Powershell basics

Resources

What is PowerShell? - PowerShellMicrosoftLearn

What is PowerShell ?

Object-based
Command family extensible
Support command aliases
Handles console input and display
Has a pipeline
Built-in help system

PS version

PS C:\Users\ALEX> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.18362.752
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.18362.752
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Restriction policy

Bypass

Usefull for pentest.

PS C:\Users\ALEX> Get-ExecutionPolicy
Restricted
PS C:\Users\ALEX> powershell -ep bypass
PS C:\Users\ALEX> Get-ExecutionPolicy                                                                                                                                                                                                                     Testez le nouveau système multiplateforme PowerShell https://aka.ms/pscore6                                                                                                                                                                                                         PS C:\Users\ALEX> Get-ExecutionPolicy
Bypass

Set

PS C:\WINDOWS\system32> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Modification de la stratégie d'exécution
La stratégie d’exécution permet de vous prémunir contre les scripts que vous jugez non fiables. En modifiant la
stratégie d’exécution, vous vous exposez aux risques de sécurité décrits dans la rubrique d’aide
about_Execution_Policies à l’adresse https://go.microsoft.com/fwlink/?LinkID=135170. Voulez-vous modifier la stratégie
d’exécution ?
[O] Oui  [T] Oui pour tout  [N] Non  [U] Non pour tout  [S] Suspendre  [?] Aide (la valeur par défaut est « N ») : O
PS C:\WINDOWS\system32> Get-ExecutionPolicy
RemoteSigned

Help system

Discoverability

Compiled commands in PowerShell are called cmdlets. Cmdlets names have the form of singular "Verb-Noun" commands to make them easily discoverable.

Common verbs to use include:

Get
Start
Stop
Read
Write
New
Out

For example, the cmdlet for determining what processes are running is Get-Process and the cmdlet for retrieving a list of services and their statuses is Get-Service. There are other types of commands in PowerShell such as aliases and functions. The term PowerShell command is a generic term that's often used to refer to any type of command in PowerShell, regardless of whether or not it's a cmdlet, function, or alias.

The Three Core Cmdlets in PowerShell

Get-Command
Get-Help
Get-Member

Get-Command et Get-Help permettent toutes deux d’identifier les commandes.

Get-Help

Get-Help is a multipurpose command. Get-Help helps you learn how to use commands once you find them. Get-Help can also be used to help locate commands, but in a different and more indirect way when compared to Get-Command.

Get-Help Get-Help
Get-Help -Name Get-Help
Get-Help -Name Get-Help | more        == help Get-Help
Get-Help -?

Get-Help -Name Get-Help -Online
Get-Help -Name Get-Help -Full
Get-Help -Name Get-Help -Examples


help Get-Help -Parameter Name 
help *process*
help about_*
help about_variables # display how to deal with variables

Parameters :

Full
Detailed
Examples
Online
Parameter
ShowWindow

Get-Command

Get-Command is designed to help you locate commands. Running Get-Command without any parameters returns a list of all the commands on your system

Get-Command -Noun Process
Get-Command -Name *service*
Get-Command -Name *service* -CommandType Cmdlet, Function, Alias

Update-Help

Update-Help

Learn one command each day :)

Get-Command | Get-Random | Get-Help -Full

Discovering objects, properties, and methods

Get-Member

Get-Member helps you discover what objects, properties, and methods are available for commands. Any command that produces object-based output can be piped to Get-Member. A property is a characteristic about an item. A method is an action that can be taken on an item.

Properties

Get-Service -Name w32time

Status   Name               DisplayName
------   ----               -----------
Running  w32time            Windows Time

Status, Name, and DisplayName are examples of properties as shown in the previous set of results. 
The value for the Status property is Running, the value for the Name property is w32time, and the value for DisplayName is Windows Time.

Get-Service -Name w32time | Get-Member

TypeName: System.ServiceProcess.ServiceController

Name                      MemberType    Definition
----                      ----------    ----------
Name                      AliasProperty Name = ServiceName
...
Disposed                  Event         System.EventHandler Disposed(System.Object, Sy...
Close                     Method        void Close()
...
CanPauseAndContinue       Property      bool CanPauseAndContinue {get;}
...
ToString                  ScriptMethod  System.Object ToString();

TypeName tells you what type of object was returned. In this example, a System.ServiceProcess.ServiceController object was returned. This is often abbreviated as the portion of the TypeName just after the last period; ServiceController in this example.

Once you know what type of object a command produces, you can use this information to find commands that accept that type of object as input.

Get-Command -ParameterType ServiceController

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Get-Service                                        3.1.0.0    Microsof...
Cmdlet          Restart-Service                                    3.1.0.0    Microsof...
Cmdlet          Resume-Service                                     3.1.0.0    Microsof...
Cmdlet          Set-Service                                        3.1.0.0    Microsof...
Cmdlet          Start-Service                                      3.1.0.0    Microsof...
Cmdlet          Stop-Service                                       3.1.0.0    Microsof...
Cmdlet          Suspend-Service                                    3.1.0.0    Microsof...

There are more properties than are displayed by default. Although these additional properties aren't displayed by default, they can be selected from the pipeline by piping the command to the Select-Object cmdlet and using the Property parameter.

Get-Service -Name w32time | Select-Object -Property *

Name                : w32time
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : True
CanStop             : True
DisplayName         : Windows Time
DependentServices   : {}
MachineName         : .
ServiceName         : w32time
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
StartType           : Manual
Site                :
Container           :

Methods

Methods are an action that can be taken. Use the MemberType parameter to narrow down the results of Get-Member to only show the methods for Get-Service.

PreviousHacking usages NextPHP

Last updated 5 years ago

Was this helpful?