El código de PowerShell que permite obtener el hash en MD5
|
1 |
powershell -command {[Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null;([System.Web.Security.FormsAuthentication]::HashPasswordForStoringInConfigFile("hola", "MD5"))} |
Convertir el código de PowerShell a Base64
|
1 2 3 4 5 |
$comando = '[Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null; ([System.Web.Security.FormsAuthentication]::HashPasswordForStoringInConfigFile("hola", "MD5"))' $codigocargado = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($comando)) $codigocargado |
Ejecutar desde PHP el código convertido a Base64
|
1 2 3 4 |
<?php $salida = shell_exec("powershell -encodedcommand WwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAVwBpAHQAaABQAGEAcgB0AGkAYQBsAE4AYQBtAGUAKAAiAFMAeQBzAHQAZQBtAC4AVwBlAGIAIgApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7ACAAKABbAFMAeQBzAHQAZQBtAC4AVwBlAGIALgBTAGUAYwB1AHIAaQB0AHkALgBGAG8AcgBtAHMAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAF0AOgA6AEgAYQBzAGgAUABhAHMAcwB3AG8AcgBkAEYAbwByAFMAdABvAHIAaQBuAGcASQBuAEMAbwBuAGYAaQBnAEYAaQBsAGUAKAAiAGgAbwBsAGEAIgAsACAAIgBNAEQANQAiACkAKQA="); echo $salida; ?> |