POWERSHELL WEAPONS
Elite database of PowerShell exploits with detailed attack vectors, stealth techniques, and system manipulation commands.CLASSIFIED: FOR AUTHORIZED CYBER OPERATIVES ONLY
EXPLOITS
ATTACK VECTORS
POSSIBILITIES
COMMAND SEARCH SYSTEM
Locate and deploy PowerShell weapons from the arsenal
Get-Acl
Gets the access control list (ACL) for files and folders
Get-Acl [[-Path] <String[]>] [-Filter <String>] [-Include <String[]>] [-Exclude <String[]>] [<CommonParameters>]Get-Acl file.txt Get-Acl C:\Windows | Format-List
Get-ChildItem
Gets items and child items in specified locations
Get-ChildItem [[-Path] <String[]>] [-Recurse] [-Force] [-Hidden] [<CommonParameters>]Get-ChildItem # List current directory Get-ChildItem -Recurse # Recursive listing Get-ChildItem -Hidden # Show hidden files Get-ChildItem -Force # Show all files including system
Get-CimInstance
Gets CIM instances from a CIM server (modern replacement for Get-WmiObject)
Get-CimInstance [-ClassName] <String> [-ComputerName <String[]>] [-Property <String[]>] [<CommonParameters>]Get-CimInstance -ClassName Win32_Process Get-CimInstance -ClassName Win32_Service
Get-Command
Gets information about available commands in PowerShell
Get-Command [[-Name] <String[]>] [[-CommandType] <CommandTypes>] [[-Module] <String[]>] [-Syntax] [<CommonParameters>]Get-Command # List all commands Get-Command *service* # Find service-related commands Get-Command -Verb Get # All commands that "get" things Get-Command -Noun Process # All process-related commands
Get-ComputerInfo
Gets comprehensive system information about the local computer
Get-ComputerInfo [[-Property] <String[]>] [<CommonParameters>]Get-ComputerInfo | Select-Object WindowsProductName, TotalPhysicalMemory, CsProcessors
Get-Content
Gets the content of a file
Get-Content [-Path] <String[]> [-ReadCount <Int64>] [-TotalCount <Int64>] [-Tail <Int32>] [<CommonParameters>]Get-Content file.txt Get-Content file.txt -Tail 10 # Last 10 lines Get-Content file.txt | Select-String "error" # Search for text
Get-ExecutionPolicy
Gets the execution policies for the current session
Get-ExecutionPolicy [[-Scope] <ExecutionPolicyScope>] [-List] [<CommonParameters>]Get-ExecutionPolicy # Current policy Get-ExecutionPolicy -List # All scopes
Get-Help
Gets help information about PowerShell commands and concepts
Get-Help [[-Name] <String>] [[-Category] <String[]>] [-Component <String[]>] [-Functionality <String[]>] [-Role <String[]>] [<CommonParameters>]Get-Help Get-Process # Basic help Get-Help Get-Process -Examples # Show examples Get-Help Get-Process -Detailed # Detailed help Get-Help Get-Process -Full # Complete help Get-Help *process* # Find commands with "process"
Get-NetTCPConnection
Gets information about TCP connections
Get-NetTCPConnection [[-LocalAddress] <String[]>] [[-LocalPort] <UInt16[]>] [[-RemoteAddress] <String[]>] [<CommonParameters>]Get-NetTCPConnection -State Established # Active connections Get-NetTCPConnection -LocalPort 80 # Connections on port 80
Get-Process
Gets information about running processes
Get-Process [[-Name] <String[]>] [-ComputerName <String[]>] [-Module] [<CommonParameters>]Get-Process # All processes
Get-Process -Name "chrome" # Specific process
Get-Process | Where-Object {$_.CPU -gt 100} # High CPU processesGet-Service
Gets information about Windows services
Get-Service [[-Name] <String[]>] [-ComputerName <String[]>] [-DependentServices] [-RequiredServices] [<CommonParameters>]Get-Service # All services
Get-Service -Name "win*" # Services starting with "win"
Get-Service | Where-Object {$_.Status -eq "Running"}Get-WmiObject
Gets Windows Management Instrumentation (WMI) data
Get-WmiObject [-Class] <String> [[-Property] <String[]>] [-ComputerName <String[]>] [<CommonParameters>]Get-WmiObject -Class Win32_OperatingSystem Get-WmiObject -Class Win32_LogicalDisk
Invoke-Expression
Runs commands or expressions on the local computer
Invoke-Expression [-Command] <String> [<CommonParameters>]$command = "Get-Process" Invoke-Expression $command # Or shorter: iex $command
Invoke-WebRequest
Gets content from a web page on the Internet
Invoke-WebRequest [-Uri] <Uri> [-Method <WebRequestMethod>] [-Headers <IDictionary>] [-Body <Object>] [<CommonParameters>]Invoke-WebRequest -Uri "http://example.com" # Shorter alias: iwr http://example.com
Resolve-DnsName
Resolves DNS names to IP addresses and vice versa
Resolve-DnsName [-Name] <String> [[-Type] <RecordType>] [-Server <String[]>] [<CommonParameters>]Resolve-DnsName google.com # Resolve domain Resolve-DnsName 8.8.8.8 # Reverse DNS lookup
Set-Content
Writes content to a file, replacing existing content
Set-Content [-Path] <String[]> [-Value] <Object[]> [-Force] [-Encoding <Encoding>] [<CommonParameters>]Set-Content -Path "file.txt" -Value "New content" "Hello World" | Set-Content -Path "greeting.txt"
Set-ExecutionPolicy
Changes the user preference for PowerShell execution policy
Set-ExecutionPolicy [-ExecutionPolicy] <ExecutionPolicy> [[-Scope] <ExecutionPolicyScope>] [-Force] [<CommonParameters>]Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass Set-ExecutionPolicy RemoteSigned -Force
Stop-Process
Stops one or more running processes
Stop-Process [-Id] <Int32[]> [-Force] [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]Stop-Process -Name "notepad" -WhatIf Stop-Process -Id 1234 -Force
Test-NetConnection
Tests network connectivity to a remote host
Test-NetConnection [[-ComputerName] <String>] [[-Port] <Int32>] [-DiagnoseRouting] [<CommonParameters>]Test-NetConnection google.com # Basic connectivity Test-NetConnection google.com -Port 443 # Test specific port
HIGH-PRIORITY TARGETS
Mission-critical PowerShell commands for immediate deployment in cyber operations
Get-Acl
Gets the access control list (ACL) for files and folders
Get-Acl [[-Path] <String[]>] [-Filter <String>] [-Include <String[]>] [-Exclude <String[]>] [<CommonParameters>]Get-ChildItem
Gets items and child items in specified locations
Get-ChildItem [[-Path] <String[]>] [-Recurse] [-Force] [-Hidden] [<CommonParameters>]Get-CimInstance
Gets CIM instances from a CIM server (modern replacement for Get-WmiObject)
Get-CimInstance [-ClassName] <String> [-ComputerName <String[]>] [-Property <String[]>] [<CommonParameters>]Get-Command
Gets information about available commands in PowerShell
Get-Command [[-Name] <String[]>] [[-CommandType] <CommandTypes>] [[-Module] <String[]>] [-Syntax] [<CommonParameters>]Get-ComputerInfo
Gets comprehensive system information about the local computer
Get-ComputerInfo [[-Property] <String[]>] [<CommonParameters>]Get-Content
Gets the content of a file
Get-Content [-Path] <String[]> [-ReadCount <Int64>] [-TotalCount <Int64>] [-Tail <Int32>] [<CommonParameters>]ATTACK CATEGORIES
Specialized command categories for different phases of cyber operations
Getting Started
Fundamental PowerShell concepts and basics
EXPLOITS
System Information
Commands for gathering system details and computer information
EXPLOITS
Process Management
Managing and monitoring running processes and services
EXPLOITS
Network Operations
Network connectivity, DNS, and connection management
EXPLOITS
File Operations
File system navigation, manipulation, and permissions
EXPLOITS
Security & Policies
Execution policies, security bypasses, and permissions
EXPLOITS
Advanced Techniques
Fileless execution, in-memory operations, and advanced methods
EXPLOITS
Cybersecurity
Practical cybersecurity examples and scenarios
EXPLOITS
READY FOR DEPLOYMENT?
Master these PowerShell weapons through hands-on training modules