PowerShell Deobfuscation: Ep 8 help

Question

I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far.

I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data:

You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this...

It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable.

I assume I am missing something simple but every time I read it back through, I don't see what I missed.

Any help you can provide would be greatly appreciated.

netcat · Answer

It's very readable, not for humans I have to admit.
Hint 1: You're not done with the deobfuscation.
Hint 2: Soon you'll enjoy "Cannot convert value of type "System.String" to type "System.Type".
Hint 3: The answer shall not contain "http://attackerdomain.com/" but only the path.

Forum Discussion

PowerShell Deobfuscation: Ep 8 help

Related Content

PowerShell Deobfuscation: Ep.9

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Assistance: PowerShell Deobfuscation: Ep.4 - Logical and Structural Obfuscation - Question 7

PowerShell Basics: Demonstrate Your Skills question 11/12

Recent Discussions

AWS Security Hub: Integrations and Custom Actions

Need help on question 10 in "Wizard Spider DFIR: Ep.2 – Ransomware Analysis" lab

Need Help for Pwntools: Ep. 6 — Demonstrate Your Skills

Anyone finished the "Etherium Smart Contracts"?

Foundational Static Analysis: API Analysis