1 - Introduction to the Windows Shells

Topics

Introduction to the Windows Shells
Windows Permissions
Reverse Shells in Windows
SeImpersonatePrivilege Exploitation
On Cross Compilation
Windows Services
Weak Service Permissions
Unquoted Service Path
DLL Hijacking
Always Install Elevated
Files with Sensitive Data
Windows Hashes
Stored Credentials and the Windows Vault
Scheduled Task
Critical Registry Paths
Useful Tools
AMSI Bypass

What is a Shell?

A shell is a command-line interface (CLI) that allows users to interact with the operating system by executing commands. It acts as an intermediary between the user and the system's underlying kernel, enabling tasks such as file manipulation, program execution, and system configuration. Shells are integral to both Unix-based and Windows systems, serving as powerful tools for scripting and automation.

CMD.exe

Key Features:
- Provides a simple interface for executing system commands.
- Supports batch scripting via .bat files for automating repetitive tasks.
- Limited in functionality compared to modern shells but remains lightweight and accessible.
Common Commands:
- dir for listing files.
- ping for network diagnostics.
- tasklist for viewing running processes.

PowerShell

Key Features:
- Object-Oriented: Unlike CMD, PowerShell works with objects rather than plain text, enabling structured and detailed data manipulation.
- Cmdlets: Includes a rich set of built-in commands (cmdlets) that follow a Verb-Noun naming convention, such as Get-Process and Set-Item.
- Scripting: Provides a robust scripting language that integrates with .NET, allowing complex scripts and modules.
- Cross-Platform: Available on Windows, macOS, and Linux through PowerShell Core.
Common Use Cases:
- System administration.
- Active Directory management.
- Network and security operations.

Differences Between CMD and PowerShell

CMD’s Role: CMD remains useful for quick, simple tasks and for running legacy batch scripts in environments where PowerShell may not be installed or required.
PowerShell’s Role: PowerShell is designed for advanced tasks, including automation, system administration, and interaction with APIs. It replaces CMD in modern Windows environments for most administrative tasks.

Feature

CMD (cmd.exe)

PowerShell

Development Era

Legacy (MS-DOS era)

Modern (post-2006)

Syntax

Simple, text-based

Rich, object-oriented

Scripting Files

.bat, .cmd

.ps1

Programming Support

Limited

Extensive

Cross-Platform

Yes (PowerShell Core)

Use Cases

Basic tasks

Advanced scripting, automation

Integration

Minimal (file-based)

Deep (Windows, AD, .NET

APIs)

Disclaimer

❗ Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗

PreviousWindows Privilege Escalation Next2 - Windows Permissions

Last updated 4 months ago

1 - Introduction to the Windows Shells

Topics

Introduction to the Windows Shells
Windows Permissions
Reverse Shells in Windows
SeImpersonatePrivilege Exploitation
On Cross Compilation
Windows Services
Weak Service Permissions
Unquoted Service Path
DLL Hijacking
Always Install Elevated
Files with Sensitive Data
Windows Hashes
Stored Credentials and the Windows Vault
Scheduled Task
Critical Registry Paths
Useful Tools
AMSI Bypass

What is a Shell?

CMD.exe

, commonly referred to as the "Command Prompt," is the default shell for Windows operating systems.

Key Features:
- Provides a simple interface for executing system commands.
- Supports batch scripting via .bat files for automating repetitive tasks.
- Limited in functionality compared to modern shells but remains lightweight and accessible.
Common Commands:
- dir for listing files.
- ping for network diagnostics.
- tasklist for viewing running processes.

PowerShell

is an advanced scripting and automation framework developed by Microsoft, offering significantly more functionality than CMD.exe.

Key Features:
- Object-Oriented: Unlike CMD, PowerShell works with objects rather than plain text, enabling structured and detailed data manipulation.
- Cmdlets: Includes a rich set of built-in commands (cmdlets) that follow a Verb-Noun naming convention, such as Get-Process and Set-Item.
- Scripting: Provides a robust scripting language that integrates with .NET, allowing complex scripts and modules.
- Cross-Platform: Available on Windows, macOS, and Linux through PowerShell Core.
Common Use Cases:
- System administration.
- Active Directory management.
- Network and security operations.

Differences Between CMD and PowerShell

CMD’s Role: CMD remains useful for quick, simple tasks and for running legacy batch scripts in environments where PowerShell may not be installed or required.
PowerShell’s Role: PowerShell is designed for advanced tasks, including automation, system administration, and interaction with APIs. It replaces CMD in modern Windows environments for most administrative tasks.

Feature

CMD (cmd.exe)

PowerShell

Development Era

Legacy (MS-DOS era)

Modern (post-2006)

Syntax

Simple, text-based

Rich, object-oriented

Scripting Files

.bat, .cmd

.ps1

Programming Support

Limited

Extensive

Cross-Platform

Yes (PowerShell Core)

Use Cases

Basic tasks

Advanced scripting, automation

Integration

Minimal (file-based)

Deep (Windows, AD, .NET

APIs)

Disclaimer

❗ Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗

PreviousWindows Privilege Escalation Next2 - Windows Permissions

Last updated 4 months ago