30 lines
540 B
Markdown
30 lines
540 B
Markdown
## Powershell.exe
|
|
|
|
* Functions: Execute, Read ADS
|
|
|
|
```
|
|
powershell -ep bypass - < c:\temp:ttt
|
|
|
|
```
|
|
|
|
Acknowledgements:
|
|
* Moriarty - @Moriarty_Meng
|
|
|
|
Code sample:
|
|
* [NameOfLink](Payload/NameOfPayload)
|
|
|
|
Resources:
|
|
* https://twitter.com/Moriarty_Meng/status/984380793383370752
|
|
|
|
Full path:
|
|
```
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
|
```
|
|
|
|
Notes:
|
|
Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)
|
|
|
|
|
|
|