Powershell Tools

Useful PowerShell Tools

Port Scan:

0..65535 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.168.0.1",$_)) "Port $_ is open!"} 2>$null

Authenticate With PSCredential:

Import-Module .\PowerView.ps1
$sec = ConvertTo.SecureString '<password>' -AsPlainText -Force
$cred = New.Object System.Management.Automation.PSCredential('<username>',$sec)
 


Invoke Command On Remote Host:

Invoke-Command -ComputerName <target> -Credential $Cred -ScriptBlock { whoami }
 


Decrypt Secure String:

[System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR(<string>))
 


Compact For-Loop:

1,2,3,4 | ForEach-Object { Write-Host $_ }
 


Scan Selected Ports:

22,53,80,443,445 | ForEach-Object { Test-Connection -ComputerName <ip> -Port $_ }
 


Unzip:

Add-Type  -Assembly  'System.Io.Compression.Filesystem';[io.compression.zipfile]::ExtractToDirectory("<archive  path>","<target dir>")

OR

Expand-Archive D:\file.zip -DestinationPath C:\temp
 

Alternate Data Streams:

Check For ADS

Get-Item -Stream * <path>


Search For Hidden Streams:

Get-ChildItem   -Path 'C:\Users\Public\Documents' -Recurse | ForEach-Object { Get-Item   $_.FullName -Stream * } | Where-Object -Property "Stream" -ne ':$Data'


Remove Hidden Stream:

$NameOfStream = 'helloworld.txt'

Remove-Item –Path { C:\Users\Public\Documents\example.txt } –Stream { $NameOfStream } 


Create A Hidden Stream:

CMD:

"type C:\malicious.exe > C:\Users\Public\Desktop\Outlook.exe:malicious.exe"

PS: 

  Set-Content -Path "C:\Users\Public\Documents\example.txt" -Stream $NameOfStream