Powershell: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 10: | Line 10: | ||
= self elevate = | |||
Start-Process PowerShell –Verb RunAs | |||
= check authenticity of process = | |||
<syntaxhighlight lang="powershell"> | <syntaxhighlight lang="powershell"> | ||
PS C:\WINDOWS\system32> (get-process svchost | select-object path).path | Get-AuthenticodeSignature | PS C:\WINDOWS\system32> (get-process svchost | select-object path).path | Get-AuthenticodeSignature | ||
Revision as of 13:56, 21 November 2013
- get-help
- get-command
- get-module
- $PSVersionTable.psversion
- get-history
- get-process | get-member
- Get-Host
- $psversiontable
- Get-ChildItem Env:
self elevate
Start-Process PowerShell –Verb RunAs
check authenticity of process
PS C:\WINDOWS\system32> (get-process svchost | select-object path).path | Get-AuthenticodeSignature
Directory: C:\WINDOWS\system32
SignerCertificate Status Path
----------------- ------ ----
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
#get info about domain
get-addomain