Files

Logo
OSBinaries
- Payload
- Atbroker.md
- Bash.md
- Bitsadmin.md
- Certutil.md
- Cmdkey.md
- Cmstp.md
- Control.md
- Csc.md
- Cscript.md
- Dfsvc.md
- Diskshadow.md
- Dnscmd.md
- Esentutl.md
- Expand.md
- Explorer.md
- Extexport.md
- Extrac32.md
- Findstr.md
- Forfiles.md
- Gpscript.md
- Hh.md
- Ie4uinit.md
- Ieexec.md
- Infdefaultinstall.md
- Installutil.md
- Makecab.md
- Mavinject.md
- Msbuild.md
- Msconfig.md
- Msdt.md
- Mshta.md
- Msiexec.md
- Netsh.md
- Nltest.md
- Odbcconf.md
- Openwith.md
- Pcalua.md
- Pcwrun.md
- Powershell.md
- Presentationhost.md
- Print.md
- Psr.md
- Reg.md
- Regasm.md
- Regedit.md
- Register-cimprovider.md
- Regsvcs.md
- Regsvr32.md
- Replace.md
- Robocopy.md
- Rpcping.md
- Rundll32.md
- Runonce.md
- Runscripthelper.md
- Sc.md
- Scriptrunner.md
- Syncappvpublishingserver.md
- Wab.md
- Wmic.md
- Wscript.md
- Xwizard.md
OSLibraries
OSScripts
OtherBinaries
OtherMSBinaries
OtherScripts
Backlog.txt
Contribute.md
LOLBins.md
LOLLibs.md
LOLScripts.md
README.md

Powershell.md

Added some more LOLBins

Apr 19, 2018

0f6776d · Apr 19, 2018

Powershell.exe

Functions: Execute, Read ADS

powershell -ep bypass - < c:\temp:ttt

Acknowledgements:

Moriarty - @Moriarty_Meng

Code sample:

NameOfLink

Resources:

https://twitter.com/Moriarty_Meng/status/984380793383370752

Full path:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Notes: Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)