Hack with Powershell
First, we connect to the machine:
xfreerdp /u:Administrator /p:BHN2UVw0Q /cert:ignore /v:10.10.60.147
Basic Powershell commands
- Find a file with a particular name
Get-ChildItem -Path C:\ -Include *nameofthefile* -File -Recurse -ErrorAction SilentlyContinue
- Specify the contents of the file
Get-Content "C:\Program Files\interesting-file.txt.txt"
- Get the MD5 hash of a file
Get-FileHash -Path "C:\Program Files\interesting-file.txt.txt" -Algorithm MD5
- Get the current directory
Get-Location
- Make a request to a web server
Invoke-WebRequest
- Base64 decode
Get-ChildItem -Path C:/ -Include b64.txt -Recurse -File
Enumeration
- List users
Get-LocalUser
- Get the User with an specific SID
Get-LocalUser -SID "S-1-5-21-1394777289-3961777894-1791813945-501"
- Get users without passwords
Get-LocalUser | Where-Object -Property PasswordRequired -Match false
- Get Localgroups
Get-LocalGroup | measure
- Get the IP address info
Get-NetIPAddress
- Count listening ports
Get-NetTCPConnection | Where-Object -Property State -Match Listen | measure
- List listening ports
Get-NetTCPConnection | Where-Object -Property State -Match Listen
- Show the number of patches
Get-Hotfix | measure
- Find the contents of a backup file
Get-ChildItem -Path C:\ -Include *.bak* -File -Recurse -ErrorAction SilentlyContinue
Get-Content "C:\Program Files (x86)\Internet Explorer\passwords.bak.txt"
- Find a file containing a string
- List processes
Get-Process
- Get scheduled task
Get-ScheduledTask -TaskName new-sched-task
- Know the owner of a path/directory
Get-Acl c:/