Powershell Profiles

When PowerShell is executed, it looks of for these special settings stored in profiles. We can modify these profiles to execute arbitrary commands, in which we will abuse this for persistence.

Note that we may be able to escalate privileges this way if our profile is loaded and executed by an account with higher privileges.

With PowerShell Profiles, we are able customize who the profile applies to and host computers on the local computer.

Locations of these profiles are in:

We can issue the following command to find profiles

$PROFILE | select *

To abuse this for persistence, simply issue the command:

echo c:\executable > $PROFILE

Last updated