Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Windows oneliners to download remote payload and execute arbitrary code (arno0x0x.wordpress.com)
23 points by rbanffy 8 months ago | hide | past | web | favorite | 9 comments

Modifying the execution permissions in Powershell requires admin permissions. I'm guessing the author has local admin and does not realize it.

Perhaps I'm misunderstanding what you're saying, but if by "execution permissions" you mean running "powershell -executionpolicy bypass" this doesn't require you to be administrator.

The only thing you need to be administrator for is to run "Set-ExecutionPolicy -Scope LocalMachine"

Exactly, which was done to prevent the old WSH attack vectors.

Then again all cool kids now do curl | sh anyway.

I'm a lifelong Windows user - I usually install software by downloading installers and double clicking them.

Every so often HN rolls their eyes at all these idiots who do "curl | sh". How is doing so any different from downloading an installer over https and running it? Really, if installing software is what we're doing, isn't running it part of the objective?

Or, in short, why is "curl | sh" frowned upon and why are alternatives better?

An installer should be digitally signed, and Windows will flag unsigned installers and try to tell you it is questionable to run.

You can also check that an installer isn't corrupted sfter downloading and before running, classically withe the md5 hash.

That's Windows. There's no such thing on linux.

Yes there is, that is what package managers are for.

And if one gets a random .rpm/.deb package, then it should be installed only if the digital signature is valid.

Permanently modifying it (using Set-ExecutionPolicy) requires admin, but from what I remember, setting it on a per-process basis by starting powershell.exe with the -ExecutionPolicy flag does not.

You actually can even permanently modify it as a normal user. You need to be admin to run set-executionpolicy -Scope LocalMachine (which is the default) but you can run set-executionpolicy -Scope CurrentUser as a normal user.

(This can be overridden by policies though.)

Also, in windows 10 the default ExecutionPolicy changed from Windows 7 so by default you can run powershell scripts even without using -executionpolicy bypass.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact