1 - Introduction to the Windows Shells

Topics

1. Introduction to the Windows Shells

2. Windows Permissions

3. Reverse Shells in Windows

4. SeImpersonatePrivilege Exploitation

5. On Cross Compilation

6. Windows Services

7. Weak Service Permissions

8. Unquoted Service Path

9. DLL Hijacking

10. Always Install Elevated

11. Files with Sensitive Data

12. Windows Hashes

13. Stored Credentials and the Windows Vault

14. Scheduled Task

15. Critical Registry Paths

16. Useful Tools

17. AMSI Bypass

What is a Shell?

A shell is a command-line interface (CLI) that allows users to interact with the operating system by executing commands. It acts as an intermediary between the user and the system's underlying kernel, enabling tasks such as file manipulation, program execution, and system configuration. Shells are integral to both Unix-based and Windows systems, serving as powerful tools for scripting and automation.

---

CMD.exe

cmdMicrosoftLearn

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd

CMD.exe, commonly referred to as the "Command Prompt," is the default shell for Windows operating systems.

• Key Features:

  • Provides a simple interface for executing system commands.

  • Supports batch scripting via .bat files for automating repetitive tasks.

  • Limited in functionality compared to modern shells but remains lightweight and accessible.

• Common Commands:

  • dir for listing files.

  • ping for network diagnostics.

  • tasklist for viewing running processes.

---

PowerShell

What is PowerShell? - PowerShellMicrosoftLearn

https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4

PowerShell is an advanced scripting and automation framework developed by Microsoft, offering significantly more functionality than CMD.exe.

• Key Features:

  • Object-Oriented: Unlike CMD, PowerShell works with objects rather than plain text, enabling structured and detailed data manipulation.

  • Cmdlets: Includes a rich set of built-in commands (cmdlets) that follow a Verb-Noun naming convention, such as Get-Process and Set-Item.

  • Scripting: Provides a robust scripting language that integrates with .NET, allowing complex scripts and modules.

  • Cross-Platform: Available on Windows, macOS, and Linux through PowerShell Core.

• Common Use Cases:

  • System administration.

  • Active Directory management.

  • Network and security operations.

Differences Between CMD and PowerShell

• CMD’s Role: CMD remains useful for quick, simple tasks and for running legacy batch scripts in environments where PowerShell may not be installed or required.

• PowerShell’s Role: PowerShell is designed for advanced tasks, including automation, system administration, and interaction with APIs. It replaces CMD in modern Windows environments for most administrative tasks.

Feature	CMD (cmd.exe)	PowerShell
Development Era	Legacy (MS-DOS era)	Modern (post-2006)
Syntax	Simple, text-based	Rich, object-oriented
Scripting Files	.bat, .cmd	.ps1
Programming Support	Limited	Extensive
Cross-Platform	No	Yes (PowerShell Core)
Use Cases	Basic tasks	Advanced scripting, automation
Integration	Minimal (file-based)	Deep (Windows, AD, .NET APIs)

Windows Cheatsheet

---

Disclaimer

❗ Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗