Hacking With PowerShell

Learn the basics of PowerShell and PowerShell Scripting

What is Powershell

• windows scripting language
• built using .Net framework, allows for execution .NET functions directly fro shell
• commands are called cmdlets, written in .NET
• output of cmdlets are objects
• naming scheme Verb-Noun, e.g. Get-Command
• use Get-Command to list commands
• commons verbs
  • get, start, stop, red, write, new, out

Basic Powershell Commands

• Get-Command to list commands
  • allows for pattern matching, Get-Command <verb>-* or Get-Command *-<noun>
• Get-Help to display information about a cmdlet
• pass -examples flag to get examples on how to run cmdlet
• object manipulation
  • | to pass output into another cmdlet
  • to see properties and functions of an object Get-Member, e.g. <verb>-<noun> | Get-Member gives members of returned object from cmdlet
    • can filter using -MemberType Method or Properties
  • to create new object from previous cmdlet
    • Select-Object e.g. `Get-ChildItem | Select-Object -Property Mode, Name
• filtering objects
  • Where-Object, <verb>-<noun> | Where-Object -Property <property name> -<operator> <value>
    • where operator can be -containts, -EQ, -GT, full list here https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/where-object?view=powershell-7.3&viewFallbackFrom=powershell-6
  • alternatively to iterate through every object passed by previous cmdlet
    • <verb>-<noun> | Where-Object {$_.PropertyName -<operator> <value>}
• sorting objects
  • Sort-Object, e.g. <verb>-<noun> | Sort-Object
• show more properties in output
  • <verb>-<noun> | Format-List -Property <list of properties or *>

Enumeration

• get users on machine
  • Get-LocalUser
• get groups on machine
  • Get-LocalGroup
• get ip address info
  • Get-NetIPAddress
• list open ports
  • Get-NetTCPConnection
• list applied patches
  • Get-HotFix
• search files containing string
  • Get-ChildItem C:\ -Recurse | Select-String -Pattern <string>
• list all running processes
  • Get-Process
• get path of scheduled task
  • Get-ScheduleTask -TaskName <name of task>
• get owner of file / folder
  • Get-Acl <path>

Basic Scripting Challenge

• using Windows Powershell ISE as editor

Example script to get open ports and compare them to ports in a file

$system_ports = Get-NetTCPConnection -State Listen
$text_port = Get-Content -Path C:\Users\Administrator\Desktop\ports.txt
foreach($port in $text_port){
    if($port -in $system_ports.LocalPort){
        echo $port
    }
}