Downloading PowerShell Code

In the previous tip we explained how Invoke-WebRequest can be used to download the raw HTML content for any web page. This can also be used to transport PowerShell code. Invoke-WebRequest downloads anything a web server serves, so the below example downloads a PowerShell script:

$url = "http://bit.ly/e0Mw9w"
$page = Invoke-WebRequest -Uri $url
$code = $page.Content
$code | Out-GridView

Once you are confident with the code, you could easily try and run it:

Invoke-Expression -Command $code

This works well in the PowerShell console, and you see a “dancing Rick Ascii” and listen to fun music. However, if you run the above code in a different editor, your AV engine might block the call and identify it as a serious threat. This is because the downloaded code checks the environment it runs in, and since it requires a console, it launches a PowerShell console if it is run from anywhere else. This launch is picked up by the AV engine, and subsequently blocked.

Twitter This Tip! ReTweet this Tip!

GD Star Rating
loading...