PowerShdll

如果PowerShell被禁止运行,可以使用该工具绕过。
首先下载编译的PowerShdll文件。
然后在CMD中执行以下命令:
rundll32.exe PowerShdll.dll,main
即可弹出一个PowerShell窗口:
除了使用rundll32运行,还可以通过以下方法运行该PowerShdll.dll:
1. 
    x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U PowerShdll.dll
    x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.3031964\InstallUtil.exe /logfile= /LogToConsole=false /U PowerShdll.dll
2. 
    x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe PowerShdll.dll
    x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe PowerShdll.dll
3. 
    x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U PowerShdll.dll
    x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U PowerShdll.dll
4. 
    regsvr32 /s  /u PowerShdll.dll -->Calls DllUnregisterServer
    regsvr32 /s PowerShdll.dll --> Calls DllRegisterServer
压缩包里还带有exe文件可以直接运行:
Usage:
PowerShdll.exe <script>
PowerShdll.exe -h      Display this message
PowerShdll.exe -f <path>       Run the script passed as argument
PowerShdll.exe -i      Start an interactive console in this console (Default)