HAr}}) -Join '' 201 | 202 | 203 | ${iN`VoKeop`TiONs} = @() 204 | ${iNv`oke`OPTioNS} += ' '*(&("{1}{0}{2}"-f't','Ge','-Random') -Input @(0,1)) + ${iN`VOKEEx`p`RessIon} + ' '*(&("{1}{0}{2}" -f '-Rando','Get','m') -Input @(0,1)) + '(' + ' '*(&("{3}{0}{2}{1}"-f '-R','om','and','Get') -Input @(0,1)) + ${n`e`wscRIpt} + ' '*(&("{2}{1}{0}"-f'dom','Ran','Get-') -Input @(0,1)) + ')' + ' '*(&("{0}{3}{1}{2}"-f'Get-','ando','m','R') -Input @(0,1)) 205 | ${in`V`OKe`OpTi`OnS} += ' '*(&("{3}{2}{1}{0}"-f'ndom','Ra','-','Get') -Input @(0,1)) + ${N`E`WsCRiPt} + ' '*(&("{0}{1}{2}"-f 'Get-R','and','om') -Input @(0,1)) + '|' + ' '*(&("{0}{2}{1}{3}" -f'Get-','do','Ran','m') -Input @(0,1)) + ${iNVO`KeeXpr`e`SSiON} 206 | 207 | ${neWsC`R`ipt} = (&("{2}{0}{1}"-f't-Rand','om','Ge') -Input ${inVo`KeO`ptI`onS}) 208 | 209 | 210 | If(!${Ps`B`OundParame`TERS}[("{0}{2}{1}"-f 'Pas','ru','sTh')]) 211 | { 212 | 213 | ${pOwe`R`shEllF`lagS} = @() 214 | 215 | 216 | 217 | ${c`omM`A`NdLIneo`PTi`oNs} = &("{2}{1}{0}"-f 'Object','w-','Ne') ("{1}{2}{0}" -f ']','String','[')(0) 218 | If(${p`sBo`U`NdPARA`metERS}[("{0}{2}{1}" -f 'No','t','Exi')]) 219 | { 220 | ${F`U`llaRGuM`enT} = ("{0}{1}"-f '-N','oExit'); 221 | ${cOM`m`A`NdLI`NE`opTIonS} += ${Ful`L`Arg`UmEnt}.("{1}{2}{0}"-f 'ng','SubStr','i').Invoke(0,(&("{1}{2}{0}{3}"-f'Ran','G','et-','dom') -Minimum 4 -Maximum (${fUl`lar`Gu`Ment}."Le`Ng`Th"+1))) 222 | } 223 | If(${psB`o`UnDPA`R`AMETE`Rs}[("{2}{1}{0}" -f 'ile','rof','NoP')]) 224 | { 225 | ${f`UllarGU`meNT} = ("{0}{2}{1}"-f'-No','e','Profil'); 226 | ${C`OmMANdlInE`oP`T`i`ONS} += ${f`UL`LArGUMe`Nt}.("{0}{1}" -f'SubStrin','g').Invoke(0,(&("{2}{0}{1}" -f'-','Random','Get') -Minimum 4 -Maximum (${FUlLArg`U`M`eNT}."L`enGTH"+1))) 227 | } 228 | If(${pS`Bou`NdPArA`M`E`TErS}[("{0}{3}{2}{1}"-f 'NonInte','ve','ti','rac')]) 229 | { 230 | ${fU`LLaRGUm`eNT} = ("{2}{0}{3}{1}" -f'N','ractive','-','onInte'); 231 | ${c`OmmA`N`dl`Ine`opti`ONS} += ${FULLaR`GU`mENT}.("{0}{1}{2}"-f 'S','ubStr','ing').Invoke(0,(&("{0}{2}{1}" -f 'Get-R','m','ando') -Minimum 5 -Maximum (${f`U`l`largU`MENT}."l`EnGtH"+1))) 232 | } 233 | If(${p`Sb`o`UndPAr`AMeTERs}[("{1}{0}" -f'ogo','NoL')]) 234 | { 235 | ${fuLlARGUm`E`Nt} = ("{0}{1}{2}"-f '-NoLo','g','o'); 236 | ${cO`MmANDL`iNE`opTi`onS} += ${F`ULlar`gUmEnT}.("{1}{0}{2}" -f'trin','SubS','g').Invoke(0,(&("{2}{1}{0}" -f'dom','t-Ran','Ge') -Minimum 4 -Maximum (${fu`lLarG`Um`eNt}."LEng`Th"+1))) 237 | } 238 | If(${PSbO`UnD`PAramET`E`Rs}[("{2}{1}{3}{0}" -f 'e','indowSty','W','l')] -OR ${wIndO`W`sS`T`yLe}) 239 | { 240 | ${FULlA`RGu`MeNT} = ("{1}{0}{2}"-f 'owSty','-Wind','le') 241 | If(${wIN`DowsS`Tyle}) {${argU`mEntva`luE} = ${wind`owSSt`yLe}} 242 | Else {${ar`GUMeNTv`A`L`Ue} = ${p`s`B`oundPaRaMe`TeRS}[("{3}{2}{1}{0}" -f 'e','Styl','dow','Win')]} 243 | 244 | 245 | Switch(${aRG`U`MENtValue}.("{0}{1}"-f 'T','oLower').Invoke()) 246 | { 247 | ("{0}{1}" -f'no','rmal') {If(&("{0}{2}{1}{3}" -f 'Get','ando','-R','m') -Input @(0..1)) {${ARG`UmENTV`AlUE} = (&("{0}{1}{2}" -f 'Get-','Rand','om') -Input @('0','n','no','nor',("{0}{1}" -f'nor','m'),("{0}{1}"-f'no','rma')))}} 248 | ("{0}{1}"-f'hidd','en') {If(&("{0}{1}{2}"-f'Ge','t-R','andom') -Input @(0..1)) {${arG`Um`E`NT`VAlUe} = (&("{0}{2}{1}" -f 'G','andom','et-R') -Input @('1','h','hi','hid',("{1}{0}"-f'idd','h'),("{0}{1}" -f 'hi','dde')))}} 249 | ("{2}{1}{0}" -f 'nimized','i','m') {If(&("{1}{2}{0}"-f 'm','Get-R','ando') -Input @(0..1)) {${ar`gu`MenTvAL`UE} = (&("{0}{1}{2}" -f 'Get-R','ando','m') -Input @('2','mi','min',("{0}{1}" -f'min','i'),("{1}{0}"-f'inim','m'),("{1}{0}" -f'inimi','m'),("{1}{0}"-f 'iz','minim'),("{1}{0}{2}"-f'z','minimi','e')))}} 250 | ("{1}{0}" -f'aximized','m') {If(&("{2}{1}{0}"-f 'Random','-','Get') -Input @(0..1)) {${aR`gumENtv`AL`Ue} = (&("{1}{0}{2}"-f 'an','Get-R','dom') -Input @('3','ma','max',("{1}{0}" -f'axi','m'),("{0}{1}"-f 'maxi','m'),("{1}{0}"-f'ximi','ma'),("{0}{2}{1}" -f 'm','imiz','ax'),("{0}{1}"-f'max','imize')))}} 251 | ("{1}{0}"-f'efault','d') {&("{1}{0}{2}" -f'-Err','Write','or') ('An'+' '+'i'+'nv'+'alid '+"`$ArgumentValue "+'va'+'lu'+'e '+"($ArgumentValue) "+'wa'+'s '+'pas'+'s'+'ed '+'to'+' '+'swit'+'ch'+' '+'block'+' '+'for'+' '+'Out-'+'Powe'+'rShe'+'llL'+'aunch'+'er.'); Exit;} 252 | } 253 | 254 | ${p`ow`E`RSHELLfLAGS} += ${F`U`LlARGumenT}.("{1}{0}{2}" -f'trin','SubS','g').Invoke(0,(&("{2}{0}{1}"-f 'et-Ran','dom','G') -Minimum 2 -Maximum (${fu`LLA`Rg`UMENT}."l`ENG`Th"+1))) + ' '*(&("{2}{0}{1}"-f 'a','ndom','Get-R') -Minimum 1 -Maximum 3) + ${ARgUmeN`Tv`A`lUe} 255 | } 256 | If(${PSBoUn`dp`AR`A`mETe`Rs}[("{2}{0}{1}{3}"-f 'e','cutionPolic','Ex','y')] -OR ${E`xe`c`UtIoNP`olIcy}) 257 | { 258 | ${fU`LlAr`GumE`NT} = ("{4}{2}{1}{3}{5}{0}"-f 'y','ut','c','ion','-Exe','Polic') 259 | If(${Ex`eC`U`TIoNpOLiCY}) {${a`Rg`UMeNtVa`LUE} = ${E`XEcUtio`NP`OliCY}} 260 | Else {${A`RGuMEN`TvA`LUe} = ${p`sbOU`NDpAr`Am`e`TerS}[("{0}{3}{2}{4}{1}"-f'ExecutionP','cy','l','o','i')]} 261 | 262 | ${ExE`cUt`i`OnP`OlICyF`LAGS} = @() 263 | ${eXeCUtIO`N`PoL`ICYf`lAgS} += '-EP' 264 | For(${in`d`EX}=3; ${In`D`EX} -le ${fU`LL`AR`GUmE`NT}."leng`TH"; ${Ind`Ex}++) 265 | { 266 | ${E`XE`C`UTiOnP`OLI`cYF`lags} += ${FULLar`GuM`E`NT}.("{1}{2}{0}" -f 'ng','S','ubStri').Invoke(0,${IND`ex}) 267 | } 268 | ${eXEcuTI`onpo`LI`cYFlaG} = &("{2}{0}{1}"-f 'ndo','m','Get-Ra') -Input ${ex`E`C`U`TIONPoliCYfLA`GS} 269 | ${p`owE`R`ShellF`LagS} += ${EXE`CUtIon`P`O`lIC`yF`Lag} + ' '*(&("{0}{2}{1}" -f'G','t-Random','e') -Minimum 1 -Maximum 3) + ${Ar`Gu`m`en`TVAlue} 270 | } 271 | 272 | 273 | 274 | If(${c`Om`mANDLINeo`PtIonS}."cOU`NT" -gt 1) 275 | { 276 | ${cOMmaNdl`in`E`oPTI`O`Ns} = &("{0}{3}{2}{1}" -f 'Ge','m','-Rando','t') -InputObject ${cOmMANdl`iNEOP`T`i`O`Ns} -Count ${c`oM`mAnDL`InEOPt`IOns}."C`OunT" 277 | } 278 | 279 | 280 | If(${P`SBo`UnDp`AR`Amet`erS}[("{1}{0}{2}" -f'm','Co','mand')]) 281 | { 282 | ${FUllA`RGuMe`Nt} = ("{0}{2}{1}"-f'-','mmand','Co') 283 | ${C`OMMANd`LiNE`oPtIoNS} += ${F`Ul`LArguMeNT}.("{0}{3}{1}{2}" -f 'Sub','t','ring','S').Invoke(0,(&("{1}{2}{0}"-f 'm','Get-R','ando') -Minimum 2 -Maximum (${fu`LLa`RgUmeNt}."l`ENG`TH"+1))) 284 | } 285 | 286 | 287 | For(${i}=0; ${i} -lt ${POWE`RsH`EllFL`AGS}."C`oUnT"; ${i}++) 288 | { 289 | ${Po`WERs`H`El`Lfl`AGs}[${I}] = ([Char[]]${pOwer`S`hel`l`FLags}[${I}] | &("{1}{0}{2}"-f '-Objec','ForEach','t') {${c`hAR} = ${_}.("{2}{0}{1}"-f'trin','g','ToS').Invoke().("{1}{0}" -f 'Lower','To').Invoke(); If(&("{0}{2}{1}" -f 'G','dom','et-Ran') -Input @(0..1)) {${C`HaR} = ${c`hAR}.("{2}{1}{0}"-f 'r','Uppe','To').Invoke()} ${c`HAR}}) -Join '' 290 | } 291 | 292 | 293 | ${com`mAndLI`Neo`PT`IoNS} = (${C`ommanD`lin`EOPtIO`Ns} | &("{4}{3}{2}{0}{1}" -f 'jec','t','-Ob','Each','For') {${_} + " "*(&("{1}{2}{0}" -f'm','Get-R','ando') -Minimum 1 -Maximum 3)}) -Join '' 294 | ${COMmA`NdLIN`eoP`TI`Ons} = " "*(&("{0}{1}{2}" -f 'Get-Ran','d','om') -Minimum 0 -Maximum 3) + ${c`OMMA`N`dlin`EOp`Tions} + " "*(&("{2}{1}{0}" -f'dom','t-Ran','Ge') -Minimum 0 -Maximum 3) 295 | 296 | 297 | If(${ps`B`Ou`ND`paRamE`TeRS}[("{1}{0}"-f 'ow64','W')]) 298 | { 299 | ${CommA`NDlinE`O`UtPUt} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 300 | } 301 | Else 302 | { 303 | 304 | 305 | ${comm`AND`l`Ineout`PUT} = "powershell $($CommandlineOptions) `"$NewScript`" " 306 | } 307 | 308 | 309 | ${CmDMA`X`l`EnGtH} = 8190 310 | If(${CoMMaNdlI`N`e`ouTp`Ut}."lEnG`Th" -gt ${Cm`DMax`l`ENgTH}) 311 | { 312 | &("{2}{0}{3}{1}"-f'ite-War','ing','Wr','n') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 313 | } 314 | 315 | ${nEws`c`R`ipT} = ${co`m`mAnDLI`NEouT`pUt} 316 | } 317 | 318 | Return ${NEW`sCrI`pt} 319 | } 320 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedBinaryCommand.ps1: -------------------------------------------------------------------------------- 1 | &("{2}{0}{1}"-f 'ET','-iTEM','S') ("v"+"ariA"+"bLE:"+"4c"+"K0X") ([typE]("{1}{0}"-F'O.FiLE','i') ) ; $Yxo =[typE]("{0}{1}"-f 'C','ONVErT'); 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function OuT-`eN`Co`d`ED`BiNaRycoMMA`Nd 21 | { 22 | 23 | 24 | [CmdletBinding(deFAUlTparaMEtersEtName = {"{1}{0}{2}"-f'ile','F','Path'})] Param ( 25 | [Parameter(POsITION = 0, VAlUEfROMPiPELiNe = ${Tr`UE}, ParAMETErSEtnaME = "SCRi`PtB`loCk")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${SC`RiP`TBLO`Ck}, 29 | 30 | [Parameter(pOSItion = 0, pARAMETErsETNAme = "FI`leP`ATH")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${p`AtH}, 34 | 35 | [Switch] 36 | ${No`ex`IT}, 37 | 38 | [Switch] 39 | ${n`OPRoF`Ile}, 40 | 41 | [Switch] 42 | ${NoNiNT`Era`C`TI`Ve}, 43 | 44 | [Switch] 45 | ${no`LOgO}, 46 | 47 | [Switch] 48 | ${w`ow64}, 49 | 50 | [Switch] 51 | ${C`O`mMand}, 52 | 53 | [ValidateSet({"{2}{0}{1}"-f 'm','al','Nor'}, {"{1}{2}{0}" -f'zed','Mi','nimi'}, {"{0}{1}{2}" -f 'Max','imiz','ed'}, {"{1}{0}" -f'idden','H'})] 54 | [String] 55 | ${wInD`OW`stY`lE}, 56 | 57 | [ValidateSet({"{0}{2}{1}"-f 'By','ass','p'}, {"{0}{2}{1}{3}" -f 'U','estr','nr','icted'}, {"{0}{1}{2}"-f 'RemoteSi','gn','ed'}, {"{2}{1}{0}" -f'ed','gn','AllSi'}, {"{2}{0}{1}" -f 'estri','cted','R'})] 58 | [String] 59 | ${EXECUTioNpo`l`i`CY}, 60 | 61 | [Switch] 62 | ${P`AS`sthRu} 63 | ) 64 | 65 | 66 | ${E`Nc`O`DingBa`se} = 2 67 | 68 | 69 | If(${pSBOu`ND`par`AME`Ters}[("{0}{1}" -f 'Pa','th')]) 70 | { 71 | &("{4}{3}{2}{0}{1}"-f'dIte','m','l','Chi','Get-') ${pA`TH} -ErrorAction ("{1}{0}"-f'top','S') | &("{0}{1}"-f'O','ut-Null') 72 | ${sCrI`PT`ST`RINg} = $4CK0X::("{2}{3}{0}{1}"-f 'lT','ext','Rea','dAl').Invoke((&("{2}{0}{3}{1}"-f 's','-Path','Re','olve') ${pA`Th})) 73 | } 74 | Else 75 | { 76 | ${SCrIPT`S`TrIng} = [String]${SCr`ipTB`Lo`CK} 77 | } 78 | 79 | 80 | 81 | ${rA`NDOM`dEli`mITErS} = @('_','-',',','{','}','~','!','@','%','&','<','>',';',':') 82 | 83 | 84 | @('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') | &("{2}{3}{1}{0}"-f 'bject','-O','For','Each') {${UppeRloWER`cH`AR} = ${_}; If(((&("{2}{0}{1}" -f'o','m','Get-Rand') -Input @(1..2))-1 -eq 0)) {${up`pErl`oWercH`AR} = ${uPpEr`lo`W`eRC`HaR}.("{0}{1}"-f'ToU','pper').Invoke()} ${rAND`O`mDELimIt`eRS} += ${U`pPeRL`oW`ErChaR}} 85 | 86 | 87 | ${raNdO`mDE`lI`miTerS} = (&("{0}{2}{1}" -f'Get-R','om','and') -Input ${raNDo`M`DElimIte`Rs} -Count (${rA`N`D`omDEl`IMitErS}."CoU`Nt"/4)) 88 | 89 | 90 | ${dELImiTE`DencOde`DA`RR`AY} = '' 91 | ([Char[]]${scrI`PTSt`Ri`Ng}) | &("{0}{2}{1}{3}" -f'ForEac','ec','h-Obj','t') {${D`EL`IM`it`EdEnCOd`eDA`RRay} += ( (&('gi') VariAbLe:YXo )."vA`LuE"::"tOs`TR`InG"(([Int][Char]${_}),${EN`CO`dI`NgbAse}) + (&("{1}{2}{0}" -f'-Random','Ge','t') -Input ${ran`d`OmD`E`LIMite`RS}))} 92 | 93 | 94 | ${deLIM`i`TED`ENC`odedAR`RAy} = ${dE`li`mITEd`ENC`OdEdaR`RAY}.("{0}{2}{1}" -f'Su','ng','bStri').Invoke(0,${deLImITE`denco`D`EdAR`R`Ay}."L`e`NGTH"-1) 95 | 96 | 97 | ${raNDOmDEL`IM`it`Er`STOpRiNt} = (&("{2}{0}{1}"-f'et-','Random','G') -Input ${RaNdo`MdElI`M`I`Ters} -Count ${R`AND`OmdEL`i`MITe`RS}."LEng`TH") -Join '' 98 | 99 | 100 | ${f`O`R`eAchobjEcT} = &("{0}{1}{2}" -f'Get-Ra','n','dom') -Input @(("{0}{1}"-f'For','Each'),("{0}{3}{2}{1}"-f 'Fo','bject','ch-O','rEa'),'%') 101 | ${st`RJOIN} = ([Char[]]("{1}{2}{4}{0}{3}" -f '::Joi','[S','tr','n','ing]') | &("{1}{0}{4}{3}{2}"-f'o','F','bject','O','rEach-') {${CH`Ar} = ${_}.("{0}{1}"-f 'T','oString').Invoke().("{1}{0}" -f'ower','ToL').Invoke(); If(&("{0}{1}{2}" -f 'Get-Ra','n','dom') -Input @(0..1)) {${CH`Ar} = ${c`haR}.("{1}{0}"-f'Upper','To').Invoke()} ${CH`Ar}}) -Join '' 102 | ${s`TrstR} = ([Char[]]("{1}{0}"-f'tring]','[S') | &("{3}{2}{0}{1}"-f '-O','bject','Each','For') {${c`HaR} = ${_}.("{1}{0}"-f 'ng','ToStri').Invoke().("{1}{0}"-f 'oLower','T').Invoke(); If(&("{0}{1}{2}"-f 'G','et-Ran','dom') -Input @(0..1)) {${cH`Ar} = ${cH`AR}.("{2}{0}{1}" -f 'Uppe','r','To').Invoke()} ${c`haR}}) -Join '' 103 | ${jo`in} = ([Char[]]("{1}{0}" -f 'in','-Jo') | &("{0}{1}{2}" -f'F','orEach-O','bject') {${c`HaR} = ${_}.("{2}{0}{1}" -f'i','ng','ToStr').Invoke().("{0}{1}"-f 'ToL','ower').Invoke(); If(&("{2}{3}{0}{1}"-f '-Rando','m','G','et') -Input @(0..1)) {${c`hAr} = ${Ch`AR}.("{0}{1}" -f'T','oUpper').Invoke()} ${c`HAr}}) -Join '' 104 | ${C`hA`RsTR} = ([Char[]]("{0}{1}"-f 'Cha','r') | &("{0}{2}{1}{3}" -f 'For','bj','Each-O','ect') {${Ch`Ar} = ${_}.("{1}{0}{2}" -f 'oS','T','tring').Invoke().("{1}{0}{2}"-f 'Low','To','er').Invoke(); If(&("{3}{0}{1}{2}"-f 'et-Ran','do','m','G') -Input @(0..1)) {${c`HAr} = ${c`Har}.("{2}{0}{1}"-f'o','Upper','T').Invoke()} ${c`HAr}}) -Join '' 105 | ${i`Nt} = ([Char[]]'Int' | &("{1}{3}{2}{0}" -f 't','For','c','Each-Obje') {${cH`Ar} = ${_}.("{0}{1}{2}" -f 'To','St','ring').Invoke().("{1}{0}"-f 'r','ToLowe').Invoke(); If(&("{2}{1}{0}"-f 'm','ando','Get-R') -Input @(0..1)) {${Ch`AR} = ${cH`Ar}.("{1}{0}" -f'pper','ToU').Invoke()} ${Ch`Ar}}) -Join '' 106 | ${For`eaC`h`ObJecT} = ([Char[]]${f`O`REAchoB`jEcT} | &("{1}{2}{0}{3}" -f'h','For','Eac','-Object') {${CH`Ar} = ${_}.("{2}{1}{0}" -f 'g','Strin','To').Invoke().("{0}{2}{1}" -f 'To','r','Lowe').Invoke(); If(&("{2}{1}{3}{0}"-f 'andom','-','Get','R') -Input @(0..1)) {${ch`Ar} = ${cH`Ar}.("{1}{0}" -f'r','ToUppe').Invoke()} ${c`har}}) -Join '' 107 | ${t`OiN`T16} = ([Char[]]((("{1}{5}{2}{0}{3}{4}" -f'oI','[Co',':T','n','t16(','nvert]:'))) | &("{0}{3}{1}{2}"-f'ForE','e','ct','ach-Obj') {${CH`AR} = ${_}.("{2}{0}{1}"-f 'rin','g','ToSt').Invoke().("{0}{1}" -f 'To','Lower').Invoke(); If(&("{1}{0}{3}{2}"-f'Rand','Get-','m','o') -Input @(0..1)) {${c`hAR} = ${c`hAr}.("{0}{2}{1}" -f'ToUpp','r','e').Invoke()} ${C`Har}}) -Join '' 108 | 109 | 110 | ${ranDoM`deLImit`Ers`Topr`iNTFoRdasHs`Pl`it} = '' 111 | ForEach(${raN`dOm`dELi`MitER} in ${Ran`dOMDelimi`T`Ers}) 112 | { 113 | 114 | ${spL`it} = ([Char[]]("{0}{1}"-f'Sp','lit') | &("{0}{1}{2}"-f 'ForEach-O','bjec','t') {${ch`AR} = ${_}.("{0}{2}{1}" -f'T','g','oStrin').Invoke().("{2}{0}{1}"-f 'oLow','er','T').Invoke(); If(&("{2}{0}{1}"-f 'et-Ra','ndom','G') -Input @(0..1)) {${ch`Ar} = ${C`HAr}.("{1}{0}"-f 'r','ToUppe').Invoke()} ${C`Har}}) -Join '' 115 | 116 | ${R`ANDOmD`e`LiMite`RSTO`P`R`I`NTfordAsHS`PliT} += ('-' + ${SP`lIt} + ' '*(&("{1}{2}{0}" -f'om','Get-','Rand') -Input @(0,1)) + "'" + ${Ra`NDOmdEli`MIt`eR} + "'" + ' '*(&("{2}{3}{1}{0}"-f 'dom','an','G','et-R') -Input @(0,1))) 117 | } 118 | ${RaNdomdeli`mITeRS`T`oP`R`i`NtfoR`D`AsH`SPLiT} = ${RAndOM`del`iMitE`RSt`OPRINt`FO`RDAs`hsplIT}.("{0}{1}" -f 'Tr','im').Invoke() 119 | 120 | 121 | ${R`AndOMstRi`NG`syNT`AX} = ([Char[]](&("{0}{2}{1}" -f 'Get-','andom','R') -Input @((('['+'String]{'+'0'+'}_') -F [cHAr]36),((('hWO_'+'.T'+'oSt'+'ring()')-crEPLAcE ([cHAr]104+[cHAr]87+[cHAr]79),[cHAr]36)))) | &("{3}{0}{2}{1}"-f 'orE','-Object','ach','F') {${c`haR} = ${_}.("{1}{2}{0}"-f 'ng','T','oStri').Invoke().("{0}{1}"-f'T','oLower').Invoke(); If(&("{2}{1}{0}"-f'om','et-Rand','G') -Input @(0..1)) {${C`HAR} = ${ch`Ar}.("{0}{1}" -f'To','Upper').Invoke()} ${Ch`Ar}}) -Join '' 122 | ${ra`N`DOmConvERS`ioNs`YNtAX} = @() 123 | ${rAN`DO`MConv`Er`SiO`NsyNT`Ax} += "[$CharStr]" + ' '*(&("{2}{1}{0}"-f'-Random','t','Ge') -Input @(0,1)) + '(' + ' '*(&("{3}{0}{2}{1}"-f 'n','om','d','Get-Ra') -Input @(0,1)) + ${t`OinT16} + ' '*(&("{1}{2}{0}" -f'm','Ge','t-Rando') -Input @(0,1)) + '(' + ' '*(&("{2}{0}{1}"-f'R','andom','Get-') -Input @(0,1)) + ${RANd`OM`Stri`NGsyN`T`AX} + ' '*(&("{2}{1}{0}" -f't-Random','e','G') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}"-f'm','Rando','Get-') -Input @(0,1)) + ',' + ${ENCodI`Ng`BaSE} + ' '*(&("{0}{2}{1}" -f'Get','om','-Rand') -Input @(0,1)) + ')' + ' '*(&("{0}{2}{1}"-f 'Get-','ndom','Ra') -Input @(0,1)) + ')' 124 | ${r`ANDoMc`onVE`Rs`ioNsyn`T`Ax} += ${ToiN`T16} + ' '*(&("{2}{0}{1}"-f'-','Random','Get') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}"-f'andom','-R','Get') -Input @(0,1)) + ${RANDomsTrIn`g`sYNT`Ax} + ' '*(&("{2}{0}{1}" -f '-','Random','Get') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}"-f'G','et','-Random') -Input @(0,1)) + ',' + ' '*(&("{3}{1}{0}{2}"-f'nd','t-Ra','om','Ge') -Input @(0,1)) + ${eN`cOD`i`NgBasE} + ' '*(&("{0}{1}{2}"-f 'Get-','R','andom') -Input @(0,1)) + ')' + ' '*(&("{0}{2}{1}" -f 'Get-Ran','m','do') -Input @(0,1)) + (&("{2}{0}{3}{1}"-f't','dom','Ge','-Ran') -Input @('-as','-As','-aS','-AS')) + ' '*(&("{3}{0}{2}{1}" -f'Ra','om','nd','Get-') -Input @(0,1)) + "[$CharStr]" 125 | ${rANd`OmcO`Nv`erSIOnSyNTaX} = (&("{0}{2}{1}" -f 'G','t-Random','e') -Input ${RAn`D`OMcoNvER`SiOnSyN`T`Ax}) 126 | 127 | 128 | ${e`NC`ODE`DaR`RaY} = '' 129 | ([Char[]]${s`Cri`pTstRiNg}) | &("{4}{3}{0}{1}{2}"-f'h-','O','bject','c','ForEa') { 130 | 131 | If( ( &("{1}{0}"-f'r','Di') VaRiable:Yxo)."vA`lue"::"to`stRi`NG"(([Int][Char]${_}),${ENCOdi`N`Gb`A`sE}).("{0}{1}"-f 'Tr','im').Invoke(("{1}{2}{0}" -f '789','0123','456'))."L`EN`gTh" -gt 0) {${Q`U`oTe} = "'"} 132 | Else {${QU`OTe} = ''} 133 | ${ENCO`de`DArRaY} += (${QU`ote} + ( &("{1}{0}"-f 'M','iTE') ('Var'+'Ia'+'BLE:yxo') )."v`AlUE"::"toS`TriNG"(([Int][Char]${_}),${encO`dIng`BA`Se}) + ${QU`OTE} + ' '*(&("{0}{2}{1}" -f'G','Random','et-') -Input @(0,1)) + ',' + ' '*(&("{2}{0}{1}{3}" -f 'et','-Rand','G','om') -Input @(0,1))) 134 | } 135 | 136 | 137 | ${EN`coD`EDaRrAY} = ('(' + ' '*(&("{1}{2}{3}{0}"-f'dom','Get','-R','an') -Input @(0,1)) + ${ENco`DeDA`Rr`AY}.("{1}{0}"-f 'm','Tri').Invoke().("{0}{1}"-f 'Tri','m').Invoke(',') + ')') 138 | 139 | 140 | 141 | 142 | 143 | ${se`T`Ofs`VA`RsynTAx} = @() 144 | ${SEt`oFS`VARs`YNT`AX} += ("{2}{0}{1}" -f't-','Item','Se') + ' '*(&("{1}{0}{3}{2}"-f 'et-R','G','om','and') -Input @(1,2)) + ((("{2}{0}{3}{4}{1}" -f '8Varia','M8','VM','ble',':OFSV'))."RE`pLA`ce"(([chAR]86+[chAR]77+[chAR]56),[sTrInG][chAR]39)) + ' '*(&("{3}{2}{1}{0}"-f 'm','ndo','et-Ra','G') -Input @(1,2)) + "''" 145 | ${S`eTOFSVa`RsYnt`Ax} += (&("{2}{0}{1}"-f 't-Rando','m','Ge') -Input @(("{1}{2}{0}"-f 'iable','Set','-Var'),'SV','SET')) + ' '*(&("{1}{0}{2}"-f '-','Get','Random') -Input @(1,2)) + ((("{0}{2}{1}" -f'{','OFS{0}','0}'))-f[char]39) + ' '*(&("{1}{0}{2}"-f'R','Get-','andom') -Input @(1,2)) + "''" 146 | ${S`E`TofsVAr} = (&("{1}{0}{2}" -f 'Rando','Get-','m') -Input ${sE`To`FsVAR`SyNt`Ax}) 147 | 148 | ${sE`Tofs`V`ARBAck`SYntAX} = @() 149 | ${s`eT`OF`SV`ARBa`CKSyNTAx} += ("{0}{2}{1}"-f 'Set-','m','Ite') + ' '*(&("{1}{2}{0}"-f'Random','Ge','t-') -Input @(1,2)) + ((("{1}{4}{2}{0}{3}"-f'FS5p','5','riable:O','O','pOVa')) -CreplACe([cHaR]53+[cHaR]112+[cHaR]79),[cHaR]39) + ' '*(&("{2}{3}{0}{1}" -f 't-Ra','ndom','G','e') -Input @(1,2)) + "' '" 150 | ${sEtOf`sv`ArBAcK`sYN`Tax} += (&("{2}{0}{1}{3}" -f'et-','Rando','G','m') -Input @(("{1}{2}{0}"-f 'ble','S','et-Varia'),'SV','SET')) + ' '*(&("{0}{1}{2}"-f 'Get-','Rand','om') -Input @(1,2)) + ((("{0}{2}{1}"-f '5sRO','sR','FS5'))."REPl`A`Ce"(([ChAR]53+[ChAR]115+[ChAR]82),[strinG][ChAR]39)) + ' '*(&("{0}{2}{1}{3}" -f 'G','-Rand','et','om') -Input @(1,2)) + "' '" 151 | ${SE`To`F`SvaRbAck} = (&("{2}{1}{0}" -f 'om','and','Get-R') -Input ${Se`TOfsVarback`sYn`T`AX}) 152 | 153 | 154 | ${Set`oFsv`Ar} = ([Char[]]${s`eT`Of`sVAR} | &("{3}{4}{1}{0}{2}" -f 'jec','-Ob','t','ForEa','ch') {${C`hAr} = ${_}.("{2}{1}{0}" -f 'ing','r','ToSt').Invoke().("{1}{0}{2}" -f'we','ToLo','r').Invoke(); If(&("{1}{2}{0}" -f'-Random','G','et') -Input @(0..1)) {${C`Har} = ${C`har}.("{0}{1}"-f 'T','oUpper').Invoke()} ${C`HAr}}) -Join '' 155 | ${seToFsvA`R`B`AcK} = ([Char[]]${Set`OFS`V`ArBACk} | &("{0}{3}{1}{2}"-f 'F','c','h-Object','orEa') {${c`hAr} = ${_}.("{0}{2}{1}"-f 'ToStr','g','in').Invoke().("{0}{1}{2}" -f'ToLo','we','r').Invoke(); If(&("{0}{2}{1}" -f'G','-Random','et') -Input @(0..1)) {${cH`AR} = ${C`haR}.("{0}{1}"-f 'ToU','pper').Invoke()} ${Ch`AR}}) -Join '' 156 | 157 | 158 | ${baSE`Sc`R`IPTaRRAy} = @() 159 | ${bA`sEsc`RiPT`A`RrAy} += '(' + ' '*(&("{1}{0}{2}"-f'et-Rando','G','m') -Input @(0,1)) + "'" + ${DEliMIT`EdENC`odeD`ArR`AY} + "'." + ${Spl`iT} + "(" + ' '*(&("{0}{2}{1}" -f 'G','andom','et-R') -Input @(0,1)) + "'" + ${r`ANdo`m`deLImIteRsTopR`Int} + "'" + ' '*(&("{3}{1}{0}{2}" -f '-Rando','et','m','G') -Input @(0,1)) + ')' + ' '*(&("{1}{0}{2}" -f'et-','G','Random') -Input @(0,1)) + '|' + ' '*(&("{2}{1}{3}{0}"-f'm','and','Get-R','o') -Input @(0,1)) + ${f`o`Re`ACHOBJeCt} + ' '*(&("{2}{0}{1}"-f't-','Random','Ge') -Input @(0,1)) + '{' + ' '*(&("{2}{1}{0}{3}" -f '-Ra','et','G','ndom') -Input @(0,1)) + '(' + ' '*(&("{1}{2}{0}" -f '-Random','G','et') -Input @(0,1)) + ${raNDOM`con`VER`s`iONs`yNt`AX} + ')' + ' '*(&("{1}{0}{2}{3}"-f 'an','Get-R','do','m') -Input @(0,1)) + '}' + ' '*(&("{0}{1}{2}" -f'Get-Ra','nd','om') -Input @(0,1)) + ')' 160 | ${BASe`s`cRIpt`Ar`RaY} += '(' + ' '*(&("{2}{1}{0}" -f 'andom','-R','Get') -Input @(0,1)) + "'" + ${dElimiTE`DENC`OdeDA`R`RAy} + "'" + ' '*(&("{0}{2}{1}"-f'G','m','et-Rando') -Input @(0,1)) + ${RA`ND`o`mD`eLImIteRsT`OPrINtF`ord`A`S`hS`pliT} + ' '*(&("{2}{1}{0}"-f 'om','et-Rand','G') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}"-f 'om','Ge','t-Rand') -Input @(0,1)) + ${f`O`Rea`choBJEct} + ' '*(&("{1}{0}{2}"-f 'ando','Get-R','m') -Input @(0,1)) + '{' + ' '*(&("{2}{1}{0}" -f 'dom','t-Ran','Ge') -Input @(0,1)) + '(' + ' '*(&("{1}{2}{0}"-f't-Random','G','e') -Input @(0,1)) + ${Ran`d`O`MCO`N`VER`SIONsYntAx} + ')' + ' '*(&("{2}{0}{1}{3}" -f'et-Ra','n','G','dom') -Input @(0,1)) + '}' + ' '*(&("{3}{0}{1}{2}"-f 'et','-R','andom','G') -Input @(0,1)) + ')' 161 | ${BaSE`SCRiP`T`Ar`RAY} += '(' + ' '*(&("{1}{0}{2}" -f '-Rand','Get','om') -Input @(0,1)) + ${en`c`OD`eDaRRaY} + ' '*(&("{2}{0}{1}{3}" -f't-Ran','d','Ge','om') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}"-f'Random','Ge','t-') -Input @(0,1)) + ${f`Or`EaCHObJ`E`cT} + ' '*(&("{1}{0}{2}" -f 'do','Get-Ran','m') -Input @(0,1)) + '{' + ' '*(&("{2}{0}{1}"-f 't-Rand','om','Ge') -Input @(0,1)) + '(' + ' '*(&("{2}{0}{1}"-f '-Rando','m','Get') -Input @(0,1)) + ${RanDOMCONV`e`RS`io`NsYNtAX} + ')' + ' '*(&("{1}{2}{0}" -f 'Random','Ge','t-') -Input @(0,1)) + '}' + ' '*(&("{1}{2}{0}"-f'andom','Get-','R') -Input @(0,1)) + ')' 162 | 163 | 164 | ${nE`wS`CR`IPtarrAy} = @() 165 | ${n`eW`ScRIpTaR`RAY} += (&("{2}{1}{0}" -f 'm','ando','Get-R') -Input ${b`AsESc`Ri`P`TArRAy}) + ' '*(&("{2}{3}{1}{0}"-f'om','t-Rand','G','e') -Input @(0,1)) + ${j`OiN} + ' '*(&("{2}{1}{0}"-f 't-Random','e','G') -Input @(0,1)) + "''" 166 | ${NE`w`sCRi`p`TaRRaY} += ${Jo`iN} + ' '*(&("{0}{1}{2}" -f'Get','-Rand','om') -Input @(0,1)) + (&("{2}{1}{0}"-f 'm','o','Get-Rand') -Input ${baSeSc`R`IP`TA`R`RAy}) 167 | ${N`EWs`criPTa`R`RAY} += ${ST`RjOin} + '(' + ' '*(&("{0}{1}{2}" -f'Get','-','Random') -Input @(0,1)) + "''" + ' '*(&("{1}{0}{2}" -f'et-','G','Random') -Input @(0,1)) + ',' + ' '*(&("{2}{1}{3}{0}" -f 'm','-Ran','Get','do') -Input @(0,1)) + (&("{2}{0}{1}"-f 't-Rand','om','Ge') -Input ${BAse`sCrIp`TA`RR`Ay}) + ' '*(&("{1}{0}{2}"-f 'an','Get-R','dom') -Input @(0,1)) + ')' 168 | ${n`ewS`cRIPtA`R`RAY} += '"' + ' '*(&("{1}{2}{3}{0}" -f'om','G','et-','Rand') -Input @(0,1)) + '$(' + ' '*(&("{2}{1}{0}"-f'm','ndo','Get-Ra') -Input @(0,1)) + ${S`e`TOfS`VAR} + ' '*(&("{2}{0}{1}"-f 't-Rand','om','Ge') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{1}"-f'R','andom','Get-') -Input @(0,1)) + '"' + ' '*(&("{1}{0}{2}"-f'Ran','Get-','dom') -Input @(0,1)) + '+' + ' '*(&("{2}{1}{0}"-f 't-Random','e','G') -Input @(0,1)) + ${St`RS`TR} + (&("{3}{1}{0}{2}"-f'-Ra','t','ndom','Ge') -Input ${B`A`sESCRI`Pt`ArrAy}) + ' '*(&("{2}{1}{0}"-f'Random','-','Get') -Input @(0,1)) + '+' + '"' + ' '*(&("{1}{0}{2}" -f 'a','Get-R','ndom') -Input @(0,1)) + '$(' + ' '*(&("{0}{1}{2}" -f 'G','e','t-Random') -Input @(0,1)) + ${S`ETO`F`svARbA`cK} + ' '*(&("{1}{2}{0}" -f'ndom','Get','-Ra') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{3}{1}" -f'Ran','om','Get-','d') -Input @(0,1)) + '"' 169 | 170 | 171 | ${Ne`wSCRI`pt} = (&("{0}{2}{1}" -f 'G','andom','et-R') -Input ${N`ewSc`RiPt`AR`RAy}) 172 | 173 | 174 | 175 | ${Invokee`x`prEs`SIOnS`YNTAx} = @() 176 | ${inVOKeeX`PR`ESSIONsy`Nt`AX} += (&("{1}{2}{0}" -f 'dom','G','et-Ran') -Input @('IEX',("{2}{1}{4}{3}{0}"-f'ion','voke-Ex','In','ress','p'))) 177 | 178 | 179 | 180 | ${i`NVOCatI`O`N`OPe`R`ATOR} = (&("{0}{1}{2}"-f'G','et-Ra','ndom') -Input @('.','&')) + ' '*(&("{2}{0}{1}" -f'-R','andom','Get') -Input @(0,1)) 181 | ${INvO`KEeXpR`E`Ssio`Ns`Yn`TAx} += ${INVOC`Ati`O`NOpER`AtOr} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 182 | ${INvOKEe`X`Pres`SIOn`SYN`T`Ax} += ${in`VoC`ATi`ONoPE`R`Ator} + ('( '+"`$PSHome[") + (&("{1}{0}{2}" -f't-Ra','Ge','ndom') -Input @(4,21)) + "]+`$PSHome[" + (&("{0}{1}{2}" -f 'Ge','t-Rand','om') -Input @(30,34)) + ((("{0}{2}{1}" -f ']','0T)','+g0Txg'))."r`E`plAce"(([cHAr]103+[cHAr]48+[cHAr]84),[sTring][cHAr]39)) 183 | ${invOkee`x`preSsI`o`NS`YNtAX} += ${i`NVOcaT`IonoPeRAT`oR} + ('( '+"`$env:ComSpec[4,") + (&("{2}{0}{1}"-f'Rand','om','Get-') -Input @(15,24,26)) + ((("{3}{1}{2}{0}{4}" -f'ink8l',']','-Jo',',25','k8l)'))."ReP`LACe"(([chaR]107+[chaR]56+[chaR]108),[STrINg][chaR]39)) 184 | ${i`N`Vo`KEexPreSSi`oNSy`N`TAX} += ${i`N`V`oc`ATIonOp`eRATOR} + "((" + (&("{2}{0}{1}"-f 'and','om','Get-R') -Input @(("{2}{1}{0}{3}" -f't-Vari','e','G','able'),'GV',("{2}{1}{0}"-f 'iable','ar','V'))) + (((("{0}{8}{9}{7}{2}{3}{4}{5}{6}{1}" -f' ',')',',11,2]-','J','oin','r6xr','6x','3','r6x*mdr*','r6x).Name[')) -cRepLAcE 'r6x',[ChaR]39)) 185 | ${invOKeExPRess`Ions`yN`TAX} += ${i`NVoCat`Ion`OperaTor} + "( " + (&("{0}{2}{1}" -f 'Get-Ran','m','do') -Input @(((('Uh'+'BV'+'erbose'+'Prefe'+'re'+'nc'+'e.To'+'S'+'tring()') -rePlaCE ([Char]85+[Char]104+[Char]66),[Char]36)),(('(['+'String]Gi'+'YV'+'erboseP'+'r'+'eferenc'+'e'+')')."r`ePLa`CE"(([cHar]71+[cHar]105+[cHar]89),[sTRINg][cHar]36)))) + ((("{0}{5}{3}{6}{1}{4}{2}" -f '[1,3]+','oinh','U)','x','NUhN','hNU','hNU-J'))."RepLA`Ce"('hNU',[strinG][CHAr]39)) 186 | 187 | 188 | 189 | 190 | ${i`NVOkee`XPrE`SSiOn} = (&("{0}{1}{2}"-f 'G','e','t-Random') -Input ${InV`oKeEXPReSS`I`oNSyNTAx}) 191 | 192 | 193 | ${iN`Vo`KE`EXpResS`i`ON} = ([Char[]]${i`NVOke`EXpresS`i`on} | &("{1}{0}{2}" -f 'or','F','Each-Object') {${C`haR} = ${_}.("{1}{0}{2}"-f'o','T','String').Invoke().("{1}{0}" -f 'Lower','To').Invoke(); If(&("{1}{2}{0}" -f'om','Get','-Rand') -Input @(0..1)) {${c`har} = ${c`Har}.("{0}{1}" -f'ToUppe','r').Invoke()} ${cH`Ar}}) -Join '' 194 | 195 | 196 | ${iN`Vo`kEO`p`TIONs} = @() 197 | ${IN`VOKe`oP`T`IOns} += ' '*(&("{1}{2}{0}" -f'ndom','G','et-Ra') -Input @(0,1)) + ${I`Nv`Ok`eexp`Re`ssiON} + ' '*(&("{0}{1}{2}" -f'Ge','t-Rando','m') -Input @(0,1)) + '(' + ' '*(&("{1}{0}{2}{3}"-f't-','Ge','Ra','ndom') -Input @(0,1)) + ${ne`WScRi`Pt} + ' '*(&("{3}{0}{1}{2}"-f'-Ra','nd','om','Get') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}" -f 'm','ando','Get-R') -Input @(0,1)) 198 | ${i`Nv`okeopti`o`NS} += ' '*(&("{1}{0}{3}{2}" -f'-','Get','ndom','Ra') -Input @(0,1)) + ${New`sC`RiPt} + ' '*(&("{0}{1}{2}"-f 'Get','-Rando','m') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}"-f 'andom','Get-','R') -Input @(0,1)) + ${InvOke`EXprEs`Si`On} 199 | 200 | ${NeW`s`CRI`Pt} = (&("{2}{1}{0}{3}"-f 'do','n','Get-Ra','m') -Input ${inVOke`O`P`TIOnS}) 201 | 202 | 203 | If(!${P`s`BoUn`DpArAmEte`Rs}[("{0}{1}{2}" -f 'PassT','h','ru')]) 204 | { 205 | 206 | ${p`o`WerSHELlFlA`gs} = @() 207 | 208 | 209 | 210 | ${C`omma`NDli`N`eOP`TIONs} = &("{0}{2}{1}" -f 'New','ct','-Obje') ("{1}{0}" -f 'ing[]','Str')(0) 211 | If(${PsBo`U`ND`Pa`RameTeRs}[("{0}{1}" -f 'NoExi','t')]) 212 | { 213 | ${FULl`ARG`UMe`Nt} = ("{1}{0}{2}"-f 'Exi','-No','t'); 214 | ${co`MmANDlin`eOP`TIons} += ${fUllARg`U`Me`Nt}.("{1}{0}{2}"-f'bStrin','Su','g').Invoke(0,(&("{1}{0}{2}" -f 't-Ra','Ge','ndom') -Minimum 4 -Maximum (${F`Ul`laR`GUment}."lEnG`TH"+1))) 215 | } 216 | If(${P`SBOUNDp`ARAMET`E`RS}[("{0}{2}{3}{1}"-f'NoPr','le','o','fi')]) 217 | { 218 | ${F`Ul`lARGu`MEnT} = ("{0}{1}{2}" -f '-NoP','ro','file'); 219 | ${cOm`manD`lineoPT`IO`Ns} += ${full`ArGuM`E`Nt}.("{2}{0}{1}" -f'i','ng','SubStr').Invoke(0,(&("{1}{2}{0}"-f'm','Get-','Rando') -Minimum 4 -Maximum (${fu`lL`ArGU`m`eNT}."leNg`Th"+1))) 220 | } 221 | If(${p`sB`OUnd`PAra`metErS}[("{1}{2}{3}{0}"-f'ive','NonI','ntera','ct')]) 222 | { 223 | ${Fu`LL`ArgUM`ENt} = ("{1}{2}{0}{3}" -f'e','-No','nInt','ractive'); 224 | ${CO`m`MaNDl`In`eOP`TioNs} += ${FUlLAR`g`UM`enT}.("{0}{1}{2}" -f'Su','bStri','ng').Invoke(0,(&("{0}{1}{2}"-f'Get-','R','andom') -Minimum 5 -Maximum (${FUlla`R`GumENT}."lEn`gTh"+1))) 225 | } 226 | If(${ps`BoUND`ParAmet`Ers}[("{1}{0}"-f'go','NoLo')]) 227 | { 228 | ${fuL`lARgum`E`NT} = ("{2}{0}{1}" -f'NoLo','go','-'); 229 | ${COmmANdl`i`N`eop`TIO`Ns} += ${f`UllARG`U`mEnT}.("{1}{0}"-f 'g','SubStrin').Invoke(0,(&("{0}{3}{2}{1}"-f'Get','om','d','-Ran') -Minimum 4 -Maximum (${F`UllarG`UmE`Nt}."L`EnGTh"+1))) 230 | } 231 | If(${pSb`o`U`NdpaRAmeteRS}[("{0}{1}{2}" -f'Wind','ow','Style')] -OR ${Wi`N`dowS`S`TYlE}) 232 | { 233 | ${FUl`LarGume`Nt} = ("{2}{0}{1}{3}" -f'Windo','wS','-','tyle') 234 | If(${W`i`NDOwSs`T`yLe}) {${a`RG`UME`N`TvAlUe} = ${w`indOW`S`s`TYle}} 235 | Else {${ArGu`mENtv`AlUe} = ${PSBo`U`NdP`ArAM`ete`Rs}[("{0}{3}{2}{1}"-f 'W','yle','owSt','ind')]} 236 | 237 | 238 | Switch(${Ar`g`UmEN`TVAlue}.("{1}{0}"-f 'Lower','To').Invoke()) 239 | { 240 | ("{1}{0}" -f'l','norma') {If(&("{0}{1}{2}{3}" -f'Get-','Rand','o','m') -Input @(0..1)) {${A`Rgu`Men`TVal`Ue} = (&("{0}{1}{2}" -f'G','et-Rando','m') -Input @('0','n','no','nor',("{0}{1}"-f 'no','rm'),("{1}{0}" -f'orma','n')))}} 241 | ("{0}{1}{2}"-f'h','idde','n') {If(&("{2}{1}{0}" -f 't-Random','e','G') -Input @(0..1)) {${ArgUmE`Ntva`L`Ue} = (&("{1}{0}{2}"-f 'Ra','Get-','ndom') -Input @('1','h','hi','hid',("{1}{0}" -f'dd','hi'),("{1}{0}" -f'idde','h')))}} 242 | ("{2}{1}{0}" -f'zed','inimi','m') {If(&("{0}{1}{2}" -f 'Get-Ra','nd','om') -Input @(0..1)) {${ArGUmE`NTv`ALuE} = (&("{0}{1}{2}" -f'Get','-Ran','dom') -Input @('2','mi','min',("{0}{1}" -f 'm','ini'),("{1}{0}"-f 'nim','mi'),("{2}{0}{1}" -f 'i','mi','min'),("{1}{0}{2}" -f 'nim','mi','iz'),("{1}{0}" -f'nimize','mi')))}} 243 | ("{0}{2}{1}"-f'max','ized','im') {If(&("{1}{0}{2}"-f 'et-Ra','G','ndom') -Input @(0..1)) {${aR`gUme`NTval`UE} = (&("{1}{3}{0}{2}"-f '-Rand','Ge','om','t') -Input @('3','ma','max',("{0}{1}"-f 'max','i'),("{1}{0}"-f 'axim','m'),("{2}{1}{0}"-f 'mi','xi','ma'),("{0}{1}" -f'm','aximiz'),("{1}{2}{0}"-f 'ize','max','im')))}} 244 | ("{2}{0}{1}"-f'efaul','t','d') {&("{1}{0}{2}"-f 'rite-Erro','W','r') ('An'+' '+'i'+'nva'+'lid '+"`$ArgumentValue "+'value'+' '+"($ArgumentValue) "+'was'+' '+'pass'+'e'+'d '+'to'+' '+'sw'+'itch '+'bl'+'ock '+'f'+'or '+'Out-P'+'o'+'we'+'rS'+'hellLauncher'+'.'); Exit;} 245 | } 246 | 247 | ${p`oWeR`SH`elLFLAgs} += ${fullaR`gU`mEnt}.("{1}{2}{0}" -f 'ng','SubStr','i').Invoke(0,(&("{0}{2}{1}" -f 'Ge','Random','t-') -Minimum 2 -Maximum (${F`ULLaR`GuM`eNt}."Len`gTh"+1))) + ' '*(&("{3}{2}{1}{0}" -f 'dom','n','et-Ra','G') -Minimum 1 -Maximum 3) + ${A`RgU`MEn`T`ValuE} 248 | } 249 | If(${Psbo`UN`dpAR`AMEteRS}[("{1}{2}{0}"-f'icy','Execution','Pol')] -OR ${exe`cuti`ONp`OlICY}) 250 | { 251 | ${FulL`AR`Gu`MeNT} = ("{0}{1}{4}{3}{2}" -f '-','E','icy','Pol','xecution') 252 | If(${e`xec`U`Tionp`oLIcY}) {${ARGum`eNtv`A`LUe} = ${EXe`CU`TIonP`OLIcY}} 253 | Else {${A`R`gUmeNtVAl`UE} = ${pS`Boun`dp`ARAm`ETErS}[("{0}{1}{3}{2}"-f 'Ex','e','icy','cutionPol')]} 254 | 255 | ${exeCU`TIoN`P`OlicyFLA`Gs} = @() 256 | ${ExEC`U`TIONpOl`iCyf`LAGS} += '-EP' 257 | For(${i`NdEx}=3; ${in`Dex} -le ${f`UL`lar`GUMeNt}."lEn`GTh"; ${IND`eX}++) 258 | { 259 | ${Ex`eCU`TiO`Np`O`licyF`Lags} += ${fUL`lArg`UMe`NT}.("{2}{1}{0}"-f 'ng','tri','SubS').Invoke(0,${IN`DEx}) 260 | } 261 | ${eXEc`UTion`P`oLI`cY`FLag} = &("{0}{2}{1}" -f 'Ge','dom','t-Ran') -Input ${E`XecUTIo`N`P`oL`I`CyfLAgs} 262 | ${p`oWe`RsHELlf`LAGS} += ${e`XE`C`UtIOnpolIc`YfLAG} + ' '*(&("{0}{1}{2}" -f 'Get-','Rando','m') -Minimum 1 -Maximum 3) + ${a`R`G`UMEntVaLuE} 263 | } 264 | 265 | 266 | 267 | If(${c`oMM`A`N`dlIn`eOpTioNs}."co`UNt" -gt 1) 268 | { 269 | ${com`mAnD`lINEoPtIO`Ns} = &("{2}{1}{0}"-f 'om','nd','Get-Ra') -InputObject ${COMmANd`lIN`e`O`ptiO`NS} -Count ${CoMMAND`Li`NEopT`IOnS}."C`ount" 270 | } 271 | 272 | 273 | If(${p`SBoUNd`par`AMeTeRS}[("{1}{2}{0}" -f 'd','Com','man')]) 274 | { 275 | ${F`ULLargum`enT} = ("{1}{2}{0}"-f'nd','-Com','ma') 276 | ${C`OmMA`NDLiNE`oP`TiONs} += ${fuLl`A`Rg`UmEnT}.("{0}{1}{2}" -f'S','u','bString').Invoke(0,(&("{0}{1}{2}"-f 'G','e','t-Random') -Minimum 2 -Maximum (${f`ULLA`RgUM`Ent}."Le`NGtH"+1))) 277 | } 278 | 279 | 280 | For(${i}=0; ${I} -lt ${PowE`RShel`lf`lags}."C`OunT"; ${i}++) 281 | { 282 | ${PoWERsHELlF`lA`GS}[${i}] = ([Char[]]${po`WER`SHE`lL`FlAGs}[${i}] | &("{2}{1}{0}"-f'ect','Obj','ForEach-') {${C`Har} = ${_}.("{0}{2}{1}" -f 'To','ring','St').Invoke().("{0}{2}{1}"-f 'ToLow','r','e').Invoke(); If(&("{0}{1}{2}" -f'Ge','t-','Random') -Input @(0..1)) {${C`hAr} = ${ch`Ar}.("{1}{0}{2}"-f 'oUppe','T','r').Invoke()} ${Ch`Ar}}) -Join '' 283 | } 284 | 285 | 286 | ${c`OmmandLin`EOptiO`NS} = (${CoM`m`A`NDlIneOpt`IoNs} | &("{0}{2}{3}{1}{4}"-f'For','-O','Ea','ch','bject') {${_} + " "*(&("{2}{1}{0}" -f 'm','Rando','Get-') -Minimum 1 -Maximum 3)}) -Join '' 287 | ${C`oMMandL`ineo`pTIONs} = " "*(&("{1}{0}{3}{2}" -f 't-','Ge','ndom','Ra') -Minimum 0 -Maximum 3) + ${C`Om`mA`NdliNEoPTIO`Ns} + " "*(&("{1}{0}{2}" -f 'an','Get-R','dom') -Minimum 0 -Maximum 3) 288 | 289 | 290 | If(${p`sBOUndP`A`R`AMETeRs}[("{0}{1}" -f'W','ow64')]) 291 | { 292 | ${C`ommAN`DlinEOUtP`UT} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 293 | } 294 | Else 295 | { 296 | 297 | 298 | ${c`O`mmANdLI`N`eoutP`UT} = "powershell $($CommandlineOptions) `"$NewScript`" " 299 | } 300 | 301 | 302 | ${CmDm`A`Xle`Ngth} = 8190 303 | If(${CoM`mANDlin`EoUT`pUt}."leN`gtH" -gt ${cmdMa`X`lEn`Gth}) 304 | { 305 | &("{3}{2}{1}{0}"-f 'g','in','-Warn','Write') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 306 | } 307 | 308 | ${n`EWSC`RipT} = ${CommAnDLI`Neo`U`T`PUT} 309 | } 310 | 311 | Return ${NEW`SC`R`Ipt} 312 | } 313 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedHexCommand.ps1: -------------------------------------------------------------------------------- 1 | ${2B`8el} = [TYPe]("{0}{2}{1}"-F'i','LE','O.FI') ;${bC4`s`97} = [tyPE]("{0}{2}{1}"-f 'CoNV','RT','E') ; 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function ouT-eN`Co`DEDh`EXCommAnd 21 | { 22 | 23 | 24 | [CmdletBinding(defAuLTParAMETErsETnaMe = {"{2}{1}{0}" -f 'ath','leP','Fi'})] Param ( 25 | [Parameter(PositION = 0, vALUEfroMpiPeline = ${Tr`UE}, paRAmETerSetNAme = "S`CRIP`Tb`LocK")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${Sc`RI`P`TBlock}, 29 | 30 | [Parameter(posITIon = 0, ParaMeterseTNAMe = "f`i`LEpatH")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${p`ATH}, 34 | 35 | [Switch] 36 | ${NOE`X`It}, 37 | 38 | [Switch] 39 | ${n`opr`ofIle}, 40 | 41 | [Switch] 42 | ${n`oNiNT`eRAc`TI`Ve}, 43 | 44 | [Switch] 45 | ${noL`oGo}, 46 | 47 | [Switch] 48 | ${w`OW64}, 49 | 50 | [Switch] 51 | ${c`OmMaNd}, 52 | 53 | [ValidateSet({"{0}{1}"-f 'Norm','al'}, {"{3}{0}{2}{1}"-f'im','ed','iz','Min'}, {"{0}{1}{2}"-f'Maxi','mi','zed'}, {"{0}{1}"-f'H','idden'})] 54 | [String] 55 | ${wiNdOwS`T`YlE}, 56 | 57 | [ValidateSet({"{2}{0}{1}"-f'pa','ss','By'}, {"{1}{0}{2}{3}" -f 'nres','U','tric','ted'}, {"{3}{1}{2}{0}" -f'd','e','Signe','Remot'}, {"{1}{0}{2}" -f'g','AllSi','ned'}, {"{3}{0}{1}{2}" -f'e','s','tricted','R'})] 58 | [String] 59 | ${EX`E`CUTionp`Ol`ICY}, 60 | 61 | [Switch] 62 | ${pASST`hRu} 63 | ) 64 | 65 | 66 | ${ENC`oDI`N`gBASE} = 16 67 | 68 | 69 | If(${ps`BoUnD`P`ArAmeTers}[("{0}{1}" -f'Pa','th')]) 70 | { 71 | &("{0}{1}{2}" -f'G','et-ChildI','tem') ${pa`TH} -ErrorAction ("{1}{0}"-f 'op','St') | &("{0}{2}{1}" -f'Out','l','-Nul') 72 | ${ScRip`T`s`TRInG} = ( &('LS') ("{3}{0}{1}{2}" -f'lE:2b8','E','L','vARiaB'))."val`Ue"::("{0}{2}{1}{3}" -f'Rea','lTe','dAl','xt').Invoke((&("{1}{0}{2}"-f'a','Resolve-P','th') ${P`AtH})) 73 | } 74 | Else 75 | { 76 | ${sCR`i`PtStriNG} = [String]${scr`IP`TBlO`CK} 77 | } 78 | 79 | 80 | 81 | ${RanD`oMDe`lim`I`TerS} = @('_','-',',','{','}','~','!','@','%','&','<','>',';',':') 82 | 83 | 84 | @('g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') | &("{0}{2}{1}{3}"-f'For','-Obje','Each','ct') {${upPer`l`Ow`erchAr} = ${_}; If(((&("{2}{1}{0}"-f 'ndom','a','Get-R') -Input @(1..2))-1 -eq 0)) {${u`pPER`lower`CHar} = ${up`PErLoWEr`ch`Ar}.("{2}{0}{1}" -f 'pp','er','ToU').Invoke()} ${RANd`Omd`ELI`miT`ErS} += ${uPPERLOWe`RcH`AR}} 85 | 86 | 87 | ${rAn`doMDe`LI`mItERS} = (&("{1}{2}{0}" -f 'm','Get-Rand','o') -Input ${rANDO`Md`ELiM`I`T`ers} -Count (${raN`d`OMD`eLimITERS}."Cou`Nt"/4)) 88 | 89 | 90 | ${D`e`lImiTEDenc`od`edaRraY} = '' 91 | ([Char[]]${s`cRI`ptStrI`NG}) | &("{2}{1}{4}{3}{0}"-f 't','E','For','ec','ach-Obj') {${DElim`ItE`D`E`N`codEDARr`AY} += ( ${b`c4S`97}::"TO`STri`Ng"(([Int][Char]${_}),${eNCoDI`NGBa`Se}) + (&("{2}{1}{0}"-f 't-Random','e','G') -Input ${rand`o`MD`ELI`MiteRs}))} 92 | 93 | 94 | ${dEliMItede`NC`OdED`A`RrAY} = ${DE`LI`mi`TEDenc`o`dE`DARraY}.("{0}{1}{2}"-f'S','u','bString').Invoke(0,${dElimiTEd`eN`C`Ode`DArrAY}."lE`Ngth"-1) 95 | 96 | 97 | ${R`AnDo`mdE`liMITERs`Top`R`INt} = (&("{0}{1}{2}" -f 'G','et-Ra','ndom') -Input ${ranD`OmDeL`imI`T`Ers} -Count ${raN`dOMDE`lIm`iTErs}."lENg`Th") -Join '' 98 | 99 | 100 | ${for`eA`chOBjeCt} = &("{0}{2}{1}"-f 'Ge','om','t-Rand') -Input @(("{0}{1}" -f 'Fo','rEach'),("{1}{0}{4}{3}{2}" -f 'rE','Fo','ct','bje','ach-O'),'%') 101 | ${s`Tr`joiN} = ([Char[]]("{4}{0}{3}{1}{2}" -f'r','::Joi','n','ing]','[St') | &("{0}{3}{4}{2}{1}"-f'Fo','t','ec','rEa','ch-Obj') {${cH`AR} = ${_}.("{0}{1}{2}"-f 'T','oS','tring').Invoke().("{1}{0}{2}"-f 'o','T','Lower').Invoke(); If(&("{1}{0}{2}{3}"-f 'Ra','Get-','nd','om') -Input @(0..1)) {${cH`AR} = ${Ch`AR}.("{0}{2}{1}"-f 'T','per','oUp').Invoke()} ${c`Har}}) -Join '' 102 | ${S`TRstr} = ([Char[]]("{1}{2}{0}"-f ']','[St','ring') | &("{4}{2}{0}{3}{1}"-f 'ch-','ect','a','Obj','ForE') {${C`haR} = ${_}.("{1}{2}{0}"-f 'ing','ToS','tr').Invoke().("{1}{0}"-f'wer','ToLo').Invoke(); If(&("{3}{0}{2}{1}" -f 'et','andom','-R','G') -Input @(0..1)) {${C`hAr} = ${C`hAR}.("{2}{1}{0}" -f 'er','Upp','To').Invoke()} ${cH`Ar}}) -Join '' 103 | ${j`oIN} = ([Char[]]("{1}{0}" -f 'n','-Joi') | &("{1}{2}{0}"-f'ach-Object','Fo','rE') {${cH`AR} = ${_}.("{0}{1}{2}" -f 'To','St','ring').Invoke().("{1}{0}" -f 'er','ToLow').Invoke(); If(&("{1}{0}{2}"-f 'd','Get-Ran','om') -Input @(0..1)) {${c`har} = ${C`hAR}.("{2}{0}{1}"-f 'ppe','r','ToU').Invoke()} ${C`haR}}) -Join '' 104 | ${cH`A`RsTr} = ([Char[]]("{1}{0}"-f'r','Cha') | &("{1}{2}{3}{0}" -f 'ct','F','or','Each-Obje') {${c`hAr} = ${_}.("{0}{1}{2}" -f'T','o','String').Invoke().("{1}{0}{2}"-f 'L','To','ower').Invoke(); If(&("{1}{2}{0}"-f'om','Get-R','and') -Input @(0..1)) {${c`har} = ${Ch`AR}.("{0}{2}{1}"-f 'T','r','oUppe').Invoke()} ${Ch`AR}}) -Join '' 105 | ${I`Nt} = ([Char[]]'Int' | &("{3}{2}{1}{0}"-f'ect','bj','orEach-O','F') {${c`HAr} = ${_}.("{2}{1}{0}"-f 'g','in','ToStr').Invoke().("{2}{1}{0}"-f 'er','oLow','T').Invoke(); If(&("{1}{0}{2}" -f'o','Get-Rand','m') -Input @(0..1)) {${Ch`AR} = ${CH`AR}.("{1}{0}{2}"-f'e','ToUpp','r').Invoke()} ${CH`Ar}}) -Join '' 106 | ${F`ORE`A`ch`oBjECt} = ([Char[]]${FOR`e`AChOBJe`ct} | &("{1}{3}{2}{0}"-f 'Object','ForE','-','ach') {${cH`Ar} = ${_}.("{2}{0}{1}"-f'S','tring','To').Invoke().("{1}{0}"-f'Lower','To').Invoke(); If(&("{3}{0}{2}{1}"-f 't','andom','-R','Ge') -Input @(0..1)) {${cH`Ar} = ${CH`AR}.("{0}{1}"-f 'ToUpp','er').Invoke()} ${c`HAR}}) -Join '' 107 | ${Toin`T16} = ([Char[]]((("{1}{3}{2}{0}" -f't16(','[','ToIn','Convert]::'))) | &("{1}{2}{0}{3}"-f '-O','Fo','rEach','bject') {${C`HaR} = ${_}.("{2}{1}{0}"-f'ng','Stri','To').Invoke().("{1}{0}{2}" -f'oL','T','ower').Invoke(); If(&("{0}{2}{1}" -f 'Ge','dom','t-Ran') -Input @(0..1)) {${C`hAR} = ${C`har}.("{1}{0}"-f'oUpper','T').Invoke()} ${Ch`Ar}}) -Join '' 108 | 109 | 110 | ${RaNDOm`dEl`ImIT`er`S`ToPRInTForda`S`hspL`IT} = '' 111 | ForEach(${randomDelIm`iT`ER} in ${rANd`o`mDeLI`M`Ite`Rs}) 112 | { 113 | 114 | ${SPl`It} = ([Char[]]("{0}{1}" -f'Sp','lit') | &("{0}{2}{1}"-f 'F','t','orEach-Objec') {${ch`Ar} = ${_}.("{0}{1}{2}"-f'T','oStrin','g').Invoke().("{1}{0}"-f'r','ToLowe').Invoke(); If(&("{1}{3}{2}{0}" -f 'dom','Get','n','-Ra') -Input @(0..1)) {${c`haR} = ${CH`AR}.("{0}{1}"-f'ToU','pper').Invoke()} ${CH`AR}}) -Join '' 115 | 116 | ${rAnd`om`dELImIte`R`stoPrin`TFOR`DA`ShspLIt} += ('-' + ${S`p`lIt} + ' '*(&("{2}{1}{0}"-f'm','o','Get-Rand') -Input @(0,1)) + "'" + ${rA`N`doMdElIMIteR} + "'" + ' '*(&("{1}{2}{0}" -f'dom','Get-','Ran') -Input @(0,1))) 117 | } 118 | ${R`AN`D`OMDelIM`iteR`s`TOPRi`N`TFORdaSHSplit} = ${rA`NDOm`D`ElImITERstOPrINtFORDa`S`HS`Pl`iT}.("{1}{0}"-f'rim','T').Invoke() 119 | 120 | 121 | ${RA`NDOM`s`Tri`NGsYntax} = ([Char[]](&("{1}{0}{2}"-f '-Rand','Get','om') -Input @((('['+'St'+'ring]'+'kpN_')."r`epL`Ace"(([cHaR]107+[cHaR]112+[cHaR]78),'$')),(('{0}_.T'+'oSt'+'r'+'ing()') -F [ChAr]36))) | &("{0}{1}{2}{3}" -f'For','Each-','Objec','t') {${Ch`AR} = ${_}.("{0}{1}"-f'ToS','tring').Invoke().("{0}{2}{1}" -f 'T','Lower','o').Invoke(); If(&("{0}{2}{1}"-f 'Get-','dom','Ran') -Input @(0..1)) {${Ch`Ar} = ${C`HAR}.("{0}{1}"-f'ToUpp','er').Invoke()} ${cH`AR}}) -Join '' 122 | ${RAN`DO`mc`onvErSi`O`NSYN`TAx} = @() 123 | ${ran`DO`mconveRSiO`N`s`yn`TAX} += "[$CharStr]" + ' '*(&("{1}{0}{2}" -f'et-Rand','G','om') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}{3}"-f'ndo','et-Ra','G','m') -Input @(0,1)) + ${tO`INT`16} + ' '*(&("{2}{0}{3}{1}"-f'et-','andom','G','R') -Input @(0,1)) + '(' + ' '*(&("{1}{0}{2}"-f 'et-R','G','andom') -Input @(0,1)) + ${RAN`Do`msT`RIn`g`syNtaX} + ' '*(&("{1}{2}{0}"-f'om','Get-R','and') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}{3}" -f'Get-R','a','n','dom') -Input @(0,1)) + ',' + ${En`cOd`IN`GBaSe} + ' '*(&("{1}{2}{0}"-f 'm','Get-Ra','ndo') -Input @(0,1)) + ')' + ' '*(&("{1}{0}{2}"-f '-Ran','Get','dom') -Input @(0,1)) + ')' 124 | ${rA`Nd`OmCoNv`eRs`iON`sy`NTax} += ${T`O`iNT16} + ' '*(&("{1}{0}{2}" -f'ando','Get-R','m') -Input @(0,1)) + '(' + ' '*(&("{1}{0}{3}{2}"-f 'Ran','Get-','m','do') -Input @(0,1)) + ${rAnD`oMS`Tr`iNgsyN`T`AX} + ' '*(&("{3}{0}{1}{2}"-f'e','t-Ra','ndom','G') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Get','-Rando','m') -Input @(0,1)) + ',' + ' '*(&("{0}{1}{2}"-f 'Get-Rand','o','m') -Input @(0,1)) + ${Enco`DINgB`A`Se} + ' '*(&("{3}{2}{0}{1}" -f '-Ra','ndom','et','G') -Input @(0,1)) + ')' + ' '*(&("{0}{2}{1}"-f 'Get','ndom','-Ra') -Input @(0,1)) + (&("{1}{3}{0}{2}" -f'-R','G','andom','et') -Input @('-as','-As','-aS','-AS')) + ' '*(&("{0}{2}{1}" -f'Get-Rand','m','o') -Input @(0,1)) + "[$CharStr]" 125 | ${rA`N`DOMCONv`er`Si`oNs`ynTAx} = (&("{2}{1}{0}{3}"-f '-Rando','t','Ge','m') -Input ${randOmcO`N`VeRSio`N`s`YnTAx}) 126 | 127 | 128 | ${en`codedAR`Ray} = '' 129 | ([Char[]]${ScRI`p`Tst`RIng}) | &("{1}{2}{0}{4}{3}"-f 'Ob','ForEac','h-','t','jec') { 130 | 131 | If( ${b`C4`S97}::"T`oStrI`NG"(([Int][Char]${_}),${enCo`diNgBA`Se}).("{0}{1}" -f 'Tri','m').Invoke(("{1}{3}{0}{2}" -f '5678','01','9','234'))."le`NGTh" -gt 0) {${q`Uo`Te} = "'"} 132 | Else {${quo`TE} = ''} 133 | ${e`Nco`dED`ARRAy} += (${QU`OtE} + ${b`c4`s97}::"TO`St`RING"(([Int][Char]${_}),${ENCoDI`N`gb`ASe}) + ${q`UOtE} + ' '*(&("{2}{1}{0}"-f'm','-Rando','Get') -Input @(0,1)) + ',' + ' '*(&("{0}{3}{2}{1}"-f 'G','dom','-Ran','et') -Input @(0,1))) 134 | } 135 | 136 | 137 | ${eNcoDeD`ARr`AY} = ('(' + ' '*(&("{0}{2}{1}"-f'G','andom','et-R') -Input @(0,1)) + ${eNcOD`eD`ARR`Ay}.("{0}{1}" -f'Tr','im').Invoke().("{1}{0}"-f 'rim','T').Invoke(',') + ')') 138 | 139 | 140 | 141 | 142 | 143 | ${SEtOfSva`RSy`N`TAX} = @() 144 | ${Se`TOFs`VaRSYN`Tax} += ("{1}{0}{2}" -f'It','Set-','em') + ' '*(&("{2}{3}{0}{1}"-f'an','dom','G','et-R') -Input @(1,2)) + ((("{1}{0}{3}{2}{5}{4}"-f 'ar','jH7V',':OFS','iable','7','jH'))-cREPLaCe ([ChaR]106+[ChaR]72+[ChaR]55),[ChaR]39) + ' '*(&("{1}{2}{0}" -f 'm','Get-Ra','ndo') -Input @(1,2)) + "''" 145 | ${s`ETO`FSVarsy`NTaX} += (&("{1}{0}{2}" -f '-R','Get','andom') -Input @(("{3}{0}{2}{1}" -f'a','able','ri','Set-V'),'SV','SET')) + ' '*(&("{2}{0}{1}"-f'et-Ra','ndom','G') -Input @(1,2)) + ((("{2}{0}{1}"-f 'F','Sxe3','xe3O'))."rEP`la`Ce"('xe3',[stRIng][chaR]39)) + ' '*(&("{0}{2}{1}" -f 'Get','m','-Rando') -Input @(1,2)) + "''" 146 | ${sETofS`V`Ar} = (&("{1}{2}{3}{0}" -f'andom','G','et-','R') -Input ${s`eTo`FSv`ArsYnt`Ax}) 147 | 148 | ${sE`TOFs`V`ArbAC`KSYNtaX} = @() 149 | ${S`e`ToFs`VaRBaCks`YNt`Ax} += ("{2}{1}{0}" -f 'm','e','Set-It') + ' '*(&("{2}{0}{1}" -f 'et-','Random','G') -Input @(1,2)) + ((("{0}{6}{5}{4}{1}{3}{2}" -f 'Z','S','j','Zc','ble:OF','a','cjVari')) -rEPlAce 'Zcj',[chAr]39) + ' '*(&("{2}{0}{1}" -f'ando','m','Get-R') -Input @(1,2)) + "' '" 150 | ${seTo`F`SVarbAcKs`Yn`Tax} += (&("{2}{0}{1}"-f'-Rando','m','Get') -Input @(("{1}{0}{2}"-f'et-V','S','ariable'),'SV','SET')) + ' '*(&("{0}{1}{2}"-f'Get-R','an','dom') -Input @(1,2)) + ((("{2}{1}{0}"-f'm','FSkV','kVmO'))."ReP`LAcE"(([CHaR]107+[CHaR]86+[CHaR]109),[STrIng][CHaR]39)) + ' '*(&("{0}{2}{1}" -f 'G','om','et-Rand') -Input @(1,2)) + "' '" 151 | ${S`eTOfSva`RBa`ck} = (&("{2}{1}{0}"-f'm','et-Rando','G') -Input ${S`e`TOfsVArba`CKs`Y`Nt`Ax}) 152 | 153 | 154 | ${s`ETO`Fsv`AR} = ([Char[]]${Se`TofS`VAR} | &("{0}{2}{1}{3}"-f 'Fo','h-Ob','rEac','ject') {${Ch`Ar} = ${_}.("{0}{1}" -f 'ToStrin','g').Invoke().("{0}{1}" -f 'ToL','ower').Invoke(); If(&("{2}{1}{0}{3}"-f't-Rando','e','G','m') -Input @(0..1)) {${CH`Ar} = ${cH`AR}.("{0}{2}{1}" -f 'ToU','er','pp').Invoke()} ${C`HaR}}) -Join '' 155 | ${seto`Fs`V`ARbACk} = ([Char[]]${S`E`T`oF`svarbAck} | &("{1}{2}{0}"-f 'ach-Object','Fo','rE') {${c`Har} = ${_}.("{2}{1}{0}"-f 'ing','oStr','T').Invoke().("{1}{0}"-f'ower','ToL').Invoke(); If(&("{1}{2}{0}"-f'Random','Ge','t-') -Input @(0..1)) {${C`HAR} = ${CH`AR}.("{0}{1}"-f'ToUpp','er').Invoke()} ${CH`Ar}}) -Join '' 156 | 157 | 158 | ${bASeS`crI`P`TaRR`AY} = @() 159 | ${B`AsE`ScrIPT`ARR`AY} += '(' + ' '*(&("{1}{2}{0}"-f 'm','Get','-Rando') -Input @(0,1)) + "'" + ${DeLI`mi`Te`DE`NCoDEda`Rr`AY} + "'." + ${s`PlIT} + "(" + ' '*(&("{2}{0}{1}"-f 't-Rand','om','Ge') -Input @(0,1)) + "'" + ${RA`Ndom`d`ElimIt`ERsTo`P`RInt} + "'" + ' '*(&("{2}{1}{0}"-f'ndom','a','Get-R') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Get','-Rando','m') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}"-f'dom','Get-Ra','n') -Input @(0,1)) + ${For`EAC`hObJeCt} + ' '*(&("{3}{2}{0}{1}" -f'an','dom','t-R','Ge') -Input @(0,1)) + '{' + ' '*(&("{0}{1}{2}"-f 'Get-Ra','nd','om') -Input @(0,1)) + '(' + ' '*(&("{1}{2}{0}"-f 'andom','Get','-R') -Input @(0,1)) + ${Rand`o`Mco`NVer`S`ioN`sYNtaX} + ')' + ' '*(&("{0}{1}{2}" -f'Ge','t-R','andom') -Input @(0,1)) + '}' + ' '*(&("{0}{2}{1}" -f'Get-R','ndom','a') -Input @(0,1)) + ')' 160 | ${Ba`sEscR`i`PTA`Rr`Ay} += '(' + ' '*(&("{2}{1}{0}{3}" -f 'do','n','Get-Ra','m') -Input @(0,1)) + "'" + ${dE`LimIT`EDencO`dedA`RRaY} + "'" + ' '*(&("{0}{1}{2}" -f 'G','e','t-Random') -Input @(0,1)) + ${Ran`dOmDe`LiMi`TeRs`ToPrinTf`or`d`AShspl`It} + ' '*(&("{3}{1}{2}{0}" -f'm','et','-Rando','G') -Input @(0,1)) + '|' + ' '*(&("{1}{0}{2}"-f'et','G','-Random') -Input @(0,1)) + ${fOREacH`o`B`j`ecT} + ' '*(&("{1}{2}{0}" -f'ndom','G','et-Ra') -Input @(0,1)) + '{' + ' '*(&("{2}{0}{3}{1}"-f 'n','om','Get-Ra','d') -Input @(0,1)) + '(' + ' '*(&("{1}{0}{2}"-f'e','G','t-Random') -Input @(0,1)) + ${RaNdom`c`on`VErsI`oNsYN`Tax} + ')' + ' '*(&("{2}{1}{0}"-f'm','et-Rando','G') -Input @(0,1)) + '}' + ' '*(&("{0}{2}{1}" -f'Ge','-Random','t') -Input @(0,1)) + ')' 161 | ${b`AS`E`SCri`pTaRraY} += '(' + ' '*(&("{3}{0}{2}{1}" -f'a','om','nd','Get-R') -Input @(0,1)) + ${EN`c`ODEDAr`R`AY} + ' '*(&("{1}{0}{2}{3}"-f'et-Ra','G','n','dom') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}" -f '-Random','G','et') -Input @(0,1)) + ${Fo`ReAC`hO`BjE`cT} + ' '*(&("{2}{1}{0}" -f 'm','ndo','Get-Ra') -Input @(0,1)) + '{' + ' '*(&("{0}{2}{1}{3}"-f 'Get-Ra','d','n','om') -Input @(0,1)) + '(' + ' '*(&("{3}{2}{1}{0}"-f'm','ndo','Ra','Get-') -Input @(0,1)) + ${RANDo`M`COnVeRsioN`SyntAx} + ')' + ' '*(&("{2}{1}{0}"-f 'andom','-R','Get') -Input @(0,1)) + '}' + ' '*(&("{1}{2}{0}"-f 'ndom','Get','-Ra') -Input @(0,1)) + ')' 162 | 163 | 164 | ${neWS`cR`IpT`AR`Ray} = @() 165 | ${n`E`wscri`PtArRay} += (&("{1}{2}{0}{3}"-f'-Rand','Ge','t','om') -Input ${BAS`eSCri`PtaR`RAy}) + ' '*(&("{3}{1}{0}{2}"-f'-Ra','et','ndom','G') -Input @(0,1)) + ${J`OiN} + ' '*(&("{2}{0}{1}" -f'et','-Random','G') -Input @(0,1)) + "''" 166 | ${NeWSc`R`iPTArr`Ay} += ${j`oiN} + ' '*(&("{2}{3}{1}{0}" -f'om','and','Get','-R') -Input @(0,1)) + (&("{3}{2}{0}{1}" -f'ndo','m','Ra','Get-') -Input ${baS`E`scRI`PtA`RraY}) 167 | ${nE`WSCRIpTA`R`R`AY} += ${st`R`JoIN} + '(' + ' '*(&("{0}{2}{1}"-f'G','ndom','et-Ra') -Input @(0,1)) + "''" + ' '*(&("{1}{0}{2}"-f 'et-Rando','G','m') -Input @(0,1)) + ',' + ' '*(&("{2}{1}{0}" -f'dom','t-Ran','Ge') -Input @(0,1)) + (&("{1}{0}{2}"-f'o','Get-Rand','m') -Input ${b`ASESC`RIpTaR`RaY}) + ' '*(&("{0}{2}{1}" -f 'G','ndom','et-Ra') -Input @(0,1)) + ')' 168 | ${nEwS`CRIPt`ARRay} += '"' + ' '*(&("{2}{0}{1}" -f 'n','dom','Get-Ra') -Input @(0,1)) + '$(' + ' '*(&("{0}{2}{1}{3}" -f'Get','o','-Rand','m') -Input @(0,1)) + ${SETOf`Sv`AR} + ' '*(&("{1}{0}{2}{3}" -f'd','Get-Ran','o','m') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{1}"-f '-','Random','Get') -Input @(0,1)) + '"' + ' '*(&("{1}{0}{2}{3}" -f'et-R','G','an','dom') -Input @(0,1)) + '+' + ' '*(&("{2}{0}{1}"-f'et-Ra','ndom','G') -Input @(0,1)) + ${ST`Rs`Tr} + (&("{1}{0}{2}" -f't-Rando','Ge','m') -Input ${b`ASE`sC`R`iptaRrAY}) + ' '*(&("{1}{2}{0}"-f 'om','Get-Ran','d') -Input @(0,1)) + '+' + '"' + ' '*(&("{2}{1}{0}"-f 'ndom','et-Ra','G') -Input @(0,1)) + '$(' + ' '*(&("{2}{0}{1}{3}" -f'et-','R','G','andom') -Input @(0,1)) + ${Se`T`OFsv`ARbacK} + ' '*(&("{3}{0}{1}{2}" -f'et-','Ran','dom','G') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}" -f'om','and','Get-R') -Input @(0,1)) + '"' 169 | 170 | 171 | ${nEW`scrI`pT} = (&("{2}{1}{0}" -f 'dom','Ran','Get-') -Input ${N`EWs`criPTaR`R`Ay}) 172 | 173 | 174 | 175 | ${inv`o`KEE`x`pRESs`iONs`YNTaX} = @() 176 | ${I`NvoKe`ExprEsSIoNs`Ynt`Ax} += (&("{0}{1}{2}" -f'Get-Ran','do','m') -Input @('IEX',("{2}{4}{1}{3}{0}"-f 'n','pressi','In','o','voke-Ex'))) 177 | 178 | 179 | 180 | ${iN`VoCAti`On`Ope`RA`TOR} = (&("{2}{0}{1}"-f '-R','andom','Get') -Input @('.','&')) + ' '*(&("{1}{2}{0}" -f'andom','G','et-R') -Input @(0,1)) 181 | ${i`Nv`O`k`eexPRESsIoNSYntAx} += ${I`NVO`c`AT`IONo`PeraToR} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 182 | ${iNV`okeExp`REs`SIO`NS`y`NTaX} += ${InvocA`T`ioN`o`peRATOr} + ('( '+"`$PSHome[") + (&("{0}{2}{1}" -f 'G','dom','et-Ran') -Input @(4,21)) + "]+`$PSHome[" + (&("{2}{1}{0}"-f 'm','Rando','Get-') -Input @(30,34)) + ((("{0}{2}{1}"-f']+sI0xs',')','I0'))."re`place"('sI0',[STriNg][ChAR]39)) 183 | ${inVO`k`eExpReSSIONs`YN`Tax} += ${InVOca`TiOnOP`eRaT`Or} + ('( '+"`$env:ComSpec[4,") + (&("{2}{0}{1}"-f 'an','dom','Get-R') -Input @(15,24,26)) + (((("{1}{4}{2}{0}{5}{3}"-f'}{',',2','-Join{0',')','5]','0}')) -F[CHAR]39)) 184 | ${Inv`O`kEE`XPRE`sSi`OnsYntAX} += ${i`NV`o`cAtiONopER`ATOr} + "((" + (&("{1}{0}{2}" -f 'd','Get-Ran','om') -Input @(("{1}{2}{0}"-f 'iable','G','et-Var'),'GV',("{1}{0}" -f'ariable','V'))) + (((("{10}{2}{11}{9}{3}{8}{0}{5}{1}{4}{7}{6}" -f ',11,','o','pT','.Name[','inpT','2]-J',')','cpTc','3','*mdr*pTc)',' ','c')) -rEplAcE 'pTc',[ChaR]39)) 185 | ${In`VO`keEXPReS`SIoN`sy`N`TAx} += ${INvO`Ca`TiO`NO`PERAtOr} + "( " + (&("{2}{0}{3}{1}" -f'an','om','Get-R','d') -Input @(((('6bN'+'V'+'erb'+'osePr'+'ef'+'eren'+'ce.'+'ToS'+'t'+'ring('+')') -CrePlacE '6bN',[char]36)),((('([Strin'+'g'+']'+'j'+'qa'+'V'+'erboseP'+'r'+'eferenc'+'e)')-REPLACE ([chAr]106+[chAr]113+[chAr]97),[chAr]36)))) + (((("{0}{4}{6}{3}{2}{1}{5}{7}" -f '[1,','o','J','ZhW-','3]+ZhW','i','x','nZhWZhW)')) -rePLACE'ZhW',[ChAr]39)) 186 | 187 | 188 | 189 | 190 | ${InVO`keeX`PR`eSsiOn} = (&("{3}{0}{2}{1}"-f 'an','m','do','Get-R') -Input ${i`NVOKEEx`PRe`SsIOnSyn`TAx}) 191 | 192 | 193 | ${INv`O`keE`x`p`REsSioN} = ([Char[]]${i`N`VOKEe`xPressIon} | &("{2}{3}{1}{0}"-f't','jec','F','orEach-Ob') {${CH`Ar} = ${_}.("{0}{1}{2}"-f 'ToS','trin','g').Invoke().("{1}{0}"-f 'wer','ToLo').Invoke(); If(&("{1}{2}{0}"-f'm','G','et-Rando') -Input @(0..1)) {${C`HAr} = ${C`HAR}.("{2}{0}{1}" -f 'Upp','er','To').Invoke()} ${c`HAR}}) -Join '' 194 | 195 | 196 | ${In`V`Oke`oPTiO`Ns} = @() 197 | ${i`NVO`keOptIo`NS} += ' '*(&("{2}{1}{0}"-f'Random','-','Get') -Input @(0,1)) + ${INVoK`Eex`preSSi`on} + ' '*(&("{0}{2}{1}" -f 'Ge','om','t-Rand') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}" -f 't-Random','e','G') -Input @(0,1)) + ${n`EWsc`Ript} + ' '*(&("{0}{1}{2}"-f'Ge','t','-Random') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{3}{2}"-f 'Ge','t-Ra','om','nd') -Input @(0,1)) 198 | ${in`VOKeo`Pt`IonS} += ' '*(&("{0}{2}{1}{3}" -f'Get-Ra','do','n','m') -Input @(0,1)) + ${neWsc`RI`pT} + ' '*(&("{0}{2}{1}"-f'G','ndom','et-Ra') -Input @(0,1)) + '|' + ' '*(&("{1}{0}{2}" -f 't-Ran','Ge','dom') -Input @(0,1)) + ${invOkEEx`p`R`EsS`I`on} 199 | 200 | ${Ne`w`sCrIPt} = (&("{2}{1}{0}" -f 'andom','-R','Get') -Input ${IN`VO`K`eO`pTionS}) 201 | 202 | 203 | If(!${pS`B`O`UNd`PArAMETeRs}[("{0}{2}{1}"-f 'Pass','ru','Th')]) 204 | { 205 | 206 | ${PowerS`HEL`lFL`A`gs} = @() 207 | 208 | 209 | 210 | ${c`o`MmanDlineO`pTIO`Ns} = &("{2}{0}{3}{1}" -f'-Ob','t','New','jec') ("{1}{0}"-f '[]','String')(0) 211 | If(${P`sBOUNd`Paramet`ers}[("{2}{0}{1}"-f'oEx','it','N')]) 212 | { 213 | ${F`UllA`R`g`UMENt} = ("{0}{1}{2}" -f'-','N','oExit'); 214 | ${COmM`ANdLInEOpT`I`OnS} += ${FuLlaRGu`m`ENT}.("{1}{0}{2}" -f 'ubSt','S','ring').Invoke(0,(&("{0}{2}{1}"-f'Get-R','dom','an') -Minimum 4 -Maximum (${f`U`llaRGUM`Ent}."L`eNGTh"+1))) 215 | } 216 | If(${Ps`BOUn`dP`AramETerS}[("{0}{1}{2}" -f 'No','Pr','ofile')]) 217 | { 218 | ${Fu`Lla`RG`UMEnt} = ("{2}{0}{1}"-f 'P','rofile','-No'); 219 | ${cOm`mAN`dLIn`eOp`TI`Ons} += ${FUL`L`ArgUM`ENT}.("{2}{0}{1}" -f'S','tring','Sub').Invoke(0,(&("{2}{0}{1}"-f 't-Ra','ndom','Ge') -Minimum 4 -Maximum (${fuLlA`Rgu`MeNt}."l`eNgtH"+1))) 220 | } 221 | If(${p`sbO`UNdPA`RaMetErS}[("{2}{3}{1}{0}"-f 've','i','NonInt','eract')]) 222 | { 223 | ${fuLLaRgU`Me`Nt} = ("{1}{0}{3}{2}"-f 'rac','-NonInte','ive','t'); 224 | ${CO`MmAn`D`lInEOP`TIOns} += ${Fu`LLAR`gUM`e`Nt}.("{0}{2}{1}" -f 'Sub','ing','Str').Invoke(0,(&("{3}{0}{1}{2}"-f 'a','nd','om','Get-R') -Minimum 5 -Maximum (${fuL`LArgu`M`enT}."len`g`TH"+1))) 225 | } 226 | If(${pSBouNd`P`Ar`Amet`ErS}[("{1}{2}{0}" -f'Logo','N','o')]) 227 | { 228 | ${FuLlar`GumE`Nt} = ("{0}{1}"-f '-NoL','ogo'); 229 | ${C`O`MmANDL`inEOpT`ions} += ${F`ULlArGume`Nt}.("{2}{1}{0}"-f 'ng','ubStri','S').Invoke(0,(&("{1}{0}{2}" -f 'et-Ran','G','dom') -Minimum 4 -Maximum (${fu`ll`ArGUMEnt}."l`EngTH"+1))) 230 | } 231 | If(${p`SbOUn`dPA`Ra`Meters}[("{3}{1}{0}{2}" -f'ndowS','i','tyle','W')] -OR ${wi`N`DOwSSty`le}) 232 | { 233 | ${Fu`LL`Arg`U`mEnt} = ("{0}{1}{2}"-f '-W','indowStyl','e') 234 | If(${WINd`ows`S`TYle}) {${A`R`GumEn`TvalUE} = ${WINdowSS`TY`Le}} 235 | Else {${ARG`UMe`N`TVa`lUe} = ${PS`BO`UNDpAR`Am`etErS}[("{3}{2}{1}{0}"-f'le','y','St','Window')]} 236 | 237 | 238 | Switch(${aRgu`mentV`A`LUe}.("{0}{1}"-f'To','Lower').Invoke()) 239 | { 240 | ("{2}{0}{1}" -f 'rm','al','no') {If(&("{2}{1}{0}" -f't-Random','e','G') -Input @(0..1)) {${ARGu`Men`TVAL`Ue} = (&("{2}{1}{0}"-f 't-Random','e','G') -Input @('0','n','no','nor',("{1}{0}"-f 'm','nor'),("{1}{0}"-f'rma','no')))}} 241 | ("{1}{2}{0}" -f'n','hi','dde') {If(&("{2}{0}{1}" -f'and','om','Get-R') -Input @(0..1)) {${ArGument`V`AL`Ue} = (&("{1}{2}{0}"-f 'dom','Get-R','an') -Input @('1','h','hi','hid',("{0}{1}"-f 'hi','dd'),("{0}{1}"-f'hid','de')))}} 242 | ("{0}{2}{1}" -f'mi','d','nimize') {If(&("{2}{0}{1}" -f't-Ra','ndom','Ge') -Input @(0..1)) {${A`R`gUMeNT`VALuE} = (&("{2}{0}{1}{3}"-f'Ra','nd','Get-','om') -Input @('2','mi','min',("{0}{1}" -f 'mi','ni'),("{1}{0}" -f 'm','mini'),("{1}{2}{0}" -f'mi','min','i'),("{0}{1}{2}"-f 'min','imi','z'),("{2}{1}{0}"-f'e','imiz','min')))}} 243 | ("{2}{0}{1}"-f 'ximi','zed','ma') {If(&("{0}{2}{1}" -f 'G','-Random','et') -Input @(0..1)) {${a`Rgum`e`NTv`ALUe} = (&("{1}{2}{0}"-f'Random','Get','-') -Input @('3','ma','max',("{0}{1}" -f'max','i'),("{0}{1}"-f'm','axim'),("{1}{0}"-f'ximi','ma'),("{0}{1}"-f'ma','ximiz'),("{1}{2}{0}"-f'e','ma','ximiz')))}} 244 | ("{1}{0}" -f 'ult','defa') {&("{1}{2}{0}" -f 'r','W','rite-Erro') ('A'+'n '+'in'+'v'+'alid '+"`$ArgumentValue "+'va'+'l'+'ue '+"($ArgumentValue) "+'w'+'as '+'pas'+'s'+'ed '+'to'+' '+'s'+'wi'+'tch '+'blo'+'ck '+'fo'+'r '+'Out'+'-P'+'ow'+'erS'+'hell'+'La'+'uncher.'); Exit;} 245 | } 246 | 247 | ${p`OWeR`ShELLF`lAGS} += ${ful`LAr`G`UmEnt}.("{1}{0}{2}" -f 'trin','SubS','g').Invoke(0,(&("{0}{1}{2}" -f'G','et-Rand','om') -Minimum 2 -Maximum (${f`UlLA`Rg`UME`Nt}."Len`GtH"+1))) + ' '*(&("{1}{0}{2}"-f't-Ra','Ge','ndom') -Minimum 1 -Maximum 3) + ${argU`mEN`T`Va`LuE} 248 | } 249 | If(${pSb`ou`NDparAmet`e`Rs}[("{0}{1}{2}" -f 'Exec','u','tionPolicy')] -OR ${eXe`c`Ut`IoN`polIcy}) 250 | { 251 | ${FUl`LarG`UMent} = ("{3}{4}{1}{2}{0}" -f'icy','P','ol','-Exec','ution') 252 | If(${EXecUt`io`NpoLi`cY}) {${A`Rg`UmEnTv`ALUe} = ${E`XeC`UtiOnPolI`CY}} 253 | Else {${ArgUmENT`V`Alue} = ${pSBo`U`N`D`pARaME`TErS}[("{0}{4}{2}{1}{3}" -f 'Exe','olic','P','y','cution')]} 254 | 255 | ${e`XeCuTioNp`ol`ic`yfLagS} = @() 256 | ${E`XEcut`I`ONPolICyF`lA`gS} += '-EP' 257 | For(${IN`DeX}=3; ${IN`DeX} -le ${f`UlLA`RGUM`EnT}."lEN`GtH"; ${IN`DeX}++) 258 | { 259 | ${ex`eCUtionpOl`icYFL`AGS} += ${FUllarGu`M`e`Nt}.("{1}{0}"-f 'ing','SubStr').Invoke(0,${I`ND`EX}) 260 | } 261 | ${e`XecUt`iOnpoLIc`YFlAg} = &("{1}{0}{2}"-f 'et-Ra','G','ndom') -Input ${eXe`cUtIO`Np`Oli`CyflaGs} 262 | ${po`WeRS`h`ellflAGs} += ${E`XeC`Ut`IOnpoLICYFlAG} + ' '*(&("{0}{2}{1}"-f 'Get','m','-Rando') -Minimum 1 -Maximum 3) + ${Ar`gumEN`TvaL`UE} 263 | } 264 | 265 | 266 | 267 | If(${cO`MmAndLi`N`Eop`TiO`Ns}."Co`UNT" -gt 1) 268 | { 269 | ${COmma`Ndlin`Eop`Ti`oNS} = &("{2}{0}{1}"-f'R','andom','Get-') -InputObject ${c`oMmANDlI`N`eo`pTIOns} -Count ${cOmm`A`NDLINeO`pTIonS}."COu`NT" 270 | } 271 | 272 | 273 | If(${p`sBOu`NdpARaM`eTE`Rs}[("{2}{1}{0}"-f 'and','m','Com')]) 274 | { 275 | ${fu`l`LarGum`e`Nt} = ("{2}{0}{1}" -f 'om','mand','-C') 276 | ${coMmAn`DLiNeo`P`T`IOnS} += ${fU`l`laRg`Um`Ent}.("{1}{0}{2}"-f'ubStr','S','ing').Invoke(0,(&("{1}{2}{0}{3}"-f'-R','G','et','andom') -Minimum 2 -Maximum (${fU`ll`A`RgumENt}."lenG`Th"+1))) 277 | } 278 | 279 | 280 | For(${i}=0; ${i} -lt ${P`OwersHEL`lFL`A`gs}."C`OuNT"; ${I}++) 281 | { 282 | ${POW`E`Rs`h`eLlf`LAgS}[${i}] = ([Char[]]${P`owerShE`l`LflAgs}[${i}] | &("{0}{3}{1}{4}{2}" -f'F','ch-Ob','ect','orEa','j') {${CH`Ar} = ${_}.("{1}{0}"-f'ng','ToStri').Invoke().("{1}{0}" -f 'Lower','To').Invoke(); If(&("{2}{0}{1}" -f 'et-','Random','G') -Input @(0..1)) {${C`hAr} = ${c`Har}.("{0}{1}"-f'ToUpp','er').Invoke()} ${C`hAr}}) -Join '' 283 | } 284 | 285 | 286 | ${comMAnD`L`iNeOP`TI`ONs} = (${coMMa`NdLINE`o`p`Ti`oNs} | &("{3}{2}{4}{0}{1}"-f 'Obje','ct','or','F','Each-') {${_} + " "*(&("{0}{1}{3}{2}"-f'G','et-Ra','om','nd') -Minimum 1 -Maximum 3)}) -Join '' 287 | ${Co`M`mA`N`dliN`EO`PTIONS} = " "*(&("{3}{1}{2}{0}"-f 'dom','-R','an','Get') -Minimum 0 -Maximum 3) + ${comMAn`DLinEo`P`Ti`o`Ns} + " "*(&("{2}{1}{0}"-f'dom','an','Get-R') -Minimum 0 -Maximum 3) 288 | 289 | 290 | If(${P`s`BOuN`Dp`ARAM`eters}[("{0}{1}"-f'W','ow64')]) 291 | { 292 | ${c`oMMAndlin`eouT`p`Ut} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 293 | } 294 | Else 295 | { 296 | 297 | 298 | ${c`o`Mm`An`DlINeOUt`PuT} = "powershell $($CommandlineOptions) `"$NewScript`" " 299 | } 300 | 301 | 302 | ${cM`d`M`AXLEn`GTH} = 8190 303 | If(${Co`M`mAnDl`INEO`UTp`Ut}."len`GTH" -gt ${C`mdmaXle`NgTH}) 304 | { 305 | &("{1}{2}{0}" -f'Warning','W','rite-') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 306 | } 307 | 308 | ${neW`scrI`PT} = ${co`MMandl`in`eoutP`Ut} 309 | } 310 | 311 | Return ${NewS`c`RIpT} 312 | } 313 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedOctalCommand.ps1: -------------------------------------------------------------------------------- 1 | &('sV') ('C8'+'P') ([TYpE]("{0}{2}{1}"-f 'I','.FILE','O') ) ; &("{1}{2}{0}" -f 'm','SeT-iT','e') ("variABlE"+":4"+"vT8") ([tYpE]("{2}{0}{1}"-F 'nVe','rt','co')); 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function oUT-`eN`CODeDocTA`lcO`M`Mand 21 | { 22 | 23 | 24 | [CmdletBinding(DeFAultPaRAmeTERSetnAmE = {"{1}{0}{2}" -f 'ileP','F','ath'})] Param ( 25 | [Parameter(posITIoN = 0, vaLuEfROmPiPElInE = ${tr`Ue}, PArametErSEtnAME = "ScR`i`PtBloCK")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${S`Cr`iPtb`lOCK}, 29 | 30 | [Parameter(poSITIOn = 0, paraMeTeRsETnaME = "fil`Epa`Th")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${P`ATh}, 34 | 35 | [Switch] 36 | ${NOE`X`it}, 37 | 38 | [Switch] 39 | ${n`O`prOfILE}, 40 | 41 | [Switch] 42 | ${nonin`Te`Rac`Tive}, 43 | 44 | [Switch] 45 | ${nO`L`OGO}, 46 | 47 | [Switch] 48 | ${woW`64}, 49 | 50 | [Switch] 51 | ${Co`MMAND}, 52 | 53 | [ValidateSet({"{1}{0}"-f 'ormal','N'}, {"{1}{2}{0}"-f'mized','Mi','ni'}, {"{0}{2}{1}" -f 'Ma','ed','ximiz'}, {"{1}{0}"-f 'den','Hid'})] 54 | [String] 55 | ${W`iNDo`wStYle}, 56 | 57 | [ValidateSet({"{1}{0}"-f 's','Bypas'}, {"{2}{1}{3}{0}"-f'icted','nre','U','str'}, {"{2}{3}{0}{1}" -f'ne','d','RemoteS','ig'}, {"{1}{0}{2}" -f 'igne','AllS','d'}, {"{0}{2}{1}" -f'R','ed','estrict'})] 58 | [String] 59 | ${E`XeCuTIO`NpO`licy}, 60 | 61 | [Switch] 62 | ${P`A`ssthrU} 63 | ) 64 | 65 | 66 | ${E`N`CO`DiNgBAsE} = 8 67 | 68 | 69 | If(${Ps`BOu`NDP`ARamE`TERS}[("{0}{1}" -f 'P','ath')]) 70 | { 71 | &("{0}{2}{1}"-f 'Get-Chi','tem','ldI') ${pA`Th} -ErrorAction ("{1}{0}"-f'op','St') | &("{1}{0}" -f 't-Null','Ou') 72 | ${s`CRI`pTSTRInG} = ( &("{0}{1}{2}" -f 'GET','-','VarIABLe') ('C8'+'p') -vAlue )::("{0}{2}{1}" -f 'ReadAllT','t','ex').Invoke((&("{2}{0}{1}{3}" -f 'e-P','at','Resolv','h') ${Pa`Th})) 73 | } 74 | Else 75 | { 76 | ${sCRi`Pt`s`Tr`iNG} = [String]${Sc`RIPTb`lOCK} 77 | } 78 | 79 | 80 | 81 | ${RANDo`mD`ElI`MITerS} = @('_','-',',','{','}','~','!','@','%','&','<','>',';',':') 82 | 83 | 84 | @('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') | &("{1}{0}{2}{3}" -f'ch','ForEa','-Ob','ject') {${U`pPeRLo`W`ErcHar} = ${_}; If(((&("{2}{1}{0}" -f'om','and','Get-R') -Input @(1..2))-1 -eq 0)) {${uP`pe`Rlowe`RCHaR} = ${u`pP`Erl`ower`chaR}.("{1}{0}{2}" -f'e','ToUpp','r').Invoke()} ${ra`NdomdEL`I`MIteRs} += ${UPp`erL`OweRCH`AR}} 85 | 86 | 87 | ${rAND`OMdEL`Imi`T`ERs} = (&("{1}{0}{2}"-f'-Ran','Get','dom') -Input ${RAN`doM`DE`LiMIT`E`RS} -Count (${r`AndOM`dElI`mITeRs}."CO`Unt"/4)) 88 | 89 | 90 | ${deLiMiteden`cO`D`e`DAr`RaY} = '' 91 | ([Char[]]${SCRIpT`sT`R`iNG}) | &("{0}{3}{4}{1}{2}" -f'Fo','h-Obj','ect','rE','ac') {${DEL`Imit`ed`EncOd`EDa`RraY} += ( (&("{0}{1}"-f 'VaRIaBl','e') ('4V'+'t8') )."v`AlUe"::"T`oSt`RiNG"(([Int][Char]${_}),${encoD`iNGbA`sE}) + (&("{0}{1}{2}"-f 'G','et-','Random') -Input ${R`A`NDoMD`eLiMIte`Rs}))} 92 | 93 | 94 | ${DEli`mi`T`EDENcOdeD`A`RraY} = ${DEli`M`ITEDe`Nco`De`darRaY}.("{2}{0}{1}" -f 'Stri','ng','Sub').Invoke(0,${DeL`ImI`TEDENCo`D`eDAr`Ray}."LEn`GtH"-1) 95 | 96 | 97 | ${RaNdoMdeLI`m`I`TerSTo`pRiNt} = (&("{2}{0}{3}{1}"-f'et-Ran','om','G','d') -Input ${RA`ND`OmdElIM`ITeRs} -Count ${Ra`NdomDelIm`IT`Ers}."Le`N`gth") -Join '' 98 | 99 | 100 | ${f`oR`EaC`hO`BjECt} = &("{2}{1}{3}{0}"-f'om','t-Ra','Ge','nd') -Input @(("{0}{1}" -f 'ForE','ach'),("{3}{1}{4}{2}{0}" -f 'ect','c','bj','ForEa','h-O'),'%') 101 | ${S`TRjO`iN} = ([Char[]]("{4}{0}{3}{2}{1}" -f't','in','::Jo','ring]','[S') | &("{1}{2}{3}{0}" -f't','For','Each-Ob','jec') {${c`har} = ${_}.("{1}{0}{2}"-f'Str','To','ing').Invoke().("{1}{0}{2}"-f'L','To','ower').Invoke(); If(&("{2}{3}{1}{0}" -f'm','-Rando','Ge','t') -Input @(0..1)) {${C`HaR} = ${C`har}.("{0}{2}{1}" -f'ToUp','er','p').Invoke()} ${CH`Ar}}) -Join '' 102 | ${s`TrS`TR} = ([Char[]]("{1}{2}{0}"-f'tring]','[','S') | &("{0}{1}{3}{2}"-f 'ForEach','-Obj','ct','e') {${cH`Ar} = ${_}.("{0}{1}"-f 'ToStr','ing').Invoke().("{2}{1}{0}" -f'wer','oLo','T').Invoke(); If(&("{1}{0}{2}"-f'nd','Get-Ra','om') -Input @(0..1)) {${cH`Ar} = ${c`Har}.("{1}{0}"-f 'pper','ToU').Invoke()} ${cH`AR}}) -Join '' 103 | ${J`oIn} = ([Char[]]("{1}{0}" -f'oin','-J') | &("{1}{3}{0}{2}"-f'bjec','ForEach','t','-O') {${ch`Ar} = ${_}.("{0}{1}{2}"-f'To','Str','ing').Invoke().("{2}{0}{1}" -f 'w','er','ToLo').Invoke(); If(&("{2}{0}{1}" -f 'nd','om','Get-Ra') -Input @(0..1)) {${C`haR} = ${CH`AR}.("{1}{0}{2}" -f'p','ToUp','er').Invoke()} ${C`HAR}}) -Join '' 104 | ${C`HaRS`TR} = ([Char[]]("{1}{0}"-f'ar','Ch') | &("{1}{3}{2}{0}" -f 't','ForEach-Ob','c','je') {${C`hAr} = ${_}.("{2}{0}{1}"-f'rin','g','ToSt').Invoke().("{0}{2}{1}" -f'To','wer','Lo').Invoke(); If(&("{0}{2}{1}{3}" -f'Get-Ra','o','nd','m') -Input @(0..1)) {${C`Har} = ${ch`AR}.("{0}{1}" -f'To','Upper').Invoke()} ${C`HAR}}) -Join '' 105 | ${i`NT} = ([Char[]]'Int' | &("{1}{4}{0}{3}{2}" -f 'ch','ForE','t','-Objec','a') {${c`Har} = ${_}.("{1}{0}{2}" -f'oStr','T','ing').Invoke().("{1}{0}{2}" -f 'oL','T','ower').Invoke(); If(&("{2}{1}{0}" -f'm','ndo','Get-Ra') -Input @(0..1)) {${c`har} = ${c`HAr}.("{1}{0}"-f 'pper','ToU').Invoke()} ${cH`AR}}) -Join '' 106 | ${fOR`e`AcH`OB`JECT} = ([Char[]]${FoReA`C`HOB`jE`Ct} | &("{1}{3}{4}{2}{0}" -f 't','F','c','or','Each-Obje') {${c`Har} = ${_}.("{0}{1}{2}" -f 'ToStr','i','ng').Invoke().("{0}{1}{2}" -f'To','Lo','wer').Invoke(); If(&("{1}{0}{2}{3}"-f 'et-Ra','G','n','dom') -Input @(0..1)) {${ch`AR} = ${c`Har}.("{1}{0}" -f 'r','ToUppe').Invoke()} ${cH`Ar}}) -Join '' 107 | ${tO`IN`T16} = ([Char[]]((("{0}{3}{2}{4}{1}{5}" -f '[Conv','Int16','::T','ert]','o','('))) | &("{0}{1}{2}{3}" -f 'ForE','ach-Obj','e','ct') {${CH`Ar} = ${_}.("{0}{2}{1}"-f'ToS','ing','tr').Invoke().("{2}{0}{1}" -f'oLow','er','T').Invoke(); If(&("{1}{0}{2}"-f't-R','Ge','andom') -Input @(0..1)) {${c`HAR} = ${cH`Ar}.("{2}{1}{0}"-f'er','pp','ToU').Invoke()} ${C`Har}}) -Join '' 108 | 109 | 110 | ${raNDomdeLIMI`TErstO`PR`I`NT`FoRdAsHSp`Lit} = '' 111 | ForEach(${R`ANdomDELi`Mi`Ter} in ${r`An`DO`mDel`ImI`TErs}) 112 | { 113 | 114 | ${s`P`lIT} = ([Char[]]("{0}{1}" -f 'S','plit') | &("{1}{3}{2}{0}" -f 'ct','ForEac','e','h-Obj') {${Ch`Ar} = ${_}.("{2}{0}{1}"-f 'tri','ng','ToS').Invoke().("{0}{1}" -f 'ToLo','wer').Invoke(); If(&("{1}{2}{0}" -f'om','Get','-Rand') -Input @(0..1)) {${ch`Ar} = ${CH`Ar}.("{0}{1}" -f'To','Upper').Invoke()} ${CH`Ar}}) -Join '' 115 | 116 | ${RandoM`DE`lIMItEr`s`T`O`p`RIntFo`RDas`hspLit} += ('-' + ${S`pL`It} + ' '*(&("{2}{0}{1}" -f '-Ran','dom','Get') -Input @(0,1)) + "'" + ${Ra`N`DOMD`eLiM`ItEr} + "'" + ' '*(&("{2}{0}{1}"-f 'nd','om','Get-Ra') -Input @(0,1))) 117 | } 118 | ${rANdOMD`elImiTERST`O`P`RINT`FORda`S`h`SPLIT} = ${R`A`NdO`mdel`iM`ItE`RsTOpri`N`T`FoRDasHsplit}.("{1}{0}" -f 'm','Tri').Invoke() 119 | 120 | 121 | ${raNdomStri`N`g`SyN`TAX} = ([Char[]](&("{2}{0}{1}"-f 't-Ran','dom','Ge') -Input @(((('[St'+'r'+'ing'+']u5V_')-CREPLace ([cHar]117+[cHar]53+[cHar]86),[cHar]36)),(('{0'+'}_.ToStr'+'ing('+')')-F[cHaR]36))) | &("{2}{1}{3}{4}{0}"-f '-Object','orEa','F','c','h') {${c`hAr} = ${_}.("{2}{0}{1}"-f'in','g','ToStr').Invoke().("{1}{0}{2}"-f'oL','T','ower').Invoke(); If(&("{2}{1}{0}"-f'om','t-Rand','Ge') -Input @(0..1)) {${c`HAr} = ${C`hAr}.("{1}{0}{2}" -f'pe','ToUp','r').Invoke()} ${CH`Ar}}) -Join '' 122 | ${Rand`o`m`C`Onv`e`RsIONsynTAX} = @() 123 | ${RA`N`DOMCO`NversI`o`NsYnTAX} += "[$CharStr]" + ' '*(&("{1}{0}{2}"-f't-Ra','Ge','ndom') -Input @(0,1)) + '(' + ' '*(&("{2}{0}{1}" -f 'et-Rand','om','G') -Input @(0,1)) + ${TO`iN`T16} + ' '*(&("{0}{1}{2}" -f'Ge','t-Rand','om') -Input @(0,1)) + '(' + ' '*(&("{2}{0}{1}" -f'et-Rand','om','G') -Input @(0,1)) + ${rANDO`M`sTRInGs`YN`TAx} + ' '*(&("{0}{1}{2}" -f 'Ge','t-Ra','ndom') -Input @(0,1)) + ')' + ' '*(&("{1}{0}{2}"-f'Rando','Get-','m') -Input @(0,1)) + ',' + ${E`NcodIn`gbase} + ' '*(&("{2}{3}{0}{1}"-f'Ra','ndom','G','et-') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Get-R','ando','m') -Input @(0,1)) + ')' 124 | ${rA`N`DoMCO`NveR`SI`oNsyN`TAx} += ${tOIN`T`16} + ' '*(&("{0}{2}{1}" -f'Get-Ra','m','ndo') -Input @(0,1)) + '(' + ' '*(&("{0}{1}{2}" -f 'G','et-Ra','ndom') -Input @(0,1)) + ${R`AN`D`OmS`TRINgs`yNTAX} + ' '*(&("{3}{0}{1}{2}" -f'an','do','m','Get-R') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}" -f 'om','and','Get-R') -Input @(0,1)) + ',' + ' '*(&("{1}{0}{2}"-f '-Rando','Get','m') -Input @(0,1)) + ${E`NcOdiNGb`ASE} + ' '*(&("{0}{1}{2}"-f'Get-Ra','n','dom') -Input @(0,1)) + ')' + ' '*(&("{2}{0}{1}" -f'-Rand','om','Get') -Input @(0,1)) + (&("{2}{1}{0}" -f 'om','d','Get-Ran') -Input @('-as','-As','-aS','-AS')) + ' '*(&("{3}{0}{1}{2}"-f'-Ra','n','dom','Get') -Input @(0,1)) + "[$CharStr]" 125 | ${R`A`N`DOMConvERsI`on`SynTAx} = (&("{0}{2}{1}" -f'Get-','om','Rand') -Input ${RAndOMCONv`ERSiOns`yN`TAX}) 126 | 127 | 128 | ${e`NcodeD`AR`Ray} = '' 129 | ([Char[]]${SCrIpT`StrI`NG}) | &("{1}{2}{0}{3}" -f 'h-O','For','Eac','bject') {${ENcOd`EdA`RRAY} += ( ${4v`T8}::"tosTRi`NG"(([Int][Char]${_}),${en`CO`dI`NgB`ASE}) + ' '*(&("{1}{0}{2}"-f'and','Get-R','om') -Input @(0,1)) + ',' + ' '*(&("{0}{2}{1}" -f 'G','Random','et-') -Input @(0,1)))} 130 | 131 | 132 | ${E`NcODeDa`R`R`Ay} = ('(' + ' '*(&("{2}{3}{0}{1}" -f'o','m','Get-Ran','d') -Input @(0,1)) + ${ENc`od`edA`Rr`AY}.("{1}{0}"-f'rim','T').Invoke().("{0}{1}"-f'Tri','m').Invoke(',') + ')') 133 | 134 | 135 | 136 | 137 | 138 | ${sEt`oF`SV`ArSYntAX} = @() 139 | ${s`ETOF`Sv`A`RsYntAx} += ("{2}{0}{1}" -f'et-Ite','m','S') + ' '*(&("{1}{0}{2}" -f'et-','G','Random') -Input @(1,2)) + ((("{0}{1}{2}"-f '{0}','Variable:OFS{0','}'))-f[chAr]39) + ' '*(&("{1}{0}{2}"-f 'do','Get-Ran','m') -Input @(1,2)) + "''" 140 | ${S`EToFsVA`R`SY`NTAx} += (&("{2}{0}{3}{1}" -f'et','ndom','G','-Ra') -Input @(("{2}{0}{1}"-f 't-Varia','ble','Se'),'SV','SET')) + ' '*(&("{1}{0}{2}"-f'Rand','Get-','om') -Input @(1,2)) + ((("{1}{2}{0}"-f'FOj','FO','jOFS'))."rEp`l`ACE"(([cHAR]70+[cHAR]79+[cHAR]106),[sTrING][cHAR]39)) + ' '*(&("{2}{0}{1}" -f 'n','dom','Get-Ra') -Input @(1,2)) + "''" 141 | ${s`e`ToF`SVAR} = (&("{1}{2}{0}" -f'andom','G','et-R') -Input ${Se`T`OFSVAr`s`yNtaX}) 142 | 143 | ${s`e`TOFSvarBACk`Sy`NtAx} = @() 144 | ${SetoFSv`Arb`A`CKSY`N`TAX} += ("{0}{1}" -f 'Set-I','tem') + ' '*(&("{1}{2}{0}"-f 'ndom','Ge','t-Ra') -Input @(1,2)) + ((("{2}{0}{1}{3}"-f 'a','riabl','{0}V','e:OFS{0}')) -f [cHAR]39) + ' '*(&("{0}{3}{1}{2}"-f 'Get','a','ndom','-R') -Input @(1,2)) + "' '" 145 | ${S`EtoF`SvaRbaCksynT`Ax} += (&("{3}{1}{2}{0}" -f'om','et','-Rand','G') -Input @(("{3}{2}{1}{0}"-f'able','Vari','t-','Se'),'SV','SET')) + ' '*(&("{3}{0}{1}{2}" -f'a','n','dom','Get-R') -Input @(1,2)) + ((("{0}{1}"-f'EBNO','FSEBN')) -rEPlACE ([cHar]69+[cHar]66+[cHar]78),[cHar]39) + ' '*(&("{2}{1}{3}{0}"-f 'Random','t','Ge','-') -Input @(1,2)) + "' '" 146 | ${seTO`FSV`A`Rback} = (&("{0}{2}{1}"-f 'Ge','Random','t-') -Input ${SeT`Ofs`VaRbaCKsyn`TAx}) 147 | 148 | 149 | ${seT`OfSv`AR} = ([Char[]]${s`eTo`FsVaR} | &("{2}{3}{0}{4}{1}" -f'-Ob','t','ForEa','ch','jec') {${C`HAR} = ${_}.("{1}{0}{2}"-f'oStrin','T','g').Invoke().("{0}{1}" -f 'ToLo','wer').Invoke(); If(&("{0}{2}{1}" -f 'Get-R','om','and') -Input @(0..1)) {${C`hAR} = ${Ch`Ar}.("{0}{2}{1}" -f'T','er','oUpp').Invoke()} ${cH`AR}}) -Join '' 150 | ${S`EtoFSVaRb`A`cK} = ([Char[]]${Se`TOF`S`VAr`BAck} | &("{4}{3}{1}{2}{0}"-f 't','Obj','ec','ch-','ForEa') {${ch`AR} = ${_}.("{0}{1}"-f 'T','oString').Invoke().("{1}{0}{2}"-f'oLo','T','wer').Invoke(); If(&("{1}{3}{0}{2}"-f'-','Ge','Random','t') -Input @(0..1)) {${C`HAr} = ${Ch`Ar}.("{0}{1}{2}"-f'T','oUppe','r').Invoke()} ${c`HAr}}) -Join '' 151 | 152 | 153 | ${BAse`s`C`RiptaRR`Ay} = @() 154 | ${b`AS`EscRIpTarR`Ay} += '(' + ' '*(&("{1}{2}{0}" -f 'm','Get-Ran','do') -Input @(0,1)) + "'" + ${deL`I`Mi`TEdE`NC`oDedA`RrAY} + "'." + ${Sp`l`iT} + "(" + ' '*(&("{1}{0}{2}"-f'do','Get-Ran','m') -Input @(0,1)) + "'" + ${rAndOM`dELI`MITeRS`TOprI`NT} + "'" + ' '*(&("{2}{1}{3}{0}" -f'om','a','Get-R','nd') -Input @(0,1)) + ')' + ' '*(&("{1}{2}{0}" -f '-Random','G','et') -Input @(0,1)) + '|' + ' '*(&("{1}{2}{0}{3}" -f 'do','Get','-Ran','m') -Input @(0,1)) + ${FOreAc`h`Obje`ct} + ' '*(&("{1}{0}{2}" -f'R','Get-','andom') -Input @(0,1)) + '{' + ' '*(&("{1}{3}{2}{0}"-f'Random','G','-','et') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}" -f 't-Random','e','G') -Input @(0,1)) + ${r`And`oMConV`ERs`ION`SYntax} + ')' + ' '*(&("{2}{1}{0}"-f 'om','Rand','Get-') -Input @(0,1)) + '}' + ' '*(&("{1}{2}{0}" -f'dom','Ge','t-Ran') -Input @(0,1)) + ')' 155 | ${b`AS`eScRiPT`ARRAY} += '(' + ' '*(&("{1}{0}{2}" -f'ndo','Get-Ra','m') -Input @(0,1)) + "'" + ${D`eLimiTE`Dencod`Ed`ARrAY} + "'" + ' '*(&("{1}{0}{2}"-f'R','Get-','andom') -Input @(0,1)) + ${r`Ando`MDe`l`i`M`I`TERstoPrINTfORDA`S`hSPlit} + ' '*(&("{0}{2}{1}" -f'G','m','et-Rando') -Input @(0,1)) + '|' + ' '*(&("{1}{0}{3}{2}" -f 'et-','G','andom','R') -Input @(0,1)) + ${Fo`R`EaCHObJ`eCt} + ' '*(&("{0}{2}{1}" -f 'Get','Random','-') -Input @(0,1)) + '{' + ' '*(&("{2}{3}{1}{0}"-f 'm','o','Get','-Rand') -Input @(0,1)) + '(' + ' '*(&("{2}{3}{0}{1}"-f'd','om','Get-','Ran') -Input @(0,1)) + ${R`A`ND`omco`NVERsiOns`YNTaX} + ')' + ' '*(&("{0}{2}{1}"-f'G','-Random','et') -Input @(0,1)) + '}' + ' '*(&("{0}{2}{1}" -f 'Ge','andom','t-R') -Input @(0,1)) + ')' 156 | ${BAsesCRi`PTarr`Ay} += '(' + ' '*(&("{0}{1}{2}"-f'Get-','Rando','m') -Input @(0,1)) + ${E`NC`ODeDaRRAY} + ' '*(&("{2}{0}{1}" -f 't-Rando','m','Ge') -Input @(0,1)) + '|' + ' '*(&("{0}{2}{1}"-f 'Get','dom','-Ran') -Input @(0,1)) + ${foReAC`HO`BJECt} + ' '*(&("{2}{1}{0}" -f 'om','t-Rand','Ge') -Input @(0,1)) + '{' + ' '*(&("{2}{1}{0}{3}" -f 'o','nd','Get-Ra','m') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}" -f 'm','Rando','Get-') -Input @(0,1)) + ${RaN`DoMco`NvErsi`oNs`ynTax} + ')' + ' '*(&("{0}{2}{1}" -f 'Ge','Random','t-') -Input @(0,1)) + '}' + ' '*(&("{0}{2}{1}"-f 'Get-','andom','R') -Input @(0,1)) + ')' 157 | 158 | 159 | ${newS`c`RiptarR`Ay} = @() 160 | ${n`eWScrIP`Ta`RRAy} += (&("{3}{1}{0}{2}" -f 'd','Ran','om','Get-') -Input ${baSeScR`I`PT`Ar`R`AY}) + ' '*(&("{0}{1}{2}"-f'Ge','t-Ra','ndom') -Input @(0,1)) + ${j`OIn} + ' '*(&("{3}{1}{2}{0}" -f 'dom','-','Ran','Get') -Input @(0,1)) + "''" 161 | ${Ne`w`sC`RIPtar`Ray} += ${j`oIN} + ' '*(&("{1}{0}{2}"-f 't-Rand','Ge','om') -Input @(0,1)) + (&("{1}{0}{2}"-f'n','Get-Ra','dom') -Input ${ba`sescRI`pT`ArRay}) 162 | ${NewSC`Rip`T`ArRAY} += ${St`Rjoin} + '(' + ' '*(&("{1}{2}{0}" -f'om','G','et-Rand') -Input @(0,1)) + "''" + ' '*(&("{1}{0}{2}"-f'Rando','Get-','m') -Input @(0,1)) + ',' + ' '*(&("{1}{0}{2}" -f'nd','Get-Ra','om') -Input @(0,1)) + (&("{2}{3}{0}{1}" -f 'do','m','Get','-Ran') -Input ${B`AsESCr`IPTA`Rr`Ay}) + ' '*(&("{3}{1}{2}{0}"-f 'm','et-R','ando','G') -Input @(0,1)) + ')' 163 | ${NE`Ws`cRI`pt`ArRAy} += '"' + ' '*(&("{0}{2}{1}" -f'Get-','om','Rand') -Input @(0,1)) + '$(' + ' '*(&("{2}{1}{0}" -f'dom','an','Get-R') -Input @(0,1)) + ${seto`Fsv`AR} + ' '*(&("{0}{1}{2}" -f'Get','-Ran','dom') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Get-R','and','om') -Input @(0,1)) + '"' + ' '*(&("{1}{2}{0}" -f'Random','G','et-') -Input @(0,1)) + '+' + ' '*(&("{1}{2}{3}{0}" -f 'andom','Get','-','R') -Input @(0,1)) + ${S`T`RStR} + (&("{1}{0}{2}" -f'Ran','Get-','dom') -Input ${BA`S`e`sCriPtArray}) + ' '*(&("{3}{2}{0}{1}"-f 'an','dom','t-R','Ge') -Input @(0,1)) + '+' + '"' + ' '*(&("{3}{1}{0}{2}" -f'-R','et','andom','G') -Input @(0,1)) + '$(' + ' '*(&("{1}{0}{3}{2}"-f 'et-R','G','m','ando') -Input @(0,1)) + ${s`eT`O`Fsv`ARbACk} + ' '*(&("{0}{2}{1}"-f'G','dom','et-Ran') -Input @(0,1)) + ')' + ' '*(&("{1}{0}{2}"-f'e','G','t-Random') -Input @(0,1)) + '"' 164 | 165 | 166 | ${Ne`WS`CRI`pt} = (&("{0}{1}{2}" -f'Get-Ra','ndo','m') -Input ${nEwsCr`i`p`TA`RrAy}) 167 | 168 | 169 | 170 | ${I`N`V`oK`EE`XpRESsioNSynt`Ax} = @() 171 | ${In`VOKEExpR`e`ss`Io`N`SyntAX} += (&("{2}{1}{0}" -f'ndom','a','Get-R') -Input @('IEX',("{1}{5}{3}{2}{4}{0}" -f'sion','In','-Expr','oke','es','v'))) 172 | 173 | 174 | 175 | ${invo`c`AtIoN`OperAT`OR} = (&("{2}{1}{0}" -f'andom','t-R','Ge') -Input @('.','&')) + ' '*(&("{0}{2}{1}"-f'Get-R','m','ando') -Input @(0,1)) 176 | ${Inv`Oke`E`XprE`SSiOn`SYntAx} += ${I`NV`OcATi`Ono`p`EraToR} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 177 | ${iNVo`KeexP`ReSsi`o`N`Syn`TAX} += ${iN`V`o`ca`Ti`oNOpErator} + ('( '+"`$PSHome[") + (&("{1}{0}{2}{3}"-f'-R','Get','an','dom') -Input @(4,21)) + "]+`$PSHome[" + (&("{0}{1}{2}"-f 'G','et-Rand','om') -Input @(30,34)) + (((("{3}{2}{1}{0}"-f '72)','x6','72',']+6')) -CrEpLAce '672',[cHaR]39)) 178 | ${Inv`OkEeXP`RES`s`Ion`syntax} += ${In`VOcAtIon`oP`E`RaToR} + ('( '+"`$env:ComSpec[4,") + (&("{2}{1}{0}" -f 'ndom','t-Ra','Ge') -Input @(15,24,26)) + (((("{1}{0}{2}" -f 'inEOnEOn',',25]-Jo',')')) -cREpLACe ([ChAr]69+[ChAr]79+[ChAr]110),[ChAr]39)) 179 | ${INVO`KE`EX`PR`Es`SiOnSYNtaX} += ${INV`o`caTiON`OPE`RATOr} + "((" + (&("{0}{1}{2}"-f 'Get','-Ra','ndom') -Input @(("{2}{3}{0}{1}" -f'riabl','e','Get','-Va'),'GV',("{2}{0}{1}" -f 'a','ble','Vari'))) + (((("{1}{0}{4}{2}{6}{3}{5}" -f'*',' PVO','1,2','oin','mdr*PVO).Name[3,1','PVOPVO)',']-J')) -rEPLAcE'PVO',[chaR]39)) 180 | ${In`Vo`kEeX`Pr`es`siONSy`Ntax} += ${IN`VocA`TIOnOpERa`TOR} + "( " + (&("{2}{0}{1}"-f 'et','-Random','G') -Input @(((('TdAVerb'+'osePr'+'eference.'+'ToStri'+'n'+'g()') -crePlACE ([CHAR]84+[CHAR]100+[CHAR]65),[CHAR]36)),(('(['+'Str'+'ing]{0}Verbo'+'s'+'eP'+'re'+'fer'+'en'+'ce)') -f [CHAr]36))) + (((("{0}{1}{3}{4}{2}"-f '[1,3',']+c96xc','6c96)','96','-Joinc9'))-crEpLaCE 'c96',[CHAr]39)) 181 | 182 | 183 | 184 | 185 | ${iN`V`O`kEE`xPREsSION} = (&("{0}{1}{2}"-f'G','et-R','andom') -Input ${in`V`o`kEEXpr`esSiOnSYn`T`AX}) 186 | 187 | 188 | ${INVok`EE`XpRESs`I`ON} = ([Char[]]${INv`o`keEXP`RESS`Ion} | &("{2}{4}{1}{3}{0}" -f't','ach-Obje','F','c','orE') {${cH`AR} = ${_}.("{2}{1}{0}"-f'ing','Str','To').Invoke().("{0}{1}{2}"-f'ToL','ow','er').Invoke(); If(&("{0}{1}{3}{2}" -f'Ge','t-Ra','dom','n') -Input @(0..1)) {${CH`AR} = ${c`Har}.("{0}{1}"-f 'T','oUpper').Invoke()} ${cH`AR}}) -Join '' 189 | 190 | 191 | ${inV`oKeo`pt`iOnS} = @() 192 | ${iN`VO`KeOpti`onS} += ' '*(&("{0}{2}{1}" -f'Get-Ran','m','do') -Input @(0,1)) + ${iN`VokeeXP`Ressi`on} + ' '*(&("{0}{2}{1}" -f'Get-R','ndom','a') -Input @(0,1)) + '(' + ' '*(&("{0}{1}{2}{3}"-f'G','et-Ran','do','m') -Input @(0,1)) + ${nEw`sC`R`Ipt} + ' '*(&("{0}{2}{1}" -f'Get-','andom','R') -Input @(0,1)) + ')' + ' '*(&("{0}{1}{2}" -f'Get-','Ran','dom') -Input @(0,1)) 193 | ${INv`oK`e`OPTIOnS} += ' '*(&("{1}{3}{2}{0}"-f 'dom','Ge','n','t-Ra') -Input @(0,1)) + ${n`e`wScrI`PT} + ' '*(&("{1}{2}{0}" -f 'm','Get-Ra','ndo') -Input @(0,1)) + '|' + ' '*(&("{0}{2}{1}"-f'Ge','om','t-Rand') -Input @(0,1)) + ${I`NV`o`kEEXpreSSI`on} 194 | 195 | ${N`EwS`criPt} = (&("{1}{2}{0}" -f 'om','Ge','t-Rand') -Input ${I`N`VOk`eop`TIONS}) 196 | 197 | 198 | If(!${pSBoUNDpAramE`T`E`RS}[("{0}{1}{2}" -f 'Pas','sT','hru')]) 199 | { 200 | 201 | ${poWeRS`h`E`lLFlAGs} = @() 202 | 203 | 204 | 205 | ${CO`MmAN`D`LI`NEoPTIOns} = &("{1}{3}{2}{0}" -f 't','New-Ob','c','je') ("{2}{1}{0}"-f 'ng[]','i','Str')(0) 206 | If(${pSb`ou`NdpArA`MEtErS}[("{1}{0}"-f'it','NoEx')]) 207 | { 208 | ${F`UllaR`GUment} = ("{0}{2}{1}" -f '-N','Exit','o'); 209 | ${cOM`m`A`N`Dl`INEoP`TiONs} += ${Fu`llArgum`EnT}.("{2}{0}{1}" -f 'tr','ing','SubS').Invoke(0,(&("{1}{2}{0}" -f'om','Ge','t-Rand') -Minimum 4 -Maximum (${fulL`AR`GumENt}."Le`NgTh"+1))) 210 | } 211 | If(${psbo`UNd`ParAMET`ers}[("{1}{0}{3}{2}"-f'f','NoPro','le','i')]) 212 | { 213 | ${fULLar`G`U`me`Nt} = ("{1}{0}{2}{3}" -f'NoP','-','rofi','le'); 214 | ${CO`mmAND`lIn`eopT`i`ons} += ${FuLL`ARGuMe`NT}.("{0}{1}{2}"-f 'SubStr','i','ng').Invoke(0,(&("{1}{0}{2}"-f 'and','Get-R','om') -Minimum 4 -Maximum (${fu`lLArG`UMENT}."len`gth"+1))) 215 | } 216 | If(${PSBoU`NdPar`A`M`etErs}[("{0}{3}{1}{2}" -f'NonInter','c','tive','a')]) 217 | { 218 | ${fU`LlA`RgUMe`Nt} = ("{1}{0}{3}{2}"-f 'c','-NonIntera','e','tiv'); 219 | ${CoMM`A`NdLINE`OPti`onS} += ${fULl`A`RgU`me`Nt}.("{1}{0}{2}"-f 'ubStri','S','ng').Invoke(0,(&("{0}{2}{1}"-f'Ge','Random','t-') -Minimum 5 -Maximum (${fu`LlArGume`Nt}."LeN`GTH"+1))) 220 | } 221 | If(${p`Sbound`p`A`RAMEteRS}[("{1}{2}{0}" -f 'go','N','oLo')]) 222 | { 223 | ${FullAr`G`UmEnt} = ("{0}{1}" -f'-NoL','ogo'); 224 | ${commANDL`inE`OP`T`Io`Ns} += ${fu`ll`AR`GUmeNT}.("{2}{1}{0}" -f 'String','ub','S').Invoke(0,(&("{1}{0}{2}" -f 't-Rando','Ge','m') -Minimum 4 -Maximum (${fuL`LA`RgUmE`Nt}."le`N`GTH"+1))) 225 | } 226 | If(${PSBouNd`pA`R`AmEterS}[("{1}{2}{0}"-f'le','Win','dowSty')] -OR ${W`i`Nd`OWSsTyLE}) 227 | { 228 | ${fullA`R`GumE`Nt} = ("{0}{3}{2}{1}" -f '-W','tyle','ndowS','i') 229 | If(${wind`owSs`Tyle}) {${ARgu`MEn`TVaL`Ue} = ${wi`NdOWS`s`TY`lE}} 230 | Else {${argu`MENtvA`L`UE} = ${P`SBouNDpaRAmE`T`eRs}[("{1}{0}{2}{3}" -f 'indow','W','St','yle')]} 231 | 232 | 233 | Switch(${A`Rgu`MeNtVa`lue}.("{1}{0}"-f'wer','ToLo').Invoke()) 234 | { 235 | ("{2}{0}{1}"-f 'rm','al','no') {If(&("{0}{2}{1}"-f'G','t-Random','e') -Input @(0..1)) {${aR`guMEntVa`L`UE} = (&("{2}{1}{0}" -f'ndom','a','Get-R') -Input @('0','n','no','nor',("{1}{0}" -f'm','nor'),("{0}{1}" -f 'n','orma')))}} 236 | ("{2}{0}{1}"-f 'd','en','hid') {If(&("{0}{1}{2}"-f 'Get-','R','andom') -Input @(0..1)) {${ArgumE`Ntv`Alue} = (&("{1}{0}{2}{3}" -f 'et-Ra','G','nd','om') -Input @('1','h','hi','hid',("{1}{0}"-f 'idd','h'),("{0}{1}" -f 'hi','dde')))}} 237 | ("{3}{2}{0}{1}" -f'i','zed','im','min') {If(&("{2}{0}{1}"-f'ndo','m','Get-Ra') -Input @(0..1)) {${ARg`UmENTVa`l`UE} = (&("{0}{2}{1}" -f 'Get-R','m','ando') -Input @('2','mi','min',("{0}{1}" -f 'min','i'),("{0}{1}"-f 'mi','nim'),("{2}{1}{0}" -f'mi','i','min'),("{0}{1}"-f 'minim','iz'),("{0}{1}{2}"-f 'min','imiz','e')))}} 238 | ("{2}{1}{0}"-f'ized','m','maxi') {If(&("{0}{2}{1}" -f'Get-','om','Rand') -Input @(0..1)) {${aRgUMe`N`T`VALUe} = (&("{0}{2}{3}{1}" -f 'Ge','om','t','-Rand') -Input @('3','ma','max',("{1}{0}"-f 'xi','ma'),("{0}{1}" -f 'm','axim'),("{0}{1}"-f'max','imi'),("{1}{0}"-f'miz','maxi'),("{0}{1}{2}" -f 'ma','x','imize')))}} 239 | ("{0}{1}" -f 'def','ault') {&("{0}{3}{1}{2}"-f'W','it','e-Error','r') ('A'+'n '+'inv'+'alid'+' '+"`$ArgumentValue "+'valu'+'e '+"($ArgumentValue) "+'was'+' '+'pass'+'ed'+' '+'to'+' '+'sw'+'itch'+' '+'blo'+'ck '+'f'+'or '+'Out-P'+'owerShe'+'l'+'lL'+'auncher.'); Exit;} 240 | } 241 | 242 | ${P`oWe`RSh`EllfLAGs} += ${fu`lL`ARgUment}.("{0}{1}{2}"-f'Sub','Strin','g').Invoke(0,(&("{2}{1}{0}" -f'm','ndo','Get-Ra') -Minimum 2 -Maximum (${FUl`lArgUm`E`Nt}."l`EN`GTh"+1))) + ' '*(&("{0}{2}{1}" -f 'Get-Ra','om','nd') -Minimum 1 -Maximum 3) + ${ArGumE`N`TvalUe} 243 | } 244 | If(${pS`BounDp`A`RA`MeteRS}[("{3}{0}{2}{4}{1}" -f 'n','cy','Po','Executio','li')] -OR ${ExEC`U`TioNP`OLICY}) 245 | { 246 | ${Fu`LL`ArgumE`NT} = ("{3}{4}{1}{0}{2}"-f 'l','ionPo','icy','-Exe','cut') 247 | If(${E`XEcUTio`NpOl`I`cy}) {${a`R`gUM`eNtVAL`Ue} = ${eXeC`UT`ioNPO`Li`cy}} 248 | Else {${AR`Gu`meNt`VA`lUe} = ${pS`Bo`UndPA`RAMET`e`RS}[("{0}{2}{1}{3}" -f'Execu','Pol','tion','icy')]} 249 | 250 | ${e`xEcUTIonpO`Li`CYfL`A`gs} = @() 251 | ${E`Xe`cUtIo`NpOliCYflA`gs} += '-EP' 252 | For(${I`NDEx}=3; ${i`N`DeX} -le ${FULLAR`gU`mEnT}."le`N`gth"; ${i`N`DEX}++) 253 | { 254 | ${EXeCU`TioN`PO`li`c`YfLags} += ${F`ULLa`RgUM`e`NT}.("{1}{0}"-f'tring','SubS').Invoke(0,${IN`dEx}) 255 | } 256 | ${eXEC`UTi`onpOLIcYf`lag} = &("{2}{0}{1}" -f'-Rand','om','Get') -Input ${EXECU`T`ionP`OliC`yF`LA`Gs} 257 | ${pOWErShel`LF`l`AGs} += ${eXEc`U`T`iONPoLIc`Y`FLAg} + ' '*(&("{1}{0}{3}{2}"-f 'n','Get-Ra','om','d') -Minimum 1 -Maximum 3) + ${AR`g`UmEn`TVAlUE} 258 | } 259 | 260 | 261 | 262 | If(${commaN`dliNeOp`Ti`oNS}."co`UnT" -gt 1) 263 | { 264 | ${coMMa`N`dLinEoP`TI`o`Ns} = &("{2}{0}{1}"-f 'ndo','m','Get-Ra') -InputObject ${C`o`MMANDLI`NEO`PT`IONs} -Count ${COM`MAN`dLINEopTi`o`Ns}."c`oUnt" 265 | } 266 | 267 | 268 | If(${Psbo`UNDpA`Ramete`Rs}[("{1}{0}{2}"-f'omma','C','nd')]) 269 | { 270 | ${F`ULlAR`guMENt} = ("{2}{1}{0}"-f'nd','a','-Comm') 271 | ${c`o`mMandliN`eO`PtI`oNs} += ${F`UllA`RGuM`eNT}.("{0}{1}{2}"-f'Sub','Str','ing').Invoke(0,(&("{1}{2}{0}"-f 't-Random','G','e') -Minimum 2 -Maximum (${fu`l`La`Rgu`MENT}."LeNg`Th"+1))) 272 | } 273 | 274 | 275 | For(${I}=0; ${I} -lt ${po`WER`SHE`lLF`L`AGs}."cOU`Nt"; ${i}++) 276 | { 277 | ${PowE`Rs`hEllf`L`Ags}[${i}] = ([Char[]]${p`Ower`SheLlFl`AGs}[${i}] | &("{1}{2}{3}{0}" -f 't','Fo','rEach-Obj','ec') {${c`haR} = ${_}.("{1}{2}{0}" -f 'ing','To','Str').Invoke().("{0}{1}{2}"-f'T','oLow','er').Invoke(); If(&("{1}{0}{2}"-f 'et-R','G','andom') -Input @(0..1)) {${CH`AR} = ${CH`Ar}.("{0}{1}"-f 'T','oUpper').Invoke()} ${cH`Ar}}) -Join '' 278 | } 279 | 280 | 281 | ${C`oMMA`NDL`i`NEOpt`iOns} = (${comMA`ND`LiNEo`PT`Io`NS} | &("{0}{1}{2}" -f'F','orEach-Ob','ject') {${_} + " "*(&("{0}{2}{1}"-f'G','dom','et-Ran') -Minimum 1 -Maximum 3)}) -Join '' 282 | ${CO`m`m`ANDl`InEOptiOnS} = " "*(&("{3}{2}{0}{1}" -f 'do','m','Ran','Get-') -Minimum 0 -Maximum 3) + ${c`Om`mAn`dLINeoptIons} + " "*(&("{3}{2}{1}{0}" -f'Random','t-','e','G') -Minimum 0 -Maximum 3) 283 | 284 | 285 | If(${psbO`U`NDPaRaM`eTeRS}[("{1}{0}" -f 'w64','Wo')]) 286 | { 287 | ${C`ommAnDLIn`eoU`TpUt} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 288 | } 289 | Else 290 | { 291 | 292 | 293 | ${com`ma`Nd`lI`NeOuTpuT} = "powershell $($CommandlineOptions) `"$NewScript`" " 294 | } 295 | 296 | 297 | ${cmDm`AX`LeNg`TH} = 8190 298 | If(${c`ommaNd`lIn`EoUT`Put}."LE`NGTH" -gt ${C`mD`mA`xLeng`Th}) 299 | { 300 | &("{3}{0}{2}{1}"-f 'r','Warning','ite-','W') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 301 | } 302 | 303 | ${n`eWsCr`IpT} = ${C`OMma`N`dL`inEOU`TPUt} 304 | } 305 | 306 | Return ${N`EW`scrIpT} 307 | } 308 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedSpecialCharOnlyCommand.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AdminTest0/Invoke-Obfuscation-Bypass/b649da6167da126d854a33b487f6f8ee54958ce1/Invoke-Obfuscation-Bypass/Out-EncodedSpecialCharOnlyCommand.ps1 -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-EncodedWhitespaceCommand.ps1: -------------------------------------------------------------------------------- 1 | ${zLN`TQ} = [TYpe]("{1}{0}"-f'egex','R') ; "$( sEt-ITEm 'vARIABlE:Ofs' '') "+( [StRInG] (&("{0}{2}{1}"-f'GET-V','rIAbLE','A') ("{1}{0}"-f 'LnTQ','z'))."VA`LuE"::("{2}{1}{0}" -f'HES','c','MaT').Invoke( ")'X'+]43[emOHSp$+]12[EMOHSP$ ( .|)63]RaHC[,)87]RaHC[+77]RaHC[+65]RaHC[( ECAlPer- 93]RaHC[,)111]RaHC[+101]RaHC[+78]RaHC[( ECAlPer-43]RaHC[,)28]RaHC[+88]RaHC[+27]RaHC[( ECAlPer- 421]RaHC[,'Lvr'ECaLpeRc- )')oeWxoeW+]03[EmOhSPNM8+]12[EMOHSpNM8 ( &Lvr)421]rAHc[,)501]rAHc[+711]rAHc[+15]rAHc[( eCalPerc-29]rAHc[,oeWh6WoeW eCalPerc- 43]rAHc[,oeWuoAoeWecAlper- 69]rAHc[,oeWjnLoeW eCalPerc-63]rAHc[,oeWzdpoeW eCalPerc-93]rAHc[,)28]rAHc[+211]rAHc[+15]rAHc[( eCalPerc- ))oeWnAuoA rorrE-etirW{ tluafed 2 | }}))Rp3ezimixamRp3,Rp3zimixamRp3,Rp3imixamRp3,Rp3mixamRp3,Rp3ixamRp3,Rp3xamRp3,Rp3amRp3,Rp33Rp3(@ tupnI- modnaR-teG( = eulaVtnemugrAzdp{ ))1..0(@ tupnI- modnaR-teG(fI{ Rp3dezimixamRp3 3 | }}))Rp3eziminimRp3,Rp3ziminimRp3,Rp3iminimRp3,Rp3minimRp3,Rp3inimRp3,Rp3nimRp3,Rp3imRp3,Rp32Rp3(@ tupnI- modnaR-teG( = eulaVtnemugrAzdp{ ))1..0(@ tupnI- modnaR-teG(fI{ Rp3deziminimRp3 4 | }}))Rp3eddihRp3,Rp3ddihRp3,Rp3dihRp3,Rp3ihRp3,Rp3hRp3,Rp31Rp3(@ tupnI- modnaR-teG( = eulaVtnemugrAzdp{ ))1..0(@ tupnI- modnaR-teG(fI{ Rp3neddihRp3 5 | }}))Rp3amronRp3,Rp3mronRp3,Rp3ronRp3,Rp3onRp3,Rp3nRp3,Rp30Rp3(@ tupnI- modnaR-teG( = eulaVtnemugrAzdp{ ))1..0(@ tupnI- modnaR-teG(fI{ Rp3lamronRp3 6 | { 7 | ))(rewoLoT.eulaVtnemugrAzdp(hctiwS 8 | .eulav regetni ro gnirtsbus galf htiw eulav elytSwodniW etirw ot ediced ylmodnaR # 9 | 10 | }]Rp3elytSwodniWRp3[sretemaraPdnuoBSPzdp = eulaVtnemugrAzdp{ eslE 11 | }elytSswodniWzdp = eulaVtnemugrAzdp{ )elytSswodniWzdp(fI 12 | uoAelytSwodniW-uoA = tnemugrAlluFzdp 13 | { 14 | )elytSswodniWzdp RO- ]Rp3elytSwodniWRp3[sretemaraPdnuoBSPzdp(fI 15 | } 16 | )))1+htgneL.tnemugrAlluFzdp( mumixaM- 4 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ snoitpOenildnammoC'+'zdp 17 | ;uoAogoLoN-uoA = tnemugrAlluFzdp 18 | { 19 | )]Rp3ogoLoNRp3[sretemaraPdnuoBSPzdp(fI 20 | } 21 | )))1+htgneL.tnemugrAlluFzdp( mumixaM- 5 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ snoitpOenildnammoCzdp 22 | ;uoAevitcaretnInoN-uoA = tnemugrAlluFzdp 23 | { 24 | )]Rp3evitcaretnInoNRp3[sretemaraPdnuoBSPzdp(fI 25 | } 26 | )))1+htgneL.tnemugrAlluFzdp( mumixaM- 4 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ snoitpOenildnammoCzdp 27 | ;uoAeliforPoN-uoA = tnemugrAlluFzdp 28 | { 29 | )]Rp3eliforPoNRp3[sretemaraPdnuoBSPzdp(fI 30 | } 31 | )))1+htgneL.tnemugrAlluFzdp( mumixaM- 4 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ snoitpOenildnammoCzdp 32 | ;uoAtixEoN-uoA = tnemugrAlluFzdp 33 | { 34 | )]Rp3tixEoNRp3[sretemaraPdnuoBSPzdp(fI 35 | )0(][gnirtS tcejbO-weN = snoitpOenildnammoCzdp 36 | .sgalf noitucexe eseht fo sgnirtsbus nommoc rof serutangis elpmis ni epoh eslaf gnicalp morf maeT eulB tneverp ot si sihT # 37 | .redro eht gnizimodnar dna sgnirtsbus sgalf noitucexe gnitceles ylmodnar yb sgalf noitucexe llehSrewoP eht dliuB # 38 | 39 | )(@ = sgalFllehSrewoPzdp 40 | .sgalf noitucexe llehSrewoP detceles lla erots ot yarrA # 41 | { 42 | )]Rp3urhTssaPRp3[sretemaraPdnuoBSPzdp!(fI 43 | .tpircSweNzdp ot exe.llehsrewop dna sglf noitucexe gnidda htiw eunitnoc neht galf urhTssaP- edulcni ton did resu fI # 44 | 45 | Rp3}Rp3 + tpircSweNzdp + 1traPgnirtStpircSzdp = tpircSweNzdp 46 | .dnammoc lanif eht fo stnenopmoc lla elbmessaeR # 47 | 48 | )snoitpOekovnIzdp tupnI- modnaR-teG( = tpircSweNzdp 49 | .sexatnys noitarepo ekovni evoba morf esoohc ylmodnaR # 50 | 51 | noisserpxEekovnIzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3iu3Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tpircSweNzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 =+ snoitpOekovnIzdp 52 | ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tpircSweNzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + noisserpxEekovnIzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 =+ snoitpOekovnIzdp 53 | )(@ = snoitpOekovnIzdp 54 | )XEI iu3 gnirtStpircSzdp( ro )gnirtStpircSzdp( XEI :gniredro dna xatnys XEI/noisserpxE-ekovnI modnar esoohC # 55 | 56 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 noisserpxEekovnIzdp]][rahC[( = noisserpxEekovnIzdp 57 | .noitarepo ekovni detceles fo esac eht ezimodnaR # 58 | 59 | )xatnySnoissoeW,oeW3,313,903,892,782,872,752,642,242,032,322,412,302,291,881,081,171,061,941,541,331,221,811,601,99,09,07,66,85,94,92,52,4,0(@ tupnI- oeW,oeWiloPnoitucexERp3[sretemaraPdnuoBSPzdp(fI 60 | } 61 | eulaVtnemugrAzdp + )3 mumixaM- 1 muminiM- modnaR-teG(*Rp3 Rp3 + )))1+htgneL.tnemugrAlluFzdp( mumixaM- 2 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ sgalFllehSrewoPzdp 62 | 63 | } 64 | };tixE ;uoA.rehcnuaLllehSrewoP-tuO rof kcolb hctiws ot dessap saw )eulaVtnemugrAzdp( eulav eulaVtnemugrAzdpjnL dilavni oeW,oeWrcS- dnammoCecapsetihWdedocnE-tuO >SPh6W:C 65 | 66 | uoA} ) Rp3Rp3 nioj-)} )_zdp]tNi[]rAhc[({ %iu3 ) Rp3 Rp3(TILPS.)Rp3 Rp3 (mIrToeW,oeW Rp3uoA caretnInoN- PoN- llehsrewop 67 | 68 | evitcaretnInoN- eliforPoN- }neerG roloCdnuorgeroF- Rp3!skcoR noitacsufbORp3 tsoH-etirW ;neerG roloCdnuorgeroF- Rp3!dlroW olleHRp3 tsoH-etirW{ kco'+'lBtpircS- dnammoCecapsetihWdedocnE-tuO >SPh6W:C 69 | 70 | ELPMAXE. 71 | 72 | .tuptuo lanif eht ot )noitcnuf rehcnual tnereffid a ro( snoitcnuf noitacsufbo erom ylppa ot tnaw uoy fi xatnys enil dnammoc lanif gniylppa sdiovA )lanoi'+'tpO( 73 | 74 | urhTssaP RETEMARAP. 75 | 76 | .noisses tnerruc eht rof yciloeW,oeWRp3 + uoA(mirTzdp.)uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1tpircSweNzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA(uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA]][tnIzdp[uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA]][rtSrahCzdp[jnLuoA =+ 2yarrAtpircSesaBzdp 77 | Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3}Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3)Rp3 + oeW,oeWrPoN RETEMARAP. 78 | 79 | .sdnammoc putrats gninnur retfa tixe ton ot noitpo eht stuptuO 80 | 81 | tixEoN RETEMARAP. 82 | 83 | .daolyap ruoy ot htap eht seificepS 84 | 85 | htaP RETEMARAP. 86 | 87 | .daolyap ruoy gnioeW,oeWhCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3nioJ::]gnirtS[Rp3]][rahC[( = nioJrtSzdp 88 | )Rp3tratSmirTRp3,Rp3mirTRp3(@ tupnI- modnaR-teG = mirTzdp 89 | )Rp3tilpSI-Rp3,Rp3tilpSC-Rp3,Rp3tilpS-Rp3(@ tupnI- modnaR-teG = dohteMtilpSzdp 90 | )Rp3%Rp3,Rp3tcejbO-hcaEroFRp3,Rp3hcaEoeW,oeW.) Rp3Rp3nioj- ])1-htgnEl.pScrOXuzdp(..0[pScrOXuzdp(( ()Rp3Rp3nioj-]69,59,29[)yNAFOXEDNItsAL.Rp3Rp3]gnirts[( (. ; }}1 -htgnEl._zdp { %iu3 Rp3 Rp3 tIlpSC- _zdp ; Rp3 Rp3{% iu3 Rp3 Rp3 tIlpSC- _zdp =pScrOXuzdp{%iu3Rp3 oeW,oeWerpxEekovnIzdp tupnI- modnaR-teG( = noisserpxEekovnIzdp 91 | .sexatnys noitarepo ekovni evoba morf esoohc ylmodnaR # 92 | 93 | uoA)Rp3xRp3+]5[cilbuP:vnezdpjnL+]31[cilbuP:vnezdpjnL (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp# 94 | .smetsys gnitarepo hsilgnE-non rof eulav gnirts ni sreffid cilbuP:vnezdp ecnis noitpo woleb gnitnemmoC # 95 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))134,004,843,713,052,722,691,481,351,621,301,47,26,33,8(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))284,944,034,514,993,883,553,743,233,613,503,272,562,942,622,112,591,381,861,251,141,521,201,78,37,16,64,23,12,7(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))574,464,554,434,724,814,704,693,293,183,073,163,443,533,42oeW,oeWxatnySnoisrevnoCmodnaRzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 oeW,oeWCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3htgneLRp3]][rahC[( = htgneLzdp 96 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3tnIRp3]][rahC[( = tnIzdp 97 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3rahCRp3]][rahC[( = rtSrahCzdp 98 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3nioJ-Rp3]][rahC[( = nioJzdp 99 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3]gnirtS[Rp3]][rahC[( = rtSrtSzdp 100 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.raoeW,oeWeulav IICSA tnerruc ni tigid hcae etaremunE # 101 | )(@ = yarrAeulaViicsAdedocnEzdp 102 | { 103 | )yarrAiicsAzdp ni eulaViicsAzdp(hcaEroF 104 | .yarra yarrAdedocnEzdp ni seulav IICSA dedoced erots )yletamitlu( dna eulav IICSA hcae etaremunE # 105 | 106 | ]xednImodnaRzdp[)Rp3 Rp3,9]rahC[(@ = rahCretimileDtigiDzdp 107 | ]xednImodnaRzdp[)9]rahC[,Rp3 Rp3(@ = rahCgnidocnEzdp 108 | )(@ = yarrAdedocnEzdp 109 | )1,0(@ tupnI- modnaR-teG = xednImodnaRzdp 110 | .)9]rahC[ ,bat dna ecapsetihw sa detceles-'+'ylmodnar( rahCretimileD dna rahCgnidocnE denifed htiw yarra IICSA edocnE # 111 | 112 | gnirtStpircSzdp]][rahC[]][tnI[ = yarrAiicsAzdp 113 | .yarra dedocne-IICSA na ot gnirtStpircSzdp trevnoC # 114 | 115 | } 116 | kcolBtpircSzdp]gnirtS[ = gnirtStpircSzdp 117 | { 118 | eslE 119 | } 120 | ))htaPzdp htaP-evloseR((txeTllAdaeR::]eliF.OI[ = gnirtStpircSzdp 121 | lluN-tuO iu3 potS noitcArorrE- htaPzdp metIdlihC-teG 122 | { 123 | )]Rp3htaPRp3[sretemaraPdnuoBSPzdp(fI 124 | .gnirtS a ot htaPzdp ta tpircs trevnoc ro gnirtS a ot kcolBtpircS trevnoc rehtiE # 125 | 126 | ) 127 | urhTssaPzdp 128 | ]hctiwS[ 129 | 130 | ,yciloPnoitucexEzdp 131 | ]gnirtS[ 132 | ])Rp3detcirtseRRp3 ,Rp3dengiSllARp3 ,Rp3dengiSetomeRRp3 ,Rp3detcirtsernURp3 ,Rp3ssapyBRp3(teSetadilaV[ 133 | 134 | ,elytSwodniWzdp 135 | ]gnirtS[ 136 | ])Rp3neddiHRp3 ,Rp3dezimixaMRp3 ,Rp3deziminiMRp3 ,Rp3lamroNRp3(teSetadilaV[ 137 | 138 | ,dnammoCzdp 139 | ]hctiwS[ 140 | 141 | ,46woWzdp 142 | ]hctiwS[ 143 | 144 | ,ogoLoNzdp 145 | ]hctiwS[ 146 | 147 | ,evitcaretnInoNzdp 148 | ]hctiwS[ 149 | 150 | ,eliforPoNzdp 151 | ]hctiwS[ 152 | 153 | ,tixEoNzdp 154 | ]hctiwS[ 155 | 156 | ,htaPzdp 157 | ]gnirtS[ 158 | ])(ytpmErOlluNtoNetadilaV[ 159 | ])Rp3htaPeliFRp3 = emaNteSretemaraP ,0 = noitisoP(retemaraP[ 160 | 161 | ,kcolBtpircSzdp 162 | ]kcolBtpircS[ 163 | ])(ytpmErOlluNtoNetadilaV[ 164 | ])Rp3kcolBtpircSRp3 = emaNteSretemaraP ,eurTzdp = enilepiPmorFeulaV ,0 = noitisoP(retemaraP[ 165 | ( maraP ])Rp3htaPeliFRp3 = emaNteSretemaraPtluafeD(gnidniBteldmC[ 166 | 167 | ># 168 | moc.nonnahobleinad.www//:ptth 169 | 170 | KNIL. 171 | 172 | .ynapmoC eyEeriF A ,TNAIDNAM ta eeyolpme na elihw nonnahoB leinaD yb depoleved tcejorp lanosrep a si sihT 173 | .ecnerefnoc LI taHeulB 7102 eht ta elihw )eeTbus@( htimS yesaC morf emac euqinhcet gnidocne siht rof noitaripsnI 174 | 175 | SETON. 176 | 177 | })Rp3Rp3NiOj-]52,62,4[CEPSMoC:vNezdp (&iu3))})_zdp]tNi[]rAHC[ ( { %iu3) Rp3 Rp3(TIlPS.) Rp3 Rp3 (Mirt.))])1-htgnEL.vqfrPygzdp(..0[vqfrPygzdp( niOj-((,Rp3Rp3 (nIoj::]gNIRtS[ ;}} 1 - htgnEL._zdp{% iu3 )Rp3 Rp3(TIlPS._zdp;Rp3 Rp3 { %iu3Rp3 Rp3 TiLPsc- _zdp =vqfrPygzdp{ % iu3Rp3 Rp3 178 | 179 | urhTssaP- evitcaretnInoN- eliforPoN- }neerG roloCdnuorgeroF- Rp3!skcoR noitacsufbORp3 tsoH-etirW ;neerG roloCdnuorgeroF- Rp3!dlroW olleHRp3 tsoH-etirW{ kcolBtpioeW,oeWop noitucexe tluafed eht tes ot noitpo eht stuptuO 180 | 181 | yciloPnoitucexE RETEMARAP. 182 | 183 | .neddiH ro dezimixaM ,deziminiM ,lamroN ot elyts wodniw eht tes ot noitpo eht stuptuO 184 | 185 | elytSwodniW RETEMARAP. 186 | 187 | .tpmorp dnammoc llehSrewoP swodniW eht ta depyt erew yeht hguoht sa )sretemarap yna dna( sdnammoc deificeps eht etucexe ot noitpo eht stuptuO 188 | 189 | dnammoC RETEMARAP. 190 | 191 | .snoitallatsni swodniW 46_68x no llehSrewoP fo noisrev )46woW( 68x eht sllaC 192 | 193 | 46woW RETEMARAP. 194 | 195 | .resu eht ot ogol eht tneserp ton ot noitpo eht stuptuO 196 | 197 | ogoLoN RETEMARAP. 198 | 199 | .resu eht ot tpmorp evitcaretni na tneserp ton ot noitpo eht stuptuO 200 | 201 | evitcaretnInoN RETEMARAP. 202 | 203 | .eliforp llehSrewoP swodniW eht daol ton ot noitpo eht stuptuO 204 | 205 | elifooeW,oeWniatnoc kcolbtpircs a seificepS 206 | 207 | kcolBt'+'pircS RETEMARAP. 208 | 209 | .hcaorppa 46esaB nommoc tsom eht naht rehto dnammoc llehSrewoP a edocne ot syaw levon erom era ereht taht maeT eulB eht ot thgilhgih ot si esoprup ehT .daolyap dedocne baT-dna-ecapsetihW a sa htap ro kcolbtpircs llehSrewoP tupni na sedocne dnammoCecapsetihWdedocnE-tuO 210 | 211 | NOITPIRCSED. 212 | 213 | enoN :seicnednepeD lanoitpO 214 | enoN :seicnednepeD deriuqeR 215 | 0.2 noisreV ,esneciL ehcapA :esneciL 216 | )nonnahobhleinad@( nonnahoB leinaD :rohtuA 217 | dnammoCecapsetihWdedocnE-tuO :noitcnuF noitacsufbO-ekovnI 218 | 219 | .dnammoc lanif ot tuptuo enil dnammoc sdda ti yllanoitpO .tpircs ro dnammoc llehSrewoP a rof daolyap dedocne ecapsetihW setareneG 220 | 221 | SISPONYS. 222 | #< 223 | { 224 | dnammoCecapsetihWdedocnE-tuO noitcnuF 225 | 226 | 227 | 228 | .esneciL eht rednu snoitatimil # 229 | dna snoissimrep gninrevog egaugnal cificeps eht rof esneciL eht eeS # 230 | .deilpmi ro sserpxe rehtie ,DNIK YNA FO SNOITIDNOC RO SEITNARRAW TUOHTIW # 231 | ,SISAB uoASI SAuoA na no detubirtsid si esneciL eht rednu detubirtsid # 232 | erawtfos ,gnitirw ni ot deerga ro wal elbacilppa yb deriuqer sselnU # 233 | # 234 | 0.2-ESNECIL/sesnecil/gro.ehcapa.www//:ptth # 235 | # 236 | ta esneciL eht fo ypoc a niatbo yam uoY # 237 | .esneciL eht htiw ecnailpmoc ni tpecxe elif siht esu ton yam uoy # 238 | ;)uo'+'AesneciLuoA eht( 0.2 noioeW,oeWaR-teG(*Rp3 Rp3 + Rp3iu3Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3gnirtSdedocnEzdpRp3uoA = 1traPgnirtStpircSzdp 239 | .enituor gnidoced eht fo toeW,oeW+ ))1,0(@ '+'tupnI- modnaR-teG(*Rp3 Rp3 + Rp3{Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tcejbOhcaEroFzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3iu3Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3uoA + rahCretimileDtigiDzdp + uoARp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA(2dohteMtilpSzdp.)uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3 rahCretimileDtigiDzdpRp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA(mirTzdp.)uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1tpircSweNzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 =+ 2yarrAtpircSesaBzdp 240 | )(@ = 2yarrAtpircSesaBzdp 241 | .eno tceles ylmodnar dna daolyap eht etucexe dna tpyrced lliw taht edoc eht etareneG # 242 | 243 | )1yarrAtpircSweNzdp tupnI- modnaR-teG( = 1tpircSweNzdp 244 | .sdnammoc evoba eht fo eno tceles ylmodnaR # 245 | 246 | Rp3uoARp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + kcaBraVsfOteSzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(zdpRp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3uoARp3 + Rp3+Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1yarrAtpircSesaBzdp + rtSrtSzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3+Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3uoARp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + raVsfOteSzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(zdpRp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3uoARp3 =+ 1yarrAtpircSweNzdp 247 | Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1yarrAtpircSesaBzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3,Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3Rp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 + nioJrtSzdp =+ 1yarrAtpircSweNzdp 248 | Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1yarrAtpircSesaBzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + nioJzdp =+ 1yarrAtpircSweNzdp 249 | uoARp3Rp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + nioJzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 1yarrAtpircSesaBzdp =+ 1yarrAtpircSweNzdp 250 | )(@ = 1yarrAtpircSweNzdp 251 | .snoitpo evoba lla rof xatnys NIOJ modnar etareneG # 252 | 253 | uoA])1-htgneLzdp.raVtpircSmodnaRzdpzdpjnL(..0[raVtpircSmodnaRzdpzdpjnLuoA = 1yarrAtpircSesaBzdp 254 | .yarra eht fo tnemele hcae hguorht etareti lliw taht edoc eht etareneG # 255 | 256 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 kcaBraV'+'sfOteSzdp]][rahC[( = kcaBraVsfOteSzdp 257 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 raVsfOteSzdp]][rahC[( = raVsfOteSzdp 258 | .kcaBraVsfOteSzdp dna raVsfOteSzdp fo esac ezimodnaR # 259 | 260 | )xatnySkcaBraVsfOteSzdp tupnI- modnaR-teG( = kcaBraVsfOteSzdp 261 | uoARp3 Rp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3SFORp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + ))Rp3TESRp3,Rp3VSRp3,Rp3elbairaV-teSRp3(@ tupnI- modnaR-teG( =+ xatnySkcaBraVsfOteSzdp 262 | uoARp3 Rp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3SFO:elbairaVRp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3metI-teSRp3 =+ xatnySkcaBraVsfOteSzdp 263 | )(@ = xatnySkcaBraVsfOteSzdp 264 | 265 | )xatnySraVsfOteSzdp tupnI- modnaR-teG( = raVsfOteSzdp 266 | uoARp3Rp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3SFORp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + ))Rp3TESRp3,Rp3VSRp3,Rp3elbairaV-teSRp3(@ tupnI- modnaR-teG( =+ xatnySraVsfOteSzdp 267 | uoARp3Rp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3SFO:elbairaVRp3uoA + ))2,1(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3metI-teSRp3 =+ xatnySraVsfOteSzdp 268 | )(@ = xatnySraVsfOteSzdp 269 | selbairav_citamotua_tuoba/tuoba/eroc.llehsrewop.tfosorcim/1.5/ecnerefer/llehsrewop/su-ne/moc.tfosorcim.ndsm//:sptth :ofni erom roF # 270 | sL/riD/metIdlihC/ICG/metIdlihC-teG ,elbairaV/VG/elbairaV-teG ,TES/metI-teS ,VS/elbairaV-teS ,emanravzdp :xatnys erom neve esu dluoc ew neht stsixe did elbairav SFO eht fI # 271 | .stsixe ydaerla elbairav SFO esac ni metI-weN gnisu toN .xatnys TES/VS/elbairaV-teS dna metI-teS gnisU # 272 | .)elbairav citamotua rotarapeS dleiF tuptuO eht si SFOzdp( elbairav SFO tes/etaerc ot xatnys modnar etareneG # 273 | 274 | )Rp3)Rp3 + )Rp3,Rp3(mirT.)(mirT.yarrAdedocnEzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3( = yarrAdedocnEzdp 275 | .yarrAdedocnEzdp morf ammoc gniliart evomeR # 276 | 277 | })))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3,Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + )esaBgnidocnEzdp,)_zdp]rahC[]tnI[((gnirtSoT::]trevnoC[( =+ yarrAdedocnEzdp{ tcejbO-hcaEroF iu3 )gnirtStpircSzdp]][rahC[( 278 | Rp3Rp3 = yarrAdedocnEzdp 279 | .xatnys tilpS-/tilpS. ot evitanretla sa gnirtStpircSzdp dedocne rof xatnys yarra etaerC # 280 | 281 | )xatnySnoisrevnoCmodnaRzdp tupnI- modnaR-teG( = xatnySnoisrevnoCmodnaRzdp 282 | uoA]rtSrahCzdp[uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + ))Rp3SA-Rp3,Rp3Sa-Rp3,Rp3sA-Rp3,Rp3sa-Rp3(@ tupnI- modnaR-teG( + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA_zdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA]tnIzdp[uoA =+ xatnySnoisrevnoCmodnaRzdp 283 | uoA_zdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA]tnIzdp[uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA]rtSrahCzdp[uoA =+ xatnySnoisrevnoCmodnaRzdp 284 | )(@ = xatnySnoisrevnoCmodnaRzdp 285 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 ))Rp3)(gnirtSoT._zdpRp3,Rp3_zdp]g'+'nirtS[Rp3(@ tupnI- modnaR-teG(]][rahC[( = xatnySgnirtSmodnaRzdp 286 | .snoitpo xatnys noisrevnoc suoirav neewteb tceles ylmodnaR # 287 | 288 | Rp3;Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3}Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3}Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp31Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3-Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoAhtgneLzdp._zdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3{Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tcejbOhcaEroFzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3iu3Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoAmileDnOtilpSzdp_zdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3;Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3rahCretimileDtigiDzdpRp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3{Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tcejbOhcaEroFzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3iu3Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3rahCretimileDtnIzdpRp3 dohteMtilpSzdp _zdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3=Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoAraVtpircSmodnaRzdpzdpjnLuoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3{Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + tcejbOhcaEroFzdp + ))1,0(@ tupnI- modnoeW,oeWliub ylluf morf raf hguohT # 289 | .& ro . htiw ti ekovni neht dna Rp3xeiRp3 gnirts eht mrof ot syaw detacsufbo dezimodnar-ylthgils woleb deddA # 290 | ))Rp3noisserpxE-ekovnIRp3,Rp3XEIRp3(@ tupnI- m'+'odnaR-teG( =+ xatnySnoisserpxEekovnIzdp 291 | )(@ = xatnySnoisserpxEekovnIzdp 292 | .seicnedneped tuohtiw tpircs enoladnats a niamer lliw siht taht os noitcnuf gnidocne siht otni deipoc si tI .1sp.dnammoCgnirtSdetacsufbO-tuO morf ypoc a si kcolb edoc woleB # 293 | .xatnys noitarepo ekovni modnar etareneG # 294 | 295 | )2yarrAtpircSweNzdp tupnI- modnaR-teG( = tpircSweNzdp 296 | .sdnammoc evoba eht fo eno tceles ylmodnaR # 297 | 298 | Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 2yarrAtpircSesaBzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3,Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3Rp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + Rp3(Rp3 + nioJrtSzdp =+ 2yarrAtpircSweNzdp 299 | Rp3)'+'Rp3 + 2yarrAtpircSesaBzdp + Rp3(Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + nioJzdp =+ 2yarrAtpircSweNzdp 300 | uoARp3Rp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + nioJzdp + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + 2yarrAtpircSesaBzdp =+ 2yarrAtpircSweNzdp 301 | )(@ = 2yarrAtpircSweNzdp 302 | .snoitpo evoba'+' lla rof xatnys NIOJ m'+'odnar etareneG # 303 | 304 | )2yarrAtpircSesaBzdp tupnI- modnaR-teG( = 2yarrAtpircSesaBzdp 305 | Rp3)Rp3 + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3rahCretimileDtigiDzdpRp3uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoA(2dohteMtilpSzdp.)uoA + ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + uoARp3 rahCretimileDtigiDzdpRp3uoA + ))1,0(@ tupnI- moeW,oeWrap tsrif eht dliuB # 306 | 307 | Rp3Rp3 nioJ- )}rahCrewoLreppUzdp })(reppUoT.rahCrewoLreppUzdp = rahCrewoLreppUzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;_zdp = rahCrewoLreppUzdp{ tcejbO-hcaEroF iu3 ))8..5(@ tupnI- modnaR-teG( tnuoC- )Rp3zRp3,Rp3yRp3,Rp3xRp3,Rp3wRp3,Rp3vRp3,Rp3uRp3,Rp3tRp3,Rp3sRp3,Rp3rRp3,Rp3qRp3,Rp3pRp3,Rp3oRp3,Rp3nRp3,Rp3mRp3,Rp3lRp3,Rp3kRp3,Rp3jRp3,Rp3iRp3,Rp3hRp3,Rp3gRp3,Rp3fRp3,Rp3eRp3,Rp3dRp3,Rp3cRp3,Rp3bRp3,Rp3aRp3(@ tupnI- modnaR-teG( = raVtpircSmodnaRzdp 308 | .delbmessaer gnieb elihw etats etaidemretni sRp3tpircs eht erots ot eman elbairav modnar etareneG # 309 | 310 | )uoA)Rp3rahCretimileDtigiDzdpRp3(2dohteMtilpSzdp.uoA,uoARp3rahCretimileDtigiDzdpRp3 dohteMtilpSzdp uoA(@ tupnI- modnaR-teG = mileDnOtilpSzdp 311 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 mirTzdp]][rahC[( = mirTzdp 312 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 Rp3tilpSRp3]][rahC[( = 2dohteMtilpSzdp 313 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 dohteMtilpSzdp]][rahC[( = dohteMtilpSzdp 314 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 tcejbOhcaEroFzdp]][rahC[( = tcejbOhcaEroFzdp 315 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahoeW,oeWroFRp3(@ tupnI- modnaR-teG = tcejbOhcaEroFzdp 316 | .snoitarepo yrassecen rof snoisrev esac modnar etareneG # 317 | 318 | )rahCretimileDtnIzdp nioJ- yarrAdedocnEzdp( = gnirtSdedocnEzdp 319 | .evoba detceles retimiled htiw gnirtSdedocnEzdp lanif rehtegot nioJ # 320 | 321 | rahCretimileDtigiDzdp + rahCretimileDtigiDzdp = rahCretimileDtnIzdp 322 | .yarra IICSA lanigiro eht ni ammoc eht ekil eb yllaitnesse lliw rahCretimileDtnIzdp # 323 | .rahCretimileDtigiDzdp fo secnatsni owt eb ot rahCretimileDtnIzdp teS # 324 | 325 | } 326 | )rahCretimileDtigiDzdp nioJ- yarrAeulaViicsAdedocnEzdp( =+ yarrAdedocnEzdp 327 | } 328 | )1 + tigiDzdp]gnirtS[]tnI[(*rahCgnidocnEzdp]gnirtS[ =+ yarrAeulaViicsAdedocnEzdp 329 | { 330 | )eulaViicsAzdp]gnirtS[]][rahC[ ni tigiDzdp(hcaEroF 331 | .tigiD*rahCretimileD ot ti trevnoc dna oeW,oeWodnaR-teG(*Rp3 oeW,oeW} 332 | tpircSweNzdp nruteR 333 | 334 | } 335 | tuptuOeniLdnammoCzdp = tpircSweNzdp 336 | 337 | } 338 | uoA.sretcarahc )htgneL.tuptuOeniLdmCzdp(zdp si htgnel stI !sretcarahc htgneLxaMdmCzdp fo htgnel dewolla mumixam exe.dmc eht sdeecxe dnammoc sihTuoA gninraW-et'+'irW 339 | { 340 | )htgneLxaMdmCzdp tg- htgneL.tuptuOeniLdnammoCzdp(fI 341 | 0918 = htgneLxaMdmCzdp 342 | .timil r'+'etcarahc sRp3exe.dmc deecxe tRp3nseod dnammoc lanif erus ekaM # 343 | 344 | } 345 | uoAuoAjnLtpircSweNzdpuoAjnL )snoitpOenildnammoCzdp(zdp llehsrewopuoA = tuptuOeniLdnammoCzdp 346 | uoAuoAjnLtpircSweNzdpuoAjnL )snoitpOenildnammoCzdp(zdp exe.llehsrewoph6W0.1vh6WllehSrewoPswodniWh6W23metsySh6W)ridniw:vnEzdp(zdpuoA = tuptuOeniLdnammoCzdp# 347 | .)noos siht no ofni erom( exe.llehsrewop htap ylluf ot tnaw yllaitnetop dRp3uoy snosaer era ereht dna ,ecaps gnivas tuoba tRp3nsi noitacsufbO # 348 | { 349 | eslE 350 | } 351 | uoAuoAjnLtpircSweNzdpuoAjnL )snoitpOenildnammoCzdp(zdp exe.llehsrewoph6W0.1vh6WllehSrewoPswodniWh6W46WOWsySh6WSWODNIWh6W:CuoA = tuptuOeniLdnammoCzdp 352 | { 353 | )]Rp346woWRp3[sretemaraPdnuoBSPzdp(fI 354 | .gnirts enil-dnammoc lluf eht pu dliuB # 355 | 356 | )3 mumixaM- 0 muminiM- modnaR-teG(*uoA uoA + snoitpOenildnammoCzdp + )3 mumixaM- 0 muminiM- modnaR-teG(*uoA uoA = snoitpOenildnammoCzdp 357 | Rp3Rp3 nioJ- )})3 mumixaM- 1 muminiM- modnaR-teG(*uoA uoA + _zdp{ tcejbO-hcaEroF iu3 snoitpOenildnammoCzdp( = snoitpOenildnammoCzdp 358 | .sgalf noitucexe fo gnirts lanif gnitaluspacne dna sgalf noitucexe lla neewteb ecapsetihw dezis-modnaR # 359 | 360 | } 361 | Rp3Rp3 nioJ- )}rahCzdp })(reppUoT.rahCzdp = rahCzdp{ ))1..0(@ tupnI- modnaR-teG(fI ;)(rewoLoT.)(gnirtSoT._zdp = rahCzdp{ tcejbO-hcaEroF iu3 ]izdp[sgalFllehSrewoPzdp]][rahC[( = ]izdp[sgalFllehSrewoPzdp 362 | { 363 | )++izdp ;tnuoC.sgalFllehSrewoPzdp tl- izdp ;0=izdp(roF 364 | .stnemugra enil-dnammoc lla fo esac eht ezimodnaR # 365 | 366 | } 367 | )))1+htgneL.tnemugrAlluFzdp( mumixaM- 2 muminiM- modnaR-teG(,0(gnirtSbuS.tnemugrAlluFzdp =+ snoitpOenildnammoCzdp 368 | uoAdnammoC-uoA = tnemugrAlluFzdp 369 | { 370 | )]Rp3dnammoCRp3[sretemaraPdnuoBSPzdp(fI 371 | .tsal dedda eb ot sdeen galf dnammoC- eht neht detceles fI # 372 | 373 | } 374 | tnuoC.snoitpOenildnammoCzdp tnuoC- snoitpOenildnammoCzdp tcejbOtupnI- modnaR-teG = snoitpOenildnammoCzdp 375 | { 376 | )1 tg- tnuoC.snoitpOenildnammoCzdp(fI 377 | .sgalf eseht fo gniredro rof serutangis elpmis ni epoh eslaf gnicalp morf maeT eulB eht tneverp ot si sihT # 378 | .sgalf noitucexe eht fo redro eht ezimodnaR # 379 | 380 | } 381 | eulaVtnemugrAzdp + )3 mumixaM- 1 muminiM- modnaR-teG(*Rp3 Rp3 + galFyciloPnoitucexEzdp =+ sgalFllehSrewoPzdp 382 | sgalFyciloPnoitucexEzdp tupnI- modnaR-teG = galFyciloPnoitucexEzdp 383 | } 384 | )xednIzdp,0(gnirtSbuS.tnemugrAlluFzdp =+ sgalFyciloPnoitucexEzdp 385 | { 386 | )++xednIzdp ;htgneL.tnemugrAlluFzdp el- xednIzdp ;3=xednIzdp(roF 387 | Rp3PE-Rp3 =+ sgalFyciloPnoitucexEzdp 388 | )(@ = sgalFyciloPnoitucexEzdp 389 | .llew sa PE- fo galf detrohs eht tnuocca otni ekaT # 390 | }]Rp3yciloPnoitucexERp3[sretemaraPdnuoBSPzdp = eulaVtnemugrAzdp{ eslE 391 | }yciloPnoitucexEzdp = eulaVtnemugrAzdp{ )yciloPnoitucexEzdp(fI 392 | uoAyciloPnoitucexE-uoA = tnemugrAlluFzdp 393 | { 394 | )yciloPnoitucexEzdp RO- ]Rp3ycoeW,oeWserpxEekovnIzdp 395 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))764,634,083,943,872,152,022,402,371,241,511,68,07,14,21(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))815,584,664,154,534,024,783,973,463,843,333,003,392,772,052,532,912,302,881,271,751,141,411,99,58,96,45,04,52,11(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))115,005,194,074,364,454,344,234,424,314,204,393,673,763,653,543,733,623,513,603,582,472,662,452,742,832,722,612,802,002,191,081,961,161,941,831,031,811,111,201,28,47,66,75,73,92,8,0(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.fOxednItsaL.Rp3Rp3uoA , uoA)fOxednItsaL.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarep'+'OnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 396 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))031,69,08,64,21(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))921,59,97,54,11(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))331,621,711,29,48,67,76,24,43,8,0(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.ynAfOxednItsaL.Rp3Rp3uoA , uoA)ynAfOxednItsaL.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 397 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))96,72(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))86,45,05,62,21,8(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))56,65,54,03,32,41,3(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.evomeR.Rp3Rp3uoA , uoA)evomeR.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 398 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))46,03(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))27,36,92(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))76,06,15,74,73,62,71,31,3(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.gnirtSbuS.Rp3Rp3uoA , uoA)gnirtSbuS.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 399 | uoA)uoA + uoARp3Rp3nioJ-]91,uoA + ))42,81(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))51,11(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.srahC.Rp3Rp3uoA , uoA)'+'srahC.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 400 | uoA)uoA + uoARp3Rp3nioJ-]64,uoA + ))54,14,53,51(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))77,95,55,33,32,31,3(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.ezilamroN.Rp3Rp3uoA , uoA)ezilamroN.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 401 | uoA)uoA + uoARp3Rp3nioJ-]72,uoA + ))14,62,01(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))33,32,41,7,3(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.tresnI.Rp3Rp3uoA , uoA)tresnI.Rp3Rp3]gnirtS[(u'+'oA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 402 | uoA)Rp3Rp3nioJ-]2,11,3[emaN.)Rp3*rdm*Rp3 uoA + ))Rp3elbairaVRp3,Rp3VGRp3,Rp3elbairaV-teGRp3(@ tupnI- modnaR-teG( + uoA((uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 403 | uoA)Rp3Rp3nioJ-]52,uoA + ))62,42,51(@ tupnI- modnaR-teG( + uoA,4[cepSmoC:vnezdpjnL (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 404 | uoA)Rp3xRp3+]uoA + ))43,03(@ tupnI- modnaR-teG( + uoA[emoHSPzdpjnL+]uoA + ))12,4(@ tupnI- modnaR-teG( + uoA[emoHSPzdpjnL (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzd'+'p 405 | uoA)Rp3xRp3+]31[dIllehSzdpjnL+]1[dIllehSzdpjnL (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 406 | ))1,0(@ tupnI- modnaR-teG(*Rp3 Rp3 + ))Rp3&Rp3,Rp3.Rp3(@ tupnI- modnaR-teG( = rotarepOnoitacovnIzdp 407 | .cte/seitreporp/srebmem/sdohtem/seulav elbairaV citamotuA llehSrewoP dna seulav elbairav tnemnorivne nommoc no ward sdohtem esehT # 408 | .tellub revlis a ton tub rotacidni taerg a si noisserpxE-ekovnI/XEI woh thgilhgih ot dedulcni era eseht ,tuo toeW,oeWmodnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.fOxednI.Rp3Rp3uoA , uoA)fOxednI.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 409 | uoA)uoA + uoARp3Rp3nioJ-]uoA + ))811,48,27,83,8(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))711,38,17,73,7(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))121,411,501,08,67,86,95,43,03,4,0(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.ynAfOxednI.Rp3Rp3uoA , uoA)ynAfOxednI.Rp3Rp3]gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisserpxEekovnIzdp 410 | uoA)uoA + uoARp3Rp3nioJ-]84,uoA + ))74,34,63,51(@ tupnI- modnaR-teG( + Rp3,Rp3 + ))97,57,16,75,43,62,31,5(@ tupnI- modnaR-teG( + Rp3[Rp3 + ))uoA)(gnirtSoT.dezilamroNsI.Rp3Rp3uoA , uoA)dezilamroNsI.Rp3Rp3'+']gnirtS[(uoA(@ tupnI- modnaR-teG( + uoA (uoA + rotarepOnoitacovnIzdp =+ xatnySnoisoeW,oeW'+'sreV ,esneciL ehcapA eht rednu desneciL # 411 | # 412 | >moc.tnaidnam.www//:ptth< tnaidnaM ta elihw # 413 | >nonnahobhleinad@< nonnahoB leinaD 7102 thgirypoC # 414 | # 415 | .noitacsufbO-ekovnI fo trap si elif sihT #oeWf-RXH}3{}22{}42{}51{}32{}1{}2{}7{}4{}91{}41{}8{}9{}6{}31{}71{}5{}21{}12{}61{}02{}11{}81{}01{}0{RXH((('((" ,'.', ("{1}{0}{2}" -f'OLE','RIGHTt','Ft'))| &("{1}{0}{2}" -f 'aC','fORE','h') { ${_}} )+" $(sEt 'OfS' ' ' ) "| . ( ${VerBOs`EP`RefeR`e`NcE}.("{2}{0}{1}" -f 'STRIn','G','tO').Invoke()[1,3]+'x'-jOiN'') 416 | -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-ObfuscatedTokenCommand.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AdminTest0/Invoke-Obfuscation-Bypass/b649da6167da126d854a33b487f6f8ee54958ce1/Invoke-Obfuscation-Bypass/Out-ObfuscatedTokenCommand.ps1 -------------------------------------------------------------------------------- /Invoke-Obfuscation-Bypass/Out-SecureStringCommand.ps1: -------------------------------------------------------------------------------- 1 | &('SV') ("{0}{1}" -f 'Q','1R') ( [TYPe]("{0}{2}{1}" -F'Io.','ILe','F') ) ; 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Function OU`T-seCU`REsTri`N`gcom`M`And 21 | { 22 | 23 | 24 | [CmdletBinding(DEFaULtpaRAmeTeRsETNAME = {"{0}{2}{1}" -f'F','th','ilePa'})] Param ( 25 | [Parameter(POSITiOn = 0, valUefROmPIpeLINe = ${t`Rue}, pARAMetERSEtNAmE = "sC`Ri`Ptb`lOCk")] 26 | [ValidateNotNullOrEmpty()] 27 | [ScriptBlock] 28 | ${sCrIpt`Bl`oCk}, 29 | 30 | [Parameter(pOSiTIoN = 0, paRaMetErseTNAME = "fi`l`epath")] 31 | [ValidateNotNullOrEmpty()] 32 | [String] 33 | ${p`AtH}, 34 | 35 | [Switch] 36 | ${NO`E`XiT}, 37 | 38 | [Switch] 39 | ${n`O`pRoFiLe}, 40 | 41 | [Switch] 42 | ${NO`N`INtera`c`TIVe}, 43 | 44 | [Switch] 45 | ${N`oL`OGO}, 46 | 47 | [Switch] 48 | ${W`oW`64}, 49 | 50 | [Switch] 51 | ${c`o`MMAnD}, 52 | 53 | [ValidateSet({"{1}{0}"-f 'l','Norma'}, {"{1}{3}{2}{0}" -f 'ed','Mini','z','mi'}, {"{1}{2}{0}" -f 'ized','Maxi','m'}, {"{0}{1}{2}" -f 'Hid','de','n'})] 54 | [String] 55 | ${w`I`NDOwS`TYle}, 56 | 57 | [ValidateSet({"{1}{0}"-f's','Bypas'}, {"{1}{0}{2}" -f 'nre','U','stricted'}, {"{2}{0}{1}{3}" -f'e','moteSi','R','gned'}, {"{0}{2}{1}" -f 'Al','ned','lSig'}, {"{1}{0}{2}"-f 'estrict','R','ed'})] 58 | [String] 59 | ${ExeCu`Ti`oNPO`L`Icy}, 60 | 61 | [Switch] 62 | ${P`ASSTh`RU} 63 | ) 64 | 65 | 66 | If(${Ps`BOU`NDP`A`RAmEteRS}[("{0}{1}"-f 'Pa','th')]) 67 | { 68 | &("{3}{1}{0}{2}"-f 'l','Chi','dItem','Get-') ${Pa`TH} -ErrorAction ("{0}{1}"-f'S','top') | &("{1}{0}" -f'Null','Out-') 69 | ${scrIpt`stRI`NG} = $q1R::("{1}{0}{2}{3}" -f 'dAl','Rea','lTex','t').Invoke((&("{3}{0}{2}{1}"-f 'lve-','th','Pa','Reso') ${P`ATh})) 70 | } 71 | Else 72 | { 73 | ${ScrI`PTS`T`RinG} = [String]${Scri`p`TbLOCK} 74 | } 75 | 76 | 77 | ${S`EcUrE`s`TRIng} = &("{1}{2}{4}{3}{0}"-f'ring','C','onvertT','SecureSt','o-') ${s`c`RI`PtSTRinG} -AsPlainText -Force 78 | 79 | 80 | ${k`EYlEn`Gth} = &("{1}{2}{0}{3}"-f'd','Get-R','an','om') @(16,24,32) 81 | 82 | 83 | Switch(&("{1}{0}{2}" -f 'Rando','Get-','m') -Minimum 1 -Maximum 3) 84 | { 85 | 1 { 86 | 87 | ${SeC`URE`stR`INg`KeY} = @() 88 | For(${I}=0; ${i} -lt ${kEy`LE`N`gTh}; ${i}++) { 89 | ${seCuR`Es`TRI`NGKeY} += &("{1}{0}{2}"-f 't-R','Ge','andom') -Minimum 0 -Maximum 256 90 | } 91 | ${Sec`U`R`E`stRiN`gkEYsTr} = ${SE`c`UR`eSt`RiNg`KeY} -Join ',' 92 | } 93 | 2 { 94 | 95 | 96 | ${L`O`w`erBOUnD} = (&("{0}{1}{2}" -f'Get','-Ra','ndom') -Minimum 0 -Maximum (256-${kEyLE`N`GTH})) 97 | ${Up`PERBOu`Nd} = ${LO`wERbOu`Nd} + (${KeylE`N`GTH} - 1) 98 | Switch(&("{2}{0}{1}" -f'd','om','Get-Ran') @(("{0}{1}" -f 'Asc','ending'),("{0}{1}{2}" -f 'De','scendi','ng'))) 99 | { 100 | ("{0}{2}{1}" -f'Ascen','g','din') {${sEcU`REStr`I`NGK`ey} = (${lO`w`eRbOU`Nd}..${uP`PerBOu`ND}); ${S`EcuRe`S`TRINGKEyStr} = "($LowerBound..$UpperBound)"} 101 | ("{1}{0}{3}{2}" -f 'end','Desc','ng','i') {${SEcUresTrI`Ng`KEy} = (${UpPe`RbOU`Nd}..${lOWe`RBOu`Nd}); ${S`eCure`sTring`ke`YS`TR} = "($UpperBound..$LowerBound)"} 102 | ("{2}{0}{1}" -f'aul','t','def') {&("{3}{0}{2}{1}"-f't','-Error','e','Wri') ("{6}{11}{1}{13}{4}{0}{10}{9}{12}{8}{3}{7}{5}{2}" -f'g','invalid ar','k.','or switch ','rin','loc','A','b',' was generated f','opti',' ','n ','on','ray orde'); Exit;} 103 | } 104 | } 105 | ("{0}{1}" -f 'defau','lt') {&("{2}{1}{0}"-f'or','rite-Err','W') ("{9}{7}{6}{1}{10}{4}{0}{8}{13}{5}{3}{12}{2}{11}"-f ' gener','om number ',' blo','it','s','w','nd',' ra','ated for','An invalid','wa','ck.','ch',' s'); Exit;} 106 | } 107 | 108 | 109 | ${SecURESt`Ri`Ngt`EXT} = ${S`E`c`UREsTri`NG} | &("{3}{2}{6}{0}{5}{7}{4}{1}" -f 'u','ring','onvertFrom-Se','C','t','r','c','eS') -Key ${Sec`UrE`s`TRiNgKEy} 110 | 111 | 112 | ${k`EY} = (&("{2}{1}{3}{0}"-f 'ndom','e','G','t-Ra') -Input @(("{2}{1}{0}" -f'y ','-Ke',' '),("{0}{1}"-f ' -K','e '),("{0}{1}"-f' -K',' '))) 113 | 114 | 115 | ${pTRt`OS`T`RIngAUto} = (&("{2}{1}{0}"-f'Random','t-','Ge') -Input @(("{0}{2}{1}{3}" -f 'P','StringAu','trTo','to'),(((("{6}{1}{5}{3}{9}{2}{8}{7}{0}{11}{10}{12}{4}" -f'al','R','p','In',')[','untime.','([','s.Marsh','Service','tero','em','].GetM','bers('))) + (&("{1}{2}{0}"-f'Random','G','et-') -Input @(3,5)) + ((("{2}{1}{0}{3}"-f'me)','.Na',']','.Invoke')))))) 116 | ${Ptr`T`OStr`IngunI} = (&("{1}{2}{0}{3}"-f 'o','Get','-Rand','m') -Input @(("{0}{2}{1}" -f 'PtrToStri','Uni','ng') ,(((("{8}{3}{11}{4}{10}{13}{5}{14}{6}{9}{12}{2}{0}{7}{1}" -f'mb','s()[','Me','un','me.Intero','es.Ma','a','er','([R','l]','pServi','ti','.Get','c','rsh'))) + (&("{0}{1}{2}" -f'Get-Ran','d','om') -Input @(2,4)) + ((("{1}{0}{2}" -f 'e).Invok','].Nam','e')))))) 117 | ${P`TrtO`S`TrIng`AnsI} = (&("{1}{2}{3}{0}" -f 'om','G','et','-Rand') -Input @(("{2}{0}{1}"-f'ngAns','i','PtrToStri'),(((("{6}{3}{8}{2}{0}{1}{5}{4}{7}" -f'r','shal].GetM','es.Ma','Runtime.Int','mbe','e','([','rs()[','eropServic'))) + (&("{0}{2}{1}"-f 'Ge','dom','t-Ran') -Input @(0,1)) + ((("{0}{4}{3}{1}{2}"-f '].','e).','Invoke','am','N')))))) 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | ${pTRTOsTRIngA`U`TO} = ([Char[]]"[Runtime.InteropServices.Marshal]::$PtrToStringAuto(" | &("{0}{3}{2}{1}"-f'F','-Object','h','orEac') {${C`HaR} = ${_}.("{1}{2}{0}"-f 'ng','To','Stri').Invoke().("{0}{1}{2}"-f'To','Low','er').Invoke(); If(&("{2}{0}{1}"-f't-R','andom','Ge') -Input @(0..1)) {${C`HAR} = ${cH`AR}.("{0}{1}"-f 'ToUpp','er').Invoke()} ${cH`Ar}}) -Join '' 126 | ${PTR`TO`sTR`inGUNi} = ([Char[]]"[Runtime.InteropServices.Marshal]::$PtrToStringUni(" | &("{3}{0}{1}{2}" -f 'orEach','-Obj','ect','F') {${Ch`Ar} = ${_}.("{0}{1}{2}"-f 'To','S','tring').Invoke().("{1}{2}{0}"-f'er','ToL','ow').Invoke(); If(&("{2}{1}{0}" -f 'andom','-R','Get') -Input @(0..1)) {${C`haR} = ${CH`AR}.("{1}{0}"-f'oUpper','T').Invoke()} ${c`hAR}}) -Join '' 127 | ${PTRT`oStRi`NGANsi} = ([Char[]]"[Runtime.InteropServices.Marshal]::$PtrToStringAnsi(" | &("{1}{0}{2}{3}" -f 'orEa','F','ch-O','bject') {${C`har} = ${_}.("{1}{2}{0}"-f'g','ToStri','n').Invoke().("{0}{1}"-f 'T','oLower').Invoke(); If(&("{1}{3}{0}{2}" -f'o','Get','m','-Rand') -Input @(0..1)) {${c`Har} = ${ch`Ar}.("{1}{0}{2}"-f 'oUppe','T','r').Invoke()} ${C`har}}) -Join '' 128 | ${pTrtoSt`RI`NG`Bs`Tr} = ([Char[]]((("{7}{1}{3}{2}{4}{10}{9}{6}{0}{5}{8}{11}" -f 'l]::PtrTo','Runtim','.Int','e','eropServ','S','a','[','tringBST','h','ices.Mars','R('))) | &("{1}{3}{0}{2}" -f 'rEach-Obj','F','ect','o') {${cH`AR} = ${_}.("{0}{1}{2}"-f'ToStri','n','g').Invoke().("{1}{0}{2}"-f'oL','T','ower').Invoke(); If(&("{1}{2}{3}{0}" -f'dom','G','et-','Ran') -Input @(0..1)) {${cH`AR} = ${CH`Ar}.("{0}{1}"-f 'To','Upper').Invoke()} ${ch`AR}}) -Join '' 129 | ${secUr`eS`TRi`NgTOB`stR} = ([Char[]]((("{3}{6}{9}{1}{8}{0}{7}{5}{15}{2}{10}{12}{14}{16}{13}{4}{11}"-f'eropS','In','.Mar','[','ST','rvice','Runtime','e','t','.','sh','R(','al]::SecureStr','B','in','s','gTo'))) | &("{0}{1}{3}{4}{2}" -f 'F','or','ct','Each','-Obje') {${Ch`AR} = ${_}.("{0}{1}"-f'ToStr','ing').Invoke().("{0}{1}" -f 'To','Lower').Invoke(); If(&("{1}{2}{0}"-f 'Random','G','et-') -Input @(0..1)) {${CH`Ar} = ${c`har}.("{0}{1}{2}"-f 'ToUp','pe','r').Invoke()} ${C`hAR}}) -Join '' 130 | ${S`EC`UrEsTRiNgTo`gl`obAlALLOcUNIcO`de} = ([Char[]]((("{10}{11}{1}{8}{14}{15}{2}{9}{13}{6}{16}{3}{0}{12}{17}{4}{7}{5}"-f 'lAllo','nterop','ic','StringToGloba','icod','(',']::Secu','e','S','e','[Runtim','e.I','cU','s.Marshal','er','v','re','n'))) | &("{3}{1}{0}{2}" -f'rEach-O','o','bject','F') {${C`hAr} = ${_}.("{0}{1}" -f 'ToSt','ring').Invoke().("{1}{0}"-f 'r','ToLowe').Invoke(); If(&("{1}{0}{2}"-f'-','Get','Random') -Input @(0..1)) {${cH`AR} = ${C`HAR}.("{1}{0}"-f'per','ToUp').Invoke()} ${c`har}}) -Join '' 131 | ${SE`c`UReSTrin`gtOgLo`Ba`lAlLocaNsI} = ([Char[]]((("{6}{13}{10}{7}{16}{15}{11}{3}{4}{12}{8}{0}{5}{14}{17}{9}{2}{1}" -f 'lAl','(','i','eS','trin','l','[Runtime.Int','ervi','loba','Ans','pS','r','gToG','ero','o','s.Marshal]::Secu','ce','c'))) | &("{3}{2}{1}{0}"-f't','-Objec','Each','For') {${C`HaR} = ${_}.("{0}{1}" -f'ToStrin','g').Invoke().("{2}{1}{0}"-f'r','Lowe','To').Invoke(); If(&("{1}{0}{2}" -f'-Ra','Get','ndom') -Input @(0..1)) {${Ch`AR} = ${c`HaR}.("{1}{0}{2}" -f'Upp','To','er').Invoke()} ${ch`Ar}}) -Join '' 132 | ${n`EW`oBJecT} = ([Char[]]("{0}{2}{1}"-f 'New','ect ','-Obj') | &("{0}{3}{2}{1}{4}"-f 'For','je','h-Ob','Eac','ct') {${c`hAR} = ${_}.("{1}{2}{0}"-f'ing','ToSt','r').Invoke().("{0}{1}" -f 'ToLow','er').Invoke(); If(&("{1}{3}{2}{0}"-f'm','G','do','et-Ran') -Input @(0..1)) {${Ch`AR} = ${Ch`Ar}.("{0}{1}{2}"-f'ToUp','p','er').Invoke()} ${c`hAR}}) -Join '' 133 | ${pscred`E`N`Ti`AL} = ([Char[]]("{6}{4}{2}{1}{5}{3}{0}" -f'ial ','mation.PSCre','.Auto','nt','nagement','de','Ma') | &("{1}{2}{0}" -f 'ect','ForEa','ch-Obj') {${C`hAR} = ${_}.("{0}{2}{1}" -f'To','ing','Str').Invoke().("{1}{0}{2}"-f 'w','ToLo','er').Invoke(); If(&("{0}{1}{2}" -f 'Get','-','Random') -Input @(0..1)) {${C`haR} = ${c`Har}.("{0}{2}{1}"-f 'T','r','oUppe').Invoke()} ${c`har}}) -Join '' 134 | ${CoN`VertToSE`CurE`sTri`NG} = ([Char[]]("{4}{6}{1}{0}{5}{3}{2}" -f 'SecureS','o-','g','rin','C','t','onvertT') | &("{0}{3}{4}{1}{2}" -f 'Fo','e','ct','r','Each-Obj') {${CH`AR} = ${_}.("{1}{0}{2}"-f'i','ToStr','ng').Invoke().("{1}{0}"-f 'ower','ToL').Invoke(); If(&("{2}{0}{1}"-f 'Ra','ndom','Get-') -Input @(0..1)) {${CH`Ar} = ${c`HAr}.("{0}{1}{2}" -f'T','oUppe','r').Invoke()} ${CH`AR}}) -Join '' 135 | ${K`eY} = ([Char[]]${k`Ey} | &("{4}{3}{2}{1}{0}"-f 't','ec','j','Each-Ob','For') {${C`HAR} = ${_}.("{1}{2}{0}" -f'g','T','oStrin').Invoke().("{1}{0}{2}"-f'Lo','To','wer').Invoke(); If(&("{0}{1}{3}{2}" -f 'Ge','t','Random','-') -Input @(0..1)) {${ch`Ar} = ${c`HaR}.("{1}{0}" -f'Upper','To').Invoke()} ${Ch`Ar}}) -Join '' 136 | ${G`e`TNetWoRK`CrEd`entiAl} = ([Char[]]((("{1}{4}{7}{9}{5}{8}{0}{3}{2}{6}"-f 'ede',').','.Pas','ntial()','Ge','rk','sword','t','Cr','Netwo'))) | &("{1}{0}{3}{2}"-f'ach','ForE','ct','-Obje') {${c`har} = ${_}.("{1}{0}" -f'ing','ToStr').Invoke().("{0}{1}{2}" -f'To','Lowe','r').Invoke(); If(&("{1}{0}{2}{3}"-f'-','Get','Rando','m') -Input @(0..1)) {${cH`Ar} = ${Ch`AR}.("{1}{0}{2}"-f'oU','T','pper').Invoke()} ${CH`AR}}) -Join '' 137 | 138 | 139 | ${c`onVerttOs`EcUres`T`Ri`Ng`SynT`Ax} = '$(' + "'$SecureStringText'" + ' '*(&("{2}{0}{1}"-f't','-Random','Ge') -Input @(0,1)) + '|' + ' '*(&("{1}{0}{2}" -f't-Ra','Ge','ndom') -Input @(0,1)) + ${COnvERtTO`S`eC`U`ReStRING} + ' '*(&("{1}{0}{2}{3}"-f 'e','G','t-Ra','ndom') -Input @(0,1)) + ${k`ey} + ' '*(&("{3}{2}{1}{0}" -f 'om','nd','-Ra','Get') -Input @(0,1)) + ${S`ecURe`stRin`gK`EyS`TR} + ')' + ' '*(&("{2}{0}{1}" -f'do','m','Get-Ran') -Input @(0,1)) + ')' + ' '*(&("{1}{2}{0}"-f 'Random','Get','-') -Input @(0,1)) + ')' + ' '*(&("{1}{2}{3}{0}" -f'm','Get','-Rand','o') -Input @(0,1)) + ')' 140 | 141 | 142 | ${n`eWsCrI`p`TARRAY} = @() 143 | ${nEw`S`cR`iPtArRaY} += '(' + ' '*(&("{0}{2}{1}"-f'G','om','et-Rand') -Input @(0,1)) + ${ptrt`OsTr`i`N`Ga`UTO} + ' '*(&("{0}{1}{2}"-f 'Get-R','a','ndom') -Input @(0,1)) + ${SEc`Ur`esT`RiN`Gto`BstR} + ' '*(&("{1}{0}{2}" -f 'ando','Get-R','m') -Input @(0,1)) + ${cONvErTTOS`eCUReS`T`R`I`NG`SYntax} 144 | ${NeWsC`Ri`PtAR`R`AY} += '(' + ' '*(&("{1}{3}{0}{2}"-f 'n','G','dom','et-Ra') -Input @(0,1)) + ${P`TR`TOSTRIng`UNI} + ' '*(&("{0}{1}{2}" -f 'Get','-Rando','m') -Input @(0,1)) + ${se`c`UReSTRi`NgTOG`lobA`lal`LOCuNiCodE} + ' '*(&("{0}{1}{2}" -f 'Get','-Ran','dom') -Input @(0,1)) + ${CO`NVE`R`Tt`osec`U`RestRin`G`sYntAx} 145 | ${ne`wsc`Rip`TArRAY} += '(' + ' '*(&("{1}{2}{0}"-f'm','Get','-Rando') -Input @(0,1)) + ${ptr`Tost`RI`NganSI} + ' '*(&("{0}{1}{2}" -f'Get-','Rando','m') -Input @(0,1)) + ${sE`cUReST`RingTo`g`lo`BALallOCanSi} + ' '*(&("{1}{0}{2}" -f 't-Ran','Ge','dom') -Input @(0,1)) + ${CON`VeR`TT`oSEcuRe`STri`N`g`synTaX} 146 | ${NEW`s`CriPTA`Rr`Ay} += '(' + ' '*(&("{0}{1}{2}"-f 'G','et-Rando','m') -Input @(0,1)) + ${ptrt`osTRi`N`gbSTR} + ' '*(&("{0}{2}{1}" -f'Get','Random','-') -Input @(0,1)) + ${s`Ecur`ES`TrInG`TOBS`TR} + ' '*(&("{1}{0}{2}"-f 'a','Get-R','ndom') -Input @(0,1)) + ${C`O`NVE`RTT`oSECuresTRiN`GS`YNt`Ax} 147 | ${New`S`cR`iptaRRAy} += '(' + ' '*(&("{2}{1}{3}{0}" -f'dom','t-R','Ge','an') -Input @(0,1)) + ${nE`wobJE`ct} + ' '*(&("{0}{1}{2}"-f 'Get-Ran','d','om') -Input @(0,1)) + ${P`s`cREd`enTIAL} + ' '*(&("{1}{2}{0}{3}" -f'd','Get','-Ran','om') -Input @(0,1)) + "' '" + ',' + ' '*(&("{3}{2}{1}{0}"-f 'ndom','Ra','-','Get') -Input @(0,1)) + '(' + ' '*(&("{2}{1}{0}"-f 'dom','an','Get-R') -Input @(0,1)) + "'$SecureStringText'" + ' '*(&("{2}{1}{0}"-f 'ndom','t-Ra','Ge') -Input @(0,1)) + '|' + ' '*(&("{2}{0}{1}"-f 't-R','andom','Ge') -Input @(0,1)) + ${cO`N`VErtTOsECUr`EsTRI`NG} + ' '*(&("{1}{2}{0}" -f'm','Get','-Rando') -Input @(0,1)) + ${k`eY} + ' '*(&("{0}{1}{2}"-f'Ge','t-Rando','m') -Input @(0,1)) + ${SE`cUReS`TR`in`gkEYs`TR} + ' '*(&("{1}{0}{2}{3}"-f 't-R','Ge','an','dom') -Input @(0,1)) + ')' + ' '*(&("{1}{2}{3}{0}"-f 'om','G','et','-Rand') -Input @(0,1)) + ${GE`TNEtWo`RKCRe`DE`NTI`Al} 148 | 149 | ${NEW`scRi`Pt} = (&("{2}{0}{1}"-f 't-Ran','dom','Ge') -Input ${Ne`wscRi`P`T`ARray}) 150 | 151 | 152 | 153 | ${I`NVOkEEX`PREsS`IOnSyNt`AX} = @() 154 | ${InvO`kEeXpr`eSSi`o`N`sy`NtAX} += (&("{0}{2}{1}"-f'Get-','andom','R') -Input @('IEX',("{0}{3}{2}{1}"-f'Invoke-','ession','xpr','E'))) 155 | 156 | 157 | 158 | ${InvoC`ATioNO`peRa`T`oR} = (&("{2}{0}{1}" -f 'et-Ran','dom','G') -Input @('.','&')) + ' '*(&("{0}{2}{1}"-f'Get-','andom','R') -Input @(0,1)) 159 | ${Inv`oKeEx`P`Ression`S`YNTAX} += ${in`VoCaT`Ion`OPER`AToR} + ('( '+"`$ShellId[1]+`$ShellId[13]+'x')") 160 | ${In`VokEeXP`Re`SsiOnSY`NTAx} += ${i`NVO`cAtI`OnoP`eraTOr} + ('( '+"`$PSHome[") + (&("{2}{1}{0}{3}" -f'do','n','Get-Ra','m') -Input @(4,21)) + "]+`$PSHome[" + (&("{2}{3}{1}{0}" -f 'm','o','Get','-Rand') -Input @(30,34)) + (((("{1}{0}{2}" -f 'r5',']+4r5x4',')'))-CREplAcE '4r5',[CHaR]39)) 161 | ${iNV`OkE`Expre`ss`i`O`NSYNTAX} += ${i`N`Voc`A`TI`OnoPeRaTor} + ('( '+"`$env:ComSpec[4,") + (&("{0}{1}{2}" -f'Ge','t-Rand','om') -Input @(15,24,26)) + (((("{3}{2}{1}{0}{4}"-f 'inrz','o','J',',25]-','FrzF)')) -CrEpLACE 'rzF',[cHAr]39)) 162 | ${I`NVok`EExprE`sSi`o`NSYnt`Ax} += ${iNvOc`AtIoNO`per`A`ToR} + "((" + (&("{2}{0}{1}" -f 'e','t-Random','G') -Input @(("{1}{0}{3}{2}" -f 'a','Get-V','able','ri'),'GV',("{2}{1}{0}" -f'e','l','Variab'))) + ((("{9}{6}{7}{0}{3}{4}{5}{2}{1}{8}"-f'ame[3,','omeome','n','1','1',',2]-Joi','me*mdr*ome',').N',')',' o'))."RE`P`LACE"('ome',[striNG][chAr]39)) 163 | ${iNV`OKee`xpR`e`s`siOn`synTAX} += ${inVo`cA`Ti`ONo`peRaTor} + "( " + (&("{0}{1}{2}{3}" -f 'Get-','R','an','dom') -Input @(((('74'+'MVer'+'bosePreference'+'.ToStrin'+'g'+'()') -rEpLace '74M',[chAr]36)),(('(['+'Stri'+'n'+'g]'+'{0}V'+'erb'+'osePreference)') -f [ChAr]36))) + (((("{6}{5}{4}{0}{2}{1}{3}"-f'-Join','r6O','6O','r)','rx6Or',']+6O','[1,3'))-crePlace '6Or',[ChAr]39)) 164 | 165 | 166 | 167 | 168 | ${In`VO`K`eE`X`pREssion} = (&("{2}{1}{0}"-f 'ndom','et-Ra','G') -Input ${I`NVO`keeXprEsSio`Nsy`N`T`AX}) 169 | 170 | 171 | ${INv`OK`E`EX`PRESS`Ion} = ([Char[]]${i`NV`oKEEX`pREss`i`On} | &("{3}{0}{2}{1}" -f 'Each-','ect','Obj','For') {${CH`AR} = ${_}.("{0}{1}{2}"-f'T','oSt','ring').Invoke().("{0}{2}{1}" -f 'To','r','Lowe').Invoke(); If(&("{2}{1}{0}"-f 'Random','et-','G') -Input @(0..1)) {${c`HAr} = ${c`HAr}.("{0}{1}" -f 'To','Upper').Invoke()} ${cH`Ar}}) -Join '' 172 | 173 | 174 | ${InvO`k`eOp`TIO`NS} = @() 175 | ${iNv`O`K`eOPti`onS} += ' '*(&("{2}{1}{0}" -f'ndom','et-Ra','G') -Input @(0,1)) + ${INvOk`EeX`Pres`si`On} + ' '*(&("{0}{2}{1}" -f 'Get','m','-Rando') -Input @(0,1)) + '(' + ' '*(&("{0}{2}{1}"-f'G','dom','et-Ran') -Input @(0,1)) + ${ne`W`script} + ' '*(&("{1}{3}{2}{0}" -f 'dom','G','an','et-R') -Input @(0,1)) + ')' + ' '*(&("{2}{1}{0}" -f'om','-Rand','Get') -Input @(0,1)) 176 | ${iNVOKeOP`T`I`OnS} += ' '*(&("{2}{0}{1}"-f '-Rando','m','Get') -Input @(0,1)) + ${N`Ews`cRipT} + ' '*(&("{2}{1}{0}{3}" -f'Ran','et-','G','dom') -Input @(0,1)) + '|' + ' '*(&("{0}{1}{2}"-f 'Ge','t-Rand','om') -Input @(0,1)) + ${iNVOkE`expRes`sI`oN} 177 | 178 | ${ne`WsC`R`iPt} = (&("{1}{2}{0}"-f'dom','Get','-Ran') -Input ${invo`KE`Opt`IONs}) 179 | 180 | 181 | If(!${pSBo`UNDp`A`RAM`EteRs}[("{0}{1}" -f'Pass','Thru')]) 182 | { 183 | 184 | ${pO`w`e`RsHEllfLaGS} = @() 185 | 186 | 187 | 188 | ${C`oM`MANDL`inEOptioNs} = &("{1}{2}{0}" -f'w-Object','N','e') ("{2}{1}{0}"-f 'ing[]','tr','S')(0) 189 | If(${ps`B`OuN`dpaRAMe`T`ERS}[("{0}{1}{2}"-f'N','oEx','it')]) 190 | { 191 | ${FUl`l`Arg`UmeNT} = ("{1}{0}" -f'xit','-NoE'); 192 | ${co`m`MandLiNEopt`Ions} += ${FullAr`GU`mE`Nt}.("{2}{0}{1}"-f 'St','ring','Sub').Invoke(0,(&("{0}{2}{1}" -f 'G','t-Random','e') -Minimum 4 -Maximum (${fULLarGu`Me`Nt}."Le`NgtH"+1))) 193 | } 194 | If(${Psbo`UNd`PaRa`mete`RS}[("{1}{0}" -f'le','NoProfi')]) 195 | { 196 | ${fulLA`RG`UM`ENT} = ("{0}{1}{3}{2}"-f '-NoP','r','file','o'); 197 | ${co`mmANdlIN`e`OP`TI`ONs} += ${f`ULlargu`M`ENT}.("{2}{0}{1}" -f'i','ng','SubStr').Invoke(0,(&("{1}{0}{2}" -f'-Ran','Get','dom') -Minimum 4 -Maximum (${fULlaR`GUM`eNT}."l`EN`gtH"+1))) 198 | } 199 | If(${P`SBoUN`DPARA`mETeRS}[("{0}{2}{3}{1}{4}"-f'NonI','v','ntera','cti','e')]) 200 | { 201 | ${fu`lL`ARGuM`eNT} = ("{4}{2}{1}{0}{3}" -f 'v','cti','ntera','e','-NonI'); 202 | ${coMmaN`DL`inEOp`TiONS} += ${fu`l`LArGum`ENT}.("{1}{2}{3}{0}"-f 'g','Sub','S','trin').Invoke(0,(&("{1}{0}{2}{3}" -f 't-','Ge','Rando','m') -Minimum 5 -Maximum (${fuL`larguMe`NT}."lEN`G`Th"+1))) 203 | } 204 | If(${pSb`o`Un`Dp`AraMeTErs}[("{0}{1}"-f 'No','Logo')]) 205 | { 206 | ${FUlLa`R`gUmeNt} = ("{2}{0}{1}" -f'g','o','-NoLo'); 207 | ${COmm`A`NdL`iNE`OPtIo`NS} += ${FUlL`Argu`m`eNT}.("{0}{1}{2}"-f'SubStr','in','g').Invoke(0,(&("{2}{0}{1}"-f'do','m','Get-Ran') -Minimum 4 -Maximum (${FUllAR`gum`E`Nt}."lE`N`Gth"+1))) 208 | } 209 | If(${pS`Bou`NDPARaM`Et`eRs}[("{2}{1}{3}{0}"-f 'dowStyle','i','W','n')] -OR ${wI`NdOW`sstY`Le}) 210 | { 211 | ${FuLL`ArG`U`MeNT} = ("{3}{1}{2}{0}" -f'le','indowSt','y','-W') 212 | If(${W`Ind`OWsst`Yle}) {${aRgUm`ENt`VaL`UE} = ${WindoW`SSTY`lE}} 213 | Else {${ARguMe`NTv`AL`Ue} = ${pSboun`DPa`RamET`Ers}[("{1}{2}{0}"-f'dowStyle','W','in')]} 214 | 215 | 216 | Switch(${AR`GU`ment`Val`Ue}.("{0}{2}{1}"-f'ToLow','r','e').Invoke()) 217 | { 218 | ("{0}{1}" -f 'n','ormal') {If(&("{0}{1}{2}"-f 'G','et-','Random') -Input @(0..1)) {${a`R`GUmen`TvAluE} = (&("{1}{2}{0}" -f'm','Get-Ran','do') -Input @('0','n','no','nor',("{1}{0}" -f 'orm','n'),("{0}{1}" -f 'n','orma')))}} 219 | ("{0}{2}{1}" -f'hid','en','d') {If(&("{1}{0}{2}"-f 't-Ran','Ge','dom') -Input @(0..1)) {${ar`GuMen`T`VAL`Ue} = (&("{2}{0}{1}"-f't-Ra','ndom','Ge') -Input @('1','h','hi','hid',("{0}{1}" -f 'hi','dd'),("{0}{1}"-f'h','idde')))}} 220 | ("{2}{0}{1}" -f'nimiz','ed','mi') {If(&("{2}{0}{1}" -f '-','Random','Get') -Input @(0..1)) {${a`RgUmEn`TvaluE} = (&("{0}{2}{1}" -f'Get-','m','Rando') -Input @('2','mi','min',("{0}{1}" -f 'mi','ni'),("{1}{0}"-f'm','mini'),("{0}{1}" -f 'm','inimi'),("{2}{1}{0}"-f 'z','inimi','m'),("{0}{1}{2}"-f 'm','inim','ize')))}} 221 | ("{2}{1}{3}{0}"-f 'ized','axi','m','m') {If(&("{0}{1}{2}"-f 'Get-Ran','do','m') -Input @(0..1)) {${arGU`m`ENtV`A`luE} = (&("{1}{2}{0}" -f'm','Get-Ra','ndo') -Input @('3','ma','max',("{0}{1}" -f'm','axi'),("{0}{1}" -f'maxi','m'),("{0}{1}"-f'm','aximi'),("{0}{2}{1}" -f 'max','z','imi'),("{2}{0}{1}"-f'ax','imize','m')))}} 222 | ("{1}{0}" -f'ault','def') {&("{1}{2}{0}{3}" -f'rro','Write-','E','r') ('An'+' '+'inval'+'id'+' '+"`$ArgumentValue "+'value'+' '+"($ArgumentValue) "+'was'+' '+'pass'+'ed '+'to'+' '+'switch'+' '+'block'+' '+'for'+' '+'Out-Powe'+'r'+'Shell'+'Launch'+'er.'); Exit;} 223 | } 224 | 225 | ${P`oWE`Rsh`eL`lfla`GS} += ${ful`L`Argu`meNt}.("{1}{2}{0}"-f'g','Su','bStrin').Invoke(0,(&("{0}{1}{2}" -f'Ge','t-R','andom') -Minimum 2 -Maximum (${fUllaR`GUM`ent}."Len`GtH"+1))) + ' '*(&("{1}{0}{2}"-f 'o','Get-Rand','m') -Minimum 1 -Maximum 3) + ${ARGU`men`T`ValUE} 226 | } 227 | If(${PS`Bo`UNdPARAm`E`TE`RS}[("{3}{2}{0}{1}"-f 'nPoli','cy','io','Execut')] -OR ${EXe`cu`T`IO`NPoLiCY}) 228 | { 229 | ${fU`Ll`ARG`U`MENT} = ("{4}{3}{0}{1}{2}"-f'ionPol','ic','y','ut','-Exec') 230 | If(${eXeCU`TI`onp`oli`CY}) {${aR`GU`meNtvaLuE} = ${ExEcUtI`o`NpOLi`cY}} 231 | Else {${Ar`gu`ME`NTvalUe} = ${PS`Boundp`A`RA`mEtERs}[("{3}{4}{1}{2}{0}"-f'licy','cutio','nPo','Ex','e')]} 232 | 233 | ${E`XEC`UtiO`N`poLIcYF`la`gs} = @() 234 | ${e`XeCuTIO`N`po`LiCyFL`A`gs} += '-EP' 235 | For(${ind`EX}=3; ${i`Nd`eX} -le ${fUL`l`ArGU`MENT}."Le`NGTH"; ${i`NDex}++) 236 | { 237 | ${eX`Ec`U`Ti`o`NpOlICyFL`AGs} += ${FU`lL`Ar`gum`ent}.("{0}{1}{2}" -f'Su','bSt','ring').Invoke(0,${i`NdeX}) 238 | } 239 | ${e`xECutI`onP`o`lICyF`lag} = &("{1}{0}{2}" -f'et-Rando','G','m') -Input ${exECuTiOn`Po`liCyfla`Gs} 240 | ${PoWEr`SHE`l`LFlAGs} += ${eX`ECUt`IoNPo`l`ICYfL`AG} + ' '*(&("{1}{0}{2}"-f 'nd','Get-Ra','om') -Minimum 1 -Maximum 3) + ${arg`Um`e`N`TvALuE} 241 | } 242 | 243 | 244 | 245 | If(${cO`mmandLIn`e`opTIOnS}."coU`NT" -gt 1) 246 | { 247 | ${c`omM`An`Dl`iN`eO`pTionS} = &("{2}{0}{1}" -f'-Ran','dom','Get') -InputObject ${COMmANDL`i`NE`optiOns} -Count ${cOMMaN`dLin`Eopti`oNS}."Co`UnT" 248 | } 249 | 250 | 251 | If(${PSBoUndPAr`AME`T`ers}[("{1}{0}"-f'ommand','C')]) 252 | { 253 | ${F`UlLaRgume`Nt} = ("{0}{1}{2}"-f'-','Co','mmand') 254 | ${cO`mm`ANd`LI`NeOptio`NS} += ${F`U`LLarg`U`MENT}.("{2}{1}{0}"-f'ng','ri','SubSt').Invoke(0,(&("{1}{2}{0}"-f'ndom','G','et-Ra') -Minimum 2 -Maximum (${f`U`LLArg`U`menT}."LeNG`Th"+1))) 255 | } 256 | 257 | 258 | For(${i}=0; ${i} -lt ${po`WER`S`HELLF`LaGs}."CoU`Nt"; ${I}++) 259 | { 260 | ${poW`E`RSh`eLLf`LagS}[${I}] = ([Char[]]${PO`wER`s`HelLflAgs}[${I}] | &("{2}{0}{1}"-f 'c','h-Object','ForEa') {${ch`Ar} = ${_}.("{0}{1}" -f 'To','String').Invoke().("{0}{1}" -f'ToLow','er').Invoke(); If(&("{2}{0}{1}"-f't-','Random','Ge') -Input @(0..1)) {${c`har} = ${c`hAR}.("{0}{1}{2}" -f'T','o','Upper').Invoke()} ${CH`AR}}) -Join '' 261 | } 262 | 263 | 264 | ${ComMANd`L`in`EOPTIoNS} = (${COMMa`NdLINEop`TIo`Ns} | &("{2}{0}{1}"-f'rEach-Obj','ect','Fo') {${_} + " "*(&("{2}{1}{0}" -f 'dom','t-Ran','Ge') -Minimum 1 -Maximum 3)}) -Join '' 265 | ${c`OmMAnD`LiNE`oPtIONS} = " "*(&("{2}{1}{0}" -f'm','ndo','Get-Ra') -Minimum 0 -Maximum 3) + ${COMMaN`d`l`In`EOPtions} + " "*(&("{1}{0}{2}" -f 'e','G','t-Random') -Minimum 0 -Maximum 3) 266 | 267 | 268 | If(${PsBo`U`N`DPARAMet`ERs}[("{1}{0}"-f'w64','Wo')]) 269 | { 270 | ${co`mMA`Nd`LinEOutp`UT} = "C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions) `"$NewScript`" " 271 | } 272 | Else 273 | { 274 | 275 | 276 | ${cOm`mAn`DLIne`oUtP`UT} = "powershell $($CommandlineOptions) `"$NewScript`" " 277 | } 278 | 279 | 280 | ${cmDM`A`XlEng`TH} = 8190 281 | If(${c`om`MANDLiNEOUTP`UT}."l`eNgth" -gt ${c`MD`MaX`Length}) 282 | { 283 | &("{1}{3}{0}{2}" -f'nin','Write-Wa','g','r') "This command exceeds the cmd.exe maximum allowed length of $CmdMaxLength characters! Its length is $($CmdLineOutput.Length) characters. " 284 | } 285 | 286 | ${neWS`Cr`IpT} = ${coMmAn`d`Li`NE`outp`UT} 287 | } 288 | 289 | Return ${newS`CRI`pT} 290 | } 291 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Invoke-Obfuscation-Bypass 2 | 3 | 4 | powershell启动Invoke-Obfuscation-Bypass 5 | ``` 6 | Import-Module .\Invoke-Obfuscation.psd1 7 | Invoke-Obfuscation 8 | ``` 9 | 10 | 依次输入选项 11 | ``` 12 | set scriptpath C:\Users\用户名\Desktop\payload.ps1 13 | token 14 | all 15 | 1 16 | out ..\payload1.ps1 17 | ``` 18 | 19 | 使用ps2exe将混淆后的ps1文件转为exe 20 | ``` 21 | .\ps2exe.ps1 -inputFile 'payload1.ps1' -outputFile 'Test.exe' -runtime40 -lcid '' -MTA -noConsole -supportOS 22 | ``` 23 | 24 | ![image](https://z3.ax1x.com/2021/08/22/hpTzid.png) 25 | --------------------------------------------------------------------------------