From 7fda3dffea100601e49c41fd50ab22a1c4c1d603 Mon Sep 17 00:00:00 2001
From: bitform <matt@exploit-monday.com>
Date: Fri, 14 Dec 2012 19:45:10 -0500
Subject: Added the Wow64 switch to Prepare-Payload

Now, you can optionally output a call to the x86 (Wow64) version of
PowerShell.
---
 Prepare-Payload.ps1 | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/Prepare-Payload.ps1 b/Prepare-Payload.ps1
index 2797466..c0ef8da 100644
--- a/Prepare-Payload.ps1
+++ b/Prepare-Payload.ps1
@@ -33,6 +33,10 @@ Outputs the option to not load the Windows PowerShell profile.
 
 Outputs the option to not present an interactive prompt to the user.
 
+.PARAMETER Wow64
+
+Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.
+
 .PARAMETER WindowStyle
 
 Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.
@@ -82,6 +86,9 @@ http://www.exploit-monday.com
         [Switch]
         $NonInteractive,
 
+        [Switch]
+        $Wow64,
+
         [ValidateSet('Normal', 'Minimized', 'Maximized', 'Hidden')]
         [String]
         $WindowStyle
@@ -124,7 +131,14 @@ http://www.exploit-monday.com
     if ($PSBoundParameters['WindowStyle'])
     { $CommandlineOptions += "-WindowStyle $($PSBoundParameters['WindowStyle'])" }
 
-    $CommandLineOutput = "powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"
-
+    if ($PSBoundParameters['Wow64'])
+    { 
+        $CommandLineOutput = "$($Env:windir)\SysWOW64\WindowsPowerShell\v1.0\powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"
+    }
+    else
+    {
+        $CommandLineOutput = "powershell.exe $($CommandlineOptions -join ' ') -EncodedCommand $EncodedPayloadScript"
+    }
+    
     Write-Output $CommandLineOutput
-}
+}
\ No newline at end of file
-- 
cgit v1.2.3