LOLBAS/OSBinaries/Powershell.md

## Powershell.exe

* Functions: Execute, Read ADS

```
powershell -ep bypass - < c:\temp:ttt    

```

Acknowledgements:
* Moriarty - @Moriarty_Meng

Code sample:
* [NameOfLink](Payload/NameOfPayload)

Resources:
* https://twitter.com/Moriarty_Meng/status/984380793383370752

Full path:
```
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
```

Notes:
Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)
Added some more LOLBins 2018-04-19 00:06:48 +00:00			`## Powershell.exe`

			`* Functions: Execute, Read ADS`

			```
			`powershell -ep bypass - < c:\temp:ttt`

			```

			`Acknowledgements:`
			`* Moriarty - @Moriarty_Meng`

			`Code sample:`
			`* [NameOfLink](Payload/NameOfPayload)`

			`Resources:`
			`* https://twitter.com/Moriarty_Meng/status/984380793383370752`

			`Full path:`
			```
			`C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe`
			`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`
			```

			`Notes:`
			`Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)`