Powershell basics
Resources
What is PowerShell ?
Object-based
Command family extensible
Support command aliases
Handles console input and display
Has a pipeline
Built-in help system
PS version
PS C:\Users\ALEX> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.18362.752
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.752
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1Restriction policy
Bypass
Usefull for pentest.
PS C:\Users\ALEX> Get-ExecutionPolicy
Restricted
PS C:\Users\ALEX> powershell -ep bypass
PS C:\Users\ALEX> Get-ExecutionPolicy Testez le nouveau systĂšme multiplateforme PowerShell https://aka.ms/pscore6 PS C:\Users\ALEX> Get-ExecutionPolicy
BypassSet
PS C:\WINDOWS\system32> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Modification de la stratégie d'exécution
La stratĂ©gie dâexĂ©cution permet de vous prĂ©munir contre les scripts que vous jugez non fiables. En modifiant la
stratĂ©gie dâexĂ©cution, vous vous exposez aux risques de sĂ©curitĂ© dĂ©crits dans la rubrique dâaide
about_Execution_Policies Ă lâadresse https://go.microsoft.com/fwlink/?LinkID=135170. Voulez-vous modifier la stratĂ©gie
dâexĂ©cution ?
[O] Oui [T] Oui pour tout [N] Non [U] Non pour tout [S] Suspendre [?] Aide (la valeur par défaut est « N ») : O
PS C:\WINDOWS\system32> Get-ExecutionPolicy
RemoteSignedHelp system
Discoverability
Compiled commands in PowerShell are called cmdlets. Cmdlets names have the form of singular "Verb-Noun" commands to make them easily discoverable.
Common verbs to use include:
Get
Start
Stop
Read
Write
New
Out
For example, the cmdlet for determining what processes are running is Get-Process and the cmdlet for retrieving a list of services and their statuses is Get-Service. There are other types of commands in PowerShell such as aliases and functions. The term PowerShell command is a generic term that's often used to refer to any type of command in PowerShell, regardless of whether or not it's a cmdlet, function, or alias.
The Three Core Cmdlets in PowerShell
Get-Command
Get-Help
Get-Member Get-Command et Get-Help permettent toutes deux dâidentifier les commandes.
Get-Help
Get-Help is a multipurpose command. Get-Help helps you learn how to use commands once you find them. Get-Help can also be used to help locate commands, but in a different and more indirect way when compared to Get-Command.
Get-Help Get-Help
Get-Help -Name Get-Help
Get-Help -Name Get-Help | more == help Get-Help
Get-Help -?
Get-Help -Name Get-Help -Online
Get-Help -Name Get-Help -Full
Get-Help -Name Get-Help -Examples
help Get-Help -Parameter Name
help *process*
help about_*
help about_variables # display how to deal with variablesParameters :
Full
Detailed
Examples
Online
Parameter
ShowWindow
Get-Command
Get-Command is designed to help you locate commands. Running Get-Command without any parameters returns a list of all the commands on your system
Get-Command -Noun Process
Get-Command -Name *service*
Get-Command -Name *service* -CommandType Cmdlet, Function, AliasUpdate-Help
Update-HelpLearn one command each day :)
Get-Command | Get-Random | Get-Help -FullDiscovering objects, properties, and methods
Get-Member
Get-Member helps you discover what objects, properties, and methods are available for commands. Any command that produces object-based output can be piped to Get-Member. A property is a characteristic about an item. A method is an action that can be taken on an item.
Properties
Get-Service -Name w32time
Status Name DisplayName
------ ---- -----------
Running w32time Windows Time
Status, Name, and DisplayName are examples of properties as shown in the previous set of results.
The value for the Status property is Running, the value for the Name property is w32time, and the value for DisplayName is Windows Time.Get-Service -Name w32time | Get-Member
TypeName: System.ServiceProcess.ServiceController
Name MemberType Definition
---- ---------- ----------
Name AliasProperty Name = ServiceName
...
Disposed Event System.EventHandler Disposed(System.Object, Sy...
Close Method void Close()
...
CanPauseAndContinue Property bool CanPauseAndContinue {get;}
...
ToString ScriptMethod System.Object ToString();TypeName tells you what type of object was returned. In this example, a System.ServiceProcess.ServiceController object was returned. This is often abbreviated as the portion of the TypeName just after the last period; ServiceController in this example.
Once you know what type of object a command produces, you can use this information to find commands that accept that type of object as input.
Get-Command -ParameterType ServiceController
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Get-Service 3.1.0.0 Microsof...
Cmdlet Restart-Service 3.1.0.0 Microsof...
Cmdlet Resume-Service 3.1.0.0 Microsof...
Cmdlet Set-Service 3.1.0.0 Microsof...
Cmdlet Start-Service 3.1.0.0 Microsof...
Cmdlet Stop-Service 3.1.0.0 Microsof...
Cmdlet Suspend-Service 3.1.0.0 Microsof...There are more properties than are displayed by default. Although these additional properties aren't displayed by default, they can be selected from the pipeline by piping the command to the Select-Object cmdlet and using the Property parameter.
Get-Service -Name w32time | Select-Object -Property *
Name : w32time
RequiredServices : {}
CanPauseAndContinue : False
CanShutdown : True
CanStop : True
DisplayName : Windows Time
DependentServices : {}
MachineName : .
ServiceName : w32time
ServicesDependedOn : {}
ServiceHandle : SafeServiceHandle
Status : Running
ServiceType : Win32ShareProcess
StartType : Manual
Site :
Container :Methods
Methods are an action that can be taken. Use the MemberType parameter to narrow down the results of Get-Member to only show the methods for Get-Service.
Last updated
Was this helpful?