🔐
oneforall
  • Welcome
  • ETHICAL HACKING METHODOLOGY / USUAL AND USEFUL TOOLS
    • Reconnaissance
      • Overview
    • Enumeration
      • Scanning
      • Ports
    • Exploitation
    • Post-exploitation
      • Password cracking
      • File transfers
      • Maintaining access
      • Pivoting
      • Cleaning up & Covering tracks
  • Active Directory
    • Basics
    • Attack vectors
      • Network poisoning
      • SMB services
      • LDAP
      • OSINT
    • Post-compromise
      • Enumeration
        • PowerView
        • Bloodhound
      • Attacks
        • Pass the hash / password
        • Token impersonation
        • Kerberoasting
        • GPP / cPassword
        • Mimikatz
  • WEB
    • TOP 10 OWASP
  • WEB SERVER
    • SQL Injection
    • Authentication
    • OS injection
    • CSRF
  • WIRELESS
    • WPA2 PSK
  • FORENSIC
    • Radare2
    • Obtaining Memory Samples
    • Volatility
    • USB forensic
  • EXPLOIT DEVELOPMENT
    • Buffer Overflow
  • SCRIPTING AND PL
    • HTML
    • C basics
    • Python
      • Libraries & hacking usages
    • Bash basics
      • Hacking usages
    • Powershell basics
    • PHP
  • NETWORK SECURITY
    • Network reminders
    • CCNAv7
      • LAN security concepts
      • Switch security configuration
    • Wireshark
  • MISC
    • VIM basics
    • Metasploit Cheatsheet
    • Common ports & protocols
    • Tmux Cheatsheet
    • Linux reminders
  • STEGANOGRAPHY
    • Steganography
  • Privilege Escalation
    • Linux
    • Windows
  • CRYPTO
    • Encryption
    • Hashing
    • RSA
      • Tools
      • Factorisarion
Powered by GitBook
On this page
  • Resources
  • What is PowerShell ?
  • PS version
  • Restriction policy
  • Bypass
  • Set
  • Help system
  • Discoverability
  • The Three Core Cmdlets in PowerShell
  • Get-Help
  • Get-Command
  • Update-Help
  • Learn one command each day :)
  • Discovering objects, properties, and methods
  • Get-Member

Was this helpful?

  1. SCRIPTING AND PL

Powershell basics

PreviousHacking usagesNextPHP

Last updated 4 years ago

Was this helpful?

Resources

What is PowerShell ?

  • Object-based

  • Command family extensible

  • Support command aliases

  • Handles console input and display

  • Has a pipeline

  • Built-in help system

PS version

PS C:\Users\ALEX> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.18362.752
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.18362.752
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Restriction policy

Bypass

Usefull for pentest.

PS C:\Users\ALEX> Get-ExecutionPolicy
Restricted
PS C:\Users\ALEX> powershell -ep bypass
PS C:\Users\ALEX> Get-ExecutionPolicy                                                                                                                                                                                                                     Testez le nouveau système multiplateforme PowerShell https://aka.ms/pscore6                                                                                                                                                                                                         PS C:\Users\ALEX> Get-ExecutionPolicy
Bypass

Set

PS C:\WINDOWS\system32> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Modification de la stratégie d'exécution
La stratégie d’exécution permet de vous prémunir contre les scripts que vous jugez non fiables. En modifiant la
stratégie d’exécution, vous vous exposez aux risques de sécurité décrits dans la rubrique d’aide
about_Execution_Policies à l’adresse https://go.microsoft.com/fwlink/?LinkID=135170. Voulez-vous modifier la stratégie
d’exécution ?
[O] Oui  [T] Oui pour tout  [N] Non  [U] Non pour tout  [S] Suspendre  [?] Aide (la valeur par défaut est « N ») : O
PS C:\WINDOWS\system32> Get-ExecutionPolicy
RemoteSigned

Help system

Discoverability

Compiled commands in PowerShell are called cmdlets. Cmdlets names have the form of singular "Verb-Noun" commands to make them easily discoverable.

Common verbs to use include:

  • Get

  • Start

  • Stop

  • Read

  • Write

  • New

  • Out

For example, the cmdlet for determining what processes are running is Get-Process and the cmdlet for retrieving a list of services and their statuses is Get-Service. There are other types of commands in PowerShell such as aliases and functions. The term PowerShell command is a generic term that's often used to refer to any type of command in PowerShell, regardless of whether or not it's a cmdlet, function, or alias.

The Three Core Cmdlets in PowerShell

Get-Command
Get-Help
Get-Member

Get-Command et Get-Help permettent toutes deux d’identifier les commandes.

Get-Help

Get-Help is a multipurpose command. Get-Help helps you learn how to use commands once you find them. Get-Help can also be used to help locate commands, but in a different and more indirect way when compared to Get-Command.

Get-Help Get-Help
Get-Help -Name Get-Help
Get-Help -Name Get-Help | more        == help Get-Help
Get-Help -?

Get-Help -Name Get-Help -Online
Get-Help -Name Get-Help -Full
Get-Help -Name Get-Help -Examples


help Get-Help -Parameter Name 
help *process*
help about_*
help about_variables # display how to deal with variables

Parameters :

  • Full

  • Detailed

  • Examples

  • Online

  • Parameter

  • ShowWindow

Get-Command

Get-Command is designed to help you locate commands. Running Get-Command without any parameters returns a list of all the commands on your system

Get-Command -Noun Process
Get-Command -Name *service*
Get-Command -Name *service* -CommandType Cmdlet, Function, Alias

Update-Help

Update-Help

Learn one command each day :)

Get-Command | Get-Random | Get-Help -Full

Discovering objects, properties, and methods

Get-Member

Get-Member helps you discover what objects, properties, and methods are available for commands. Any command that produces object-based output can be piped to Get-Member. A property is a characteristic about an item. A method is an action that can be taken on an item.

Properties

Get-Service -Name w32time

Status   Name               DisplayName
------   ----               -----------
Running  w32time            Windows Time

Status, Name, and DisplayName are examples of properties as shown in the previous set of results. 
The value for the Status property is Running, the value for the Name property is w32time, and the value for DisplayName is Windows Time.
Get-Service -Name w32time | Get-Member

TypeName: System.ServiceProcess.ServiceController

Name                      MemberType    Definition
----                      ----------    ----------
Name                      AliasProperty Name = ServiceName
...
Disposed                  Event         System.EventHandler Disposed(System.Object, Sy...
Close                     Method        void Close()
...
CanPauseAndContinue       Property      bool CanPauseAndContinue {get;}
...
ToString                  ScriptMethod  System.Object ToString();

TypeName tells you what type of object was returned. In this example, a System.ServiceProcess.ServiceController object was returned. This is often abbreviated as the portion of the TypeName just after the last period; ServiceController in this example.

Once you know what type of object a command produces, you can use this information to find commands that accept that type of object as input.

Get-Command -ParameterType ServiceController

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Get-Service                                        3.1.0.0    Microsof...
Cmdlet          Restart-Service                                    3.1.0.0    Microsof...
Cmdlet          Resume-Service                                     3.1.0.0    Microsof...
Cmdlet          Set-Service                                        3.1.0.0    Microsof...
Cmdlet          Start-Service                                      3.1.0.0    Microsof...
Cmdlet          Stop-Service                                       3.1.0.0    Microsof...
Cmdlet          Suspend-Service                                    3.1.0.0    Microsof...

There are more properties than are displayed by default. Although these additional properties aren't displayed by default, they can be selected from the pipeline by piping the command to the Select-Object cmdlet and using the Property parameter.

Get-Service -Name w32time | Select-Object -Property *

Name                : w32time
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : True
CanStop             : True
DisplayName         : Windows Time
DependentServices   : {}
MachineName         : .
ServiceName         : w32time
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
StartType           : Manual
Site                :
Container           :

Methods

Methods are an action that can be taken. Use the MemberType parameter to narrow down the results of Get-Member to only show the methods for Get-Service.

What is PowerShell? - PowerShellMicrosoftLearn
Logo