Simple Obfuscation with PowerShell using Base64 Encoding

I recently received a question from someone wanting to know how I encoded a string of text on my blog site. Back in January of 2013, I competed in Jeff Hicks PowerShell Challenge that was held by TrainSignal. One of the questions had an encoded command which you were to decode. I figured out that the EncodedCommand parameter of PowerShell.exe could not only be used to run commands that are encoded with Base64, that it could also be used to easily decode a string of text that was encoded with Base64.

1powershell.exe /?
3    Accepts a base-64-encoded string version of a command. Use this parameter
4    to submit commands to Windows PowerShell that require complex quotation
5    marks or curly braces.

The help for PowerShell.exe also shows you how to encode a command with Base64:

2    # To use the -EncodedCommand parameter:
3    $command = 'dir "c:\program files" '
4    $bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
5    $encodedCommand = [Convert]::ToBase64String($bytes)
6    powershell.exe -encodedCommand $encodedCommand

Encoding something like the domain name for this blog site is easy enough:


While it could be decoded within PowerShell:


Adding quotes around the domain name also allows it to be decoded with PowerShell.exe using the EncodedCommand parameter without having to encode it with a command such as Write-Output:

1powershell.exe -encodedCommand JwBtAGkAawBlAGYAcgBvAGIAYgBpAG4AcwAuAGMAbwBtACcA

The code shown in the previous example specifies the NoProfile parameter but it's not required.