This commit is contained in:
Stefan Friese 2021-09-27 23:01:32 +02:00
parent 3800d3b247
commit 80b94f4663
3 changed files with 47 additions and 11 deletions

View File

@ -65,11 +65,30 @@ Get-ChildItem -Path C:\ -Recurse -Include *.txt -ErrorAction SilentlyContinue |
```sh
Get-HotFix | Format-list | findstr <searchstring>
```
```sh
Get-ChildItem -Hidden -Recurse -ErrorAction SilentlyContinue
```
* Find backup files
```sh
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
```
* Find file contents
```sh
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
```
## Showing File Content
```
Get-Content 'C:\Program Files\interesting-file.txt'
```
* Indexing lines
```sh
(Get-Content -Path file.txt)[index]
```
* Search
```sh
Select-String <filename> -Pattern <pattern>
```
## Copy File Content
```sh
@ -82,6 +101,11 @@ As an example, count all cmdlets on the system
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object
```
## Count Words
```
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object -Word
```
## Checksum of File
```
Get-FileHash -Algorithm MD5 'C:\Program Files\interesting-file.txt'
@ -160,16 +184,6 @@ Get-Hotfix
Get-Hotfix | Where-Object -Property HotFixID -Match KB124284
```
### Find files and Content
* Find backup files
```
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
```
* Find file contents
```
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
```
### Processes
* Start processes
@ -190,6 +204,16 @@ or
Get-ScheduledTask -TaskName taskname
```
### Alternate Data Stream(ADS)
* Show ADS
```sh
Get-Item -Path file.exe -Stream *
```
* Open ADS
```sh
wmic process call create $(Resolve-Path file.exe:streamname)
```
### Export Output
* Export as CSV
```sh

View File

@ -0,0 +1,9 @@
# Volume Shadow Copy Service
## Usage
```sh
vssadmin list volumes
```
```sh
vssadmin list shadows
```

View File

@ -58,6 +58,9 @@ This may be used for path traversal
```
Check return value of the form for result.
## Tricks
* `localtest.me` resolves to `127.0.0.1`, may be used to extend a domain inside a parameter to redirect to localhost.
## Tools
* [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file)
* https://requestbin.com