search

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
https://book.hacktricks.xyz
Other
15.34k stars 3k forks source link

Powershell history bug? #416

Open emizzz opened 4 months ago

emizzz commented 4 months ago

Hi 👋

regarding reading the Powershell history, why filter the results for the string "pa"?

Write-Host "=|| PowerShell Console History"
Write-Host "=|| To see all history, run this command: Get-Content (Get-PSReadlineOption).HistorySavePath"
Write-Host $(Get-Content (Get-PSReadLineOption).HistorySavePath | Select-String pa)

Is this a bug or "pa" stands for "password, "passwd", ... ?

What about using something like this?

$(Get-Content (Get-PSReadLineOption).HistorySavePath  -Tail 10)

Or maybe something that contains more than one keyword (e.g. secret, pass, pwd, ...)?

Thanks 🙏




@RandolphConley

RandolphConley commented 4 months ago

The reason it looks for "pa" is to not rule out the iterations of "password". This of course can generate false positives.