infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
LOLBAS/OSBinaries/Powershell.md

540 B
Raw Blame History

Powershell.exe

  • Functions: Execute, Read ADS
powershell -ep bypass - < c:\temp:ttt

Acknowledgements:

  • Moriarty - @Moriarty_Meng

Code sample:

Resources:

Full path:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Notes: Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)