Basics Of Powershell For Hackers: Part 2 Diving Deeper
--
Hello Young Fellas I am back with Powershell Journey. So Let’s Get started.
Word of Suggestion:
Refer Part 1 The beginning For better understanding if you haven’t check it out.
Also, Every command is in its simplest form for a better understanding please always check the Get-Help command for better use cases.
A quote for you.
“All our dreams can come true, if we have the courage to pursue them.” — Walt Disney
Firstly we will update our Handy Help Cmdlet
P.S> Update-HelpThis will grab all the latest and greatest examples so that you didn’t have to Google things.
Creating our Own Handy Aliases
Here we created a file a.txt and give some variables to it. Then we created an alias with my own name or variable(object) $Harsh.
Get-Service
This cmdlet will get all the windows services and their state.
P.S> Get-Service
Maybe I wanted to see the status of wmiapsrv but we don’t know the command to use so we use our handy tool Get-Help
P.S> Get-Help Get-Service -Examples
Try To read the entire -Examples section it will greatly help.
P.S> Get-Service "wmi*"This will retrieves services with service name that begins with WMI ( For Windows management instrumentation ).
What is Wmiapsrv?
wmiapsrv.exe is a legitimate process file popularly known as WMI Performance Adapter Service. It is associated with Windows Operating System developed by Microsoft Corporation. … Malware programmers create files with virus scripts and name them after wmiapsrv.exe with an intention to spread virus on the internet.
P.S> Get-Service | Where-Object {$_.status -eq "Running" }This command currently displays the services that are running. It uses get-service cmdlet to get all the service on the computer. Then the pipeline operator passes the result to the Where-Object cmdlet, Which selects property that equals Running.
Restart-Service
Firstly we will check for a service name audiosrv to see if it exist then we will restart that service.
P.S> Restart-Service -Name audiosrv
Manipulating Objects (Select-Object)
One way Of manipulating Objects is pulling out the properties from the output of a cmdlet and creating a new object. This is done using Select-Object.
Example- Assume we want to list all the directories by just selecting the mode and the name.
P.S> Get-ChildItem | Select-Object -Property Mode,Name
Filtering Objects (Where-Object)
When retrieving output, you may need to select objects that match a very specific value. We can do this using the Where-Object to filter based on the value of properties.
P.S> Verb-Noun | Where-Object -Property PropertyName -Operator Value
P.S> Get-Service | Where-Object -Property Status -eq Stopped
Sort-Object
When a cmdlet outputs a lot of information, you may need to sort it to extract the information more efficiently.
P.S> Get-ChildItem | Sort-Object
Finding Files
Assume there is a hiddenfile.txt in my system and you wanted to know the place it is located. This type of command can be really helpful in capture the flag events.
P.S> Get-ChildItem -Path H:\ -Name *hiddenfile.txt* -Recurse
Measure
Assume we wanted to know the exact number of cmdlets installed in my system not functions or aliases then the measure command is useful it gives you an exact number of data.
P.S> Get-Command -Type cmdlet | measure
Hashes Of a file
Suppose we wanna know the MD5 hashes of hiddenfile.txt.txt.txt .
P.S> Get-FileHash hiddenfile.txt.txt.txt -Algorithm Md5 | Format-List
Invoke-Webrequest
Getting content from a web page on the internet. Lets make the simplest of the request.
P.S> Invoke-Webrequest www.google.com
Lets End this Post Here with a Tiny superman. Hope you like the post.
The next part is going to be enumeration based.
