Unmanaged PowerShell execution using DLLs or a standalone executable.
Introduction
PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets.
Features
- Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.
- Run Powershell without powershell.exe or powershell_ise.exe
- AMSI Bypass features.
- Run Powershell scripts directly from the command line or Powershell files
- Import Powershell modules and execute Powershell Cmdlets.
Usage
.dll version
rundll32
<div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="rundll32 PowerShx.dll,main -e
rundll32 PowerShx.dll,main -f Run the script passed as argument
rundll32 PowerShx.dll,main -f -c Load a script and run a PS cmdlet
rundll32 PowerShx.dll,main -w Start an interactive console in a new window
rundll32 PowerShx.dll,main -i Start an interactive console
rundll32 PowerShx.dll,main -s Attempt to bypass AMSI
rundll32 PowerShx.dll,main -v Print Execution Output to the console “>
rundll32 PowerShx.dll,main -e <PS script to run>
rundll32 PowerShx.dll,main -f <path> Run the script passed as argument
rundll32 PowerShx.dll,main -f <path> -c <PS Cmdlet> Load a script and run a PS cmdlet
rundll32 PowerShx.dll,main -w Start an interactive console in a new window
rundll32 PowerShx.dll,main -i Start an interactive console
rundll32 PowerShx.dll,main -s Attempt to bypass AMSI
rundll32 PowerShx.dll,main -v Print Execution Output to the console