16 Win Information Goldmine

Question 1

How get history in powershell ?

Answer 1

Get-History

Question 2

How save history of powershell in a file ?

Answer 2

(Get-PSReadlineOption).HistorySavePath

Question 3

How create PSCredential object (password: qwertqwertqwert123!! ) and connect on computer CLIENTWK220 ?

Answer 3

$password = ConvertTo-SecureString “qwertqwertqwert123!!” -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential(“daveadmin”, $password)
Enter-PSSession -ComputerName CLIENTWK220 -Credential $cred

whoami

Question 4

How to connect via WinRM on Kali (ip: XXXX, user:daveadmin, password: qwertqwertqwert123!! ) ?

Answer 4

evil-winrm -i 192.168.50.220 -u daveadmin -p “qwertqwertqwert123!!”

Question 5

Use Event viewer to get action of a script

Answer 5

Start the app “Event Viewer”

Question 6

Why use evil-winrm instead of reverse shell via PS ?

Answer 6

Creating a PowerShell remoting session via WinRM in a bind shell can cause unexpected behavior.

Question 7

How use evil-winrm to connect as user “daveadmin” with pass “pass!!” on target <IP></IP>

Answer 7

kali@kali:~$ evil-winrm -i 192.168.50.220 -u daveadmin -p “pass!!”

Question 8

How prevent PS to log history (alternative ? (1))

Answer 8

Set-PSReadLineOption -HistorySaveStyle SaveNothing
Alternative: delete manually the history file

Question 9

In which env. var is stored the history file path of PS ?

Answer 9

$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt