Added the Wow64 switch to Prepare-Payload

Now, you can optionally output a call to the x86 (Wow64) version of
PowerShell.

1 files changed, 17 insertions, 3 deletions

diff --git a/Prepare-Payload.ps1 b/Prepare-Payload.ps1
index 2797466..c0ef8da 100644
--- a/Prepare-Payload.ps1
+++ b/Prepare-Payload.ps1
@@ -33,6 +33,10 @@ Outputs the option to not load the Windows PowerShell profile.
 

 Outputs the option to not present an interactive prompt to the user.

 

+.PARAMETER Wow64

+

+Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.

+

 .PARAMETER WindowStyle

 

 Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.

@@ -82,6 +86,9 @@ http://www.exploit-monday.com
         [Switch]

         $NonInteractive,

 

+        [Switch]

+        $Wow64,

+

         [ValidateSet('Normal', 'Minimized', 'Maximized', 'Hidden')]

         [String]

         $WindowStyle

@@ -124,7 +131,14 @@ http://www.exploit-monday.com
     if ($PSBoundParameters['WindowStyle'])

     { $CommandlineOptions += "-WindowStyle $($PSBoundParameters['WindowStyle'])" }

 

-    $CommandLineOutput = "powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"

-

+    if ($PSBoundParameters['Wow64'])

+    { 

+        $CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"

+    }

+    else

+    {

+        $CommandLineOutput = "powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"

+    }

+    

     Write-Output $CommandLineOutput

-}

+}
\ No newline at end of file