mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-30 16:54:00 +01:00
460 B
460 B
Powershell.exe
- Functions: Execute, Read ADS
powershell -ep bypass - < c:\temp:ttt
Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS).
-
Resources:
-
Full path:
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
-
Notes: Thanks to Moriarty - @Moriarty_Meng