Invoke-PSImage: PowerShell Script Pixel Encoder

CyberPunk Exploitation Tools
Last Commit: 09/23/2019
Invoke-PSImage: PowerShell Script Pixel Encoder

Invoke-PSImage encodes a PowerShell script into a PNG image and then generates a single line of code to run the script. The original image is nearly perfect, and it is almost impossible to detect the embedded script in the image.

Invoke-PSImage: Powershell Script Encoder

The user has option to create a new image using only the payload data or embed the payload into an existing image by only modifying the least significant bytes of the existing image so that it looks the original picture. The input image can be of any type, but the output will be in PNG format, so it can be losslessly compressed when required while retaining the embedded script.

How Invoke-PSImage Works?

Once the payload is embedded in the image, 4 bits of 2 color values in each pixel are used to hold the payload. The image quality will be lower, but decent. Each pixel of the image is used to hold one byte of script, so the image would need to be at least as many pixels as bytes in the script. For example, Invoke-Mimikatz fits into a 1920×1200 image.

Features:

  • Embed scripts into images
  • Generate a single command to execute the script
  • Easy to install and operate

Supported Platforms:

  • Windows

Requirements:

  • None

Install Invoke-PSImage

Clone the GitHub repo:

$ git clone https://github.com/peewpw/Invoke-PSImage.git

Usage

Run the Invoke-PSImage.ps1 file from the PowerShell terminal.

Arguments:

-Script [filepath] The path to the script to embed in the Image.
-Out [filepath] The file to save the resulting image to (image will be a PNG)
-Image [filepath] The image to embed the script in. (optional)
-WebRequest Output a command for reading the image from the web using Net.WebClient. You will need to host the image and insert the URL into the command.
-PictureBox Output a command for reading the image from the web using System.Windows.Forms.PictureBox. You will need to host the image and insert the URL into the command.

Invoke-PSImage Usage Example

To create an image with the script Invoke-Mimikatz.ps1 embeded in it and output a oneliner to execute from disk run: 

$ PS>Import-Module .\Invoke-PSImage.ps1 
$ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Out .\evil-image.png -Image .\image.jpg    
    [Oneliner to execute from a file]

To create an image and to execute from the web:

$ PS>Import-Module .\Invoke-PSImage.ps1 
$ PS>Invoke-PSImage -Script .\Invoke-Mimikatz.ps1 -Out .\evil-image.png -Image .\image.jpg -WebRequest    
     [Oneliner to execute from the web]
Note: If you want to execute the image from the web, you’ll need to host it and to edit the URL.
Documentation Box
Download Box
ExploitPayloadpowershell