Powershell -build using .NET framework -commands are called ‘cmdlets’ -format of cmdlet is Verb-Noun
Get-Command: list commands Get-Help: get help about a particular cmdlet
Basic Commands: Get-Help ‘Command’-‘Name’ eg Get-Help Get-Command -Examples: lists examples
Get-Command Verb-* or Get-Command -Noun eg. Get-Command New-: list all cmdlets for the verb new
’|’ is used to pass output from one cmdlet to another
location of a file Get-ChildItem -r -Include *
How many cmdlets are installed on the system? Get-Command -CommandType Cmdlet | Measure-Object
Get MD5 hash of file Get-FileHash ‘C:\file.txt’ -Algorithm MD5
currengt working directory Get-Location
Test path Test-Path C:\file.txt
make request to web server Invoke-WebRequest
decode b64.txt
- find file Get-ChildItem -r -Include ‘b64.txt’
- store content of file into a variable encoded)) | write-output
flag: ihopeyoudidthisonwindows
Enumeration
-
How many users are there on the machine? Get-LocalUser
-
get SIDs Get-WmiObject win32_useraccount | Select name,sid
-
users password requirement Get-LocalUser | Where-Object -Property PasswordRequired -Match False
-
how many local groups exist Get-LocalGroup
-
command to get IP address info Get-NetIPAddress
6 & 7. How many ports are listening? and local and remote addresses? Get-NetTCPConnection -State Listen
-
How many patches have been applied? Get-HotFix | Measure-Object
-
Patch id kb4023834 Get-HotFix -ID KB4023834
-
Contents of backup file Get-ChildItem -r -Include “.bak” | Get-Content
-
all files containing API_KEY Get-ChildItem -Recurse | Select-String “API_KEY” -List
-
list all running processes Get-Process
-
path of task scheduled new-sched-task Get-ScheduledTask -Taskname “new-sched-task”
-
Owner of ‘C:’ Get-Acl C:
Basic Scripting Challenge -scripts written using powershell ISE text editor
$variable_name = value
powershell comparisons https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_comparison_operators?view=powershell-7.2&viewFallbackFrom=powershell-6