Blog | G5 Cyber Security

PowerShell Script Auto-Execution from Zip

G5 Cyber Security

TL;DR

No, a PowerShell script inside a standard ZIP file will not automatically execute upon unzipping on most systems due to security restrictions. However, you can achieve this using various methods like creating a batch file wrapper or utilising scheduled tasks. This guide details several approaches.

How to Auto-Execute a PowerShell Script from a Zip File

  1. Understanding the Security Issue
    • Operating systems (Windows, macOS, Linux) are designed to prevent automatic execution of scripts from archives like ZIP files. This is a crucial security measure to protect against malware distribution.
    • Simply unzipping a file does not trigger any script execution.
  2. Method 1: Batch File Wrapper

    This method involves creating a batch (.bat) file that extracts the PowerShell script and then executes it.

    1. Create a new text file and save it as, for example, run.bat.
    2. Add the following code to the run.bat file: 
      @echo off
powershell -ExecutionPolicy Bypass -File "%~dp0your_script.ps1"
exit /b %errorlevel%

      Replace your_script.ps1 with the actual name of your PowerShell script.

    3. Place both the run.bat file and your your_script.ps1 file inside a ZIP archive. Ensure they are at the root level of the zip, not in subfolders.
    4. When the user unzips the archive, they need to double-click the run.bat file to execute the script.
  3. Method 2: Scheduled Task (Advanced)

    This method uses Windows Task Scheduler to monitor a folder for the ZIP file and then automatically extract and run the PowerShell script.

    1. Create a new scheduled task.
      • Trigger: Set the trigger to ‘On a schedule’ or ‘On event’ (e.g., when a new folder is created).
      • Action: Set the action to start a program:
        • Program/script: powershell
        • Add arguments: -ExecutionPolicy Bypass -File "C:PathToYourFolderyour_script.ps1" (Replace with the actual path to your script).
    2. Place your ZIP file in a monitored folder. The task scheduler will then execute the PowerShell script when it detects the zip file’s creation.
  4. Method 3: Using a Self-Extracting Archive (7-Zip)

    7-Zip allows you to create self-extracting archives that can execute commands after extraction.

    1. Download and install 7-Zip.
      • Open 7-Zip File Manager.
      • Add the files you want to archive (including your PowerShell script) to the archive.
      • In the archiving options, go to the ‘Options’ tab.
      • In the ‘Run after extraction’ field, enter the command to execute your script: 
        powershell -ExecutionPolicy Bypass "your_script.ps1"

        Replace your_script.ps1 with the actual name of your PowerShell script.

      • Create the archive as a self-extracting executable (.exe).
  5. Important Security Considerations
    • Execution Policy: The -ExecutionPolicy Bypass parameter is often necessary to allow the script to run if your system’s execution policy restricts unsigned scripts. However, be aware that bypassing the execution policy weakens security. Consider signing your scripts for a more secure approach.
    • User Awareness: Always inform users about what will happen when they unzip or execute the archive. Avoid deceptive practices.
    • Malware Risk: Be extremely cautious when downloading and executing archives from untrusted sources, as they could contain malicious scripts.
Exit mobile version