Passing Arguments to Encoded Commands

by Apr 2, 2019

Encoding PowerShell code is a great way to run PowerShell code outside the PowerShell environment, i.e. in batch files. Here is some sample code that takes PowerShell code, encodes it, and shows how to run it with a console command:

$command = {
Get-Service | 
    Where-Object Status -eq Running | 
    Out-GridView -Title 'Pick a service that you want to stop' -PassThru | 
    Stop-Service
}

$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
"powershell.exe -noprofile -encodedcommand $encodedCommand" | clip

When you run this code, you find the PowerShell command in the clipboard. It looks similar to this:

powershell.exe -noprofile -encodedcommand DQAKAEcAZQB0AC0AUwBlAHIAdgBpAGMAZQAgAHwAIAANAAoAIAAgACAAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAFMAdABhAHQAdQBzACAALQBlAHEAIABSAHUAbgBuAGkAbgBnACAAfAAgAA0ACgAgACAAIAAgAE8AdQB0AC0ARwByAGkAZABWAGkAZQB3ACAALQBUAGkAdABsAGUAIAAnAFAAaQBjAGsAIABhACAAcwBlAHIAdgBpAGMAZQAgAHQAaABhAHQAIAB5AG8AdQAgAHcAYQBuAHQAIAB0AG8AIABzAHQAbwBwACcAIAAtAFAAYQBzAHMAVABoAHIAdQAgAHwAIAANAAoAIAAgACAAIABTAHQAbwBwAC0AUwBlAHIAdgBpAGMAZQANAAoA

When you open a new cmd.exe window, you can paste the code right into it to execute pure PowerShell code. You can run encoded commands anywhere where there is enough space to contain the entire line. Because of length limitations, encoded commands won’t work well inside of shortcut files (.lnk files) and in the Run box inside of the start menu.

And there is another limitation: you can’t pass arguments to encoded commands. Except if you use a cool trick. First, add a param() block to your code, and make the parameter mandatory. Second, pass the arguments via the pipeline in an outer PowerShell.

Here is an example you may want to try:

$command = {
param
(
    [Parameter(Mandatory)]
    [string]
    $FirstName,

    [Parameter(Mandatory)]
    [string]
    $LastName
)
"Hello, your first name is $FirstName and your last name is $lastname!"
}

$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
"powershell.exe -noprofile -command 'Tobias', 'Weltner' | powershell -noprofile -encodedcommand $encodedCommand" | clip

The command looks similar to this:

powershell.exe -noprofile -command 'Tom', 'Tester' | powershell -noprofile -encodedcommand DQAKAHAAYQByAGEAbQANAAoAKAANAAoAIAAgACAAIABbAFAAYQByAGEAbQBlAHQAZQByACgATQBhAG4AZABhAHQAbwByAHkAKQBdAA0ACgAgACAAIAAgAFsAcwB0AHIAaQBuAGcAXQANAAoAIAAgACAAIAAkAEYAaQByAHMAdABOAGEAbQBlACwADQAKAA0ACgAgACAAIAAgAFsAUABhAHIAYQBtAGUAdABlAHIAKABNAGEAbgBkAGEAdABvAHIAeQApAF0ADQAKACAAIAAgACAAWwBzAHQAcgBpAG4AZwBdAA0ACgAgACAAIAAgACQATABhAHMAdABOAGEAbQBlAA0ACgApAA0ACgAiAEgAZQBsAGwAbwAsACAAeQBvAHUAcgAgAGYAaQByAHMAdAAgAG4AYQBtAGUAIABpAHMAIAAkAEYAaQByAHMAdABOAGEAbQBlACAAYQBuAGQAIAB5AG8AdQByACAAbABhAHMAdAAgAG4AYQBtAGUAIABpAHMAIAAkAGwAYQBzAHQAbgBhAG0AZQAhACIADQAKAA==

When you run it, the arguments “Tom” and “Tester” are piped into the PowerShell that executes the encoded command. Since the parameters are mandatory, the piped elements are inserted into the prompts, and processed by the encoded command.


psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!