PowerShell Execution Policy 是用来决定哪些类型的 PowerShell 代码可以在系统中运行.
1
2
3
4
|
Restricted - 不允许任何脚本运行.
AllSigned - 只能允许经过数字签名的脚本.
RemoteSigned - 运行本地脚本不需要数字签名 远程的需要.
Unrestricted - 允许任何脚本运行.
|
查看当前的策略
Bypass
将 ExecutionPolicy 设置为 Bypass.
1
|
powershell.exe -ExecutionPolicy Bypass -File .\test.ps1
|
UnRestricted
将 ExecutionPolicy 设置为 UnRestricted.
1
|
powershell.exe -ExecutionPolicy UnRestricted -File .\test.ps1
|
RemoteSigned
将 ExecutionPolicy 设置为 RemoteSigned.
1
|
powershell.exe -ExecutionPolicy RemoteSigned -File .\test.ps1
|
Pipe
通过管道执行脚本.
1
|
PGet-Content .\test.ps1 | powershell.exe -
|
类似的还有 type 命令.
1
|
type .\test.ps1 | powershell.exe -
|
IEX
通过 IEX 远程下载脚本执行.
1
|
powershell.exe "IEX (New-Object Net.WebClient).DownloadString('http://localhost/test.ps1')"
|
Encode
unicode + base64 编码执行.
1
2
3
4
|
$command = Get-Content .\test.ps1
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
powershell.exe -EncodedCommand $encodedCommand
|
Command
好像会有引号的转义问题, 更改了下执行的脚本.
1
2
3
|
echo "echo 'hello world'" > .\test.ps1
$command = Get-Content .\test.ps1
powershell -command "$command"
|
Invoke-Expression (IEX)
Invoke-Expression 将它接受到的任何字符串当作 powershell 代码执行.
1
|
Get-Content .\test.ps1 | Invoke-Expression
|