Basic checks / powershell
Default powershell path
Powershell default path IMPORTANT: Using SysNative will get us to use the correct Powershell (32bit or 64bit) version, if we do not use absolute path the 32bit powershell will be used instead - this would be cause problems if you are trying to run privesc exploits in powershell later on a 64bit machine.
Basic
Syntax | Description |
| System info, os, achitecture |
| Hostname/compute rname |
| user privileges |
| Groups |
| Admin group users |
| Env variables |
| Process |
| Recursive search string |
| Powershell execute from cmd |
| FTP |
Network
Syntax | Description |
| Ip address |
| Route |
| Arp (other machines that ping it) |
| Open ports |
| Check Firewall |
Juicy Info
Reg query passwords in registry
Dir search password files
Using 'findstr' to find files
Juicy files to look
Plaintext or base64 encoded passwords / config files
Encrypted password in plaintext. Can use PowerSploit's Get-GPPPassword module
Syntax | Description |
Last updated