bump
This commit is contained in:
parent
3800d3b247
commit
80b94f4663
|
|
@ -65,11 +65,30 @@ Get-ChildItem -Path C:\ -Recurse -Include *.txt -ErrorAction SilentlyContinue |
|
|||
```sh
|
||||
Get-HotFix | Format-list | findstr <searchstring>
|
||||
```
|
||||
```sh
|
||||
Get-ChildItem -Hidden -Recurse -ErrorAction SilentlyContinue
|
||||
```
|
||||
* Find backup files
|
||||
```sh
|
||||
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
|
||||
```
|
||||
* Find file contents
|
||||
```sh
|
||||
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
|
||||
```
|
||||
|
||||
## Showing File Content
|
||||
```
|
||||
Get-Content 'C:\Program Files\interesting-file.txt'
|
||||
```
|
||||
* Indexing lines
|
||||
```sh
|
||||
(Get-Content -Path file.txt)[index]
|
||||
```
|
||||
* Search
|
||||
```sh
|
||||
Select-String <filename> -Pattern <pattern>
|
||||
```
|
||||
|
||||
## Copy File Content
|
||||
```sh
|
||||
|
|
@ -79,7 +98,12 @@ Copy-Item <sourcefile> <destfile>
|
|||
## Count Lines of Output
|
||||
As an example, count all cmdlets on the system
|
||||
```
|
||||
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object
|
||||
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object
|
||||
```
|
||||
|
||||
## Count Words
|
||||
```
|
||||
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object -Word
|
||||
```
|
||||
|
||||
## Checksum of File
|
||||
|
|
@ -160,16 +184,6 @@ Get-Hotfix
|
|||
Get-Hotfix | Where-Object -Property HotFixID -Match KB124284
|
||||
```
|
||||
|
||||
### Find files and Content
|
||||
* Find backup files
|
||||
```
|
||||
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
|
||||
```
|
||||
|
||||
* Find file contents
|
||||
```
|
||||
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
|
||||
```
|
||||
|
||||
### Processes
|
||||
* Start processes
|
||||
|
|
@ -190,6 +204,16 @@ or
|
|||
Get-ScheduledTask -TaskName taskname
|
||||
```
|
||||
|
||||
### Alternate Data Stream(ADS)
|
||||
* Show ADS
|
||||
```sh
|
||||
Get-Item -Path file.exe -Stream *
|
||||
```
|
||||
* Open ADS
|
||||
```sh
|
||||
wmic process call create $(Resolve-Path file.exe:streamname)
|
||||
```
|
||||
|
||||
### Export Output
|
||||
* Export as CSV
|
||||
```sh
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
# Volume Shadow Copy Service
|
||||
|
||||
## Usage
|
||||
```sh
|
||||
vssadmin list volumes
|
||||
```
|
||||
```sh
|
||||
vssadmin list shadows
|
||||
```
|
||||
|
|
@ -58,6 +58,9 @@ This may be used for path traversal
|
|||
```
|
||||
Check return value of the form for result.
|
||||
|
||||
## Tricks
|
||||
* `localtest.me` resolves to `127.0.0.1`, may be used to extend a domain inside a parameter to redirect to localhost.
|
||||
|
||||
## Tools
|
||||
* [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file)
|
||||
* https://requestbin.com
|
||||
|
|
|
|||
Loading…
Reference in New Issue