PowerShell Introduction

I wrote this article to show a brief introduction about how to use PowerShell daily. Many professionals work effectively with the command line in Linux, but when they need to do the same in windows I'm not a PowerShell professional, but I'd like to share a little bit of knowledge with the community.

What is PowerShell?

PowerShell is a cross-platform task automation solution consisting of a command-line shell, a scripting language, and a configuration management framework. PowerShell runs on Windows, Linux, and macOS. In addition, it's based on the .Net framework and is tightly integrated with Windows.

• Provides access to almost everything in a Windows platform and Active Directory Environment, which could be helpful for an attacker.
• Provides the capability of running powerful scripts entirely from memory, making it ideal for foothold shells/boxes.
• PowerShell is easy to learn and powerful.

In the link below, you'll find more information about PowerShell.

• English Version
• Portuguese Version

PowerShell System

Let's start talking about the PowerShell Help System and its usability. Many professionals use the command line, but some don’t know how helpful and powerful it can be. On a daily basis when someone forgets what command to use this can be essential to help. This command shows a brief help about cmdlet or topic you wish to understand, it usually comes with various options and filters.

We can user Get-Help, Help, and -?

• Get-Help

• Help

• -?

Please keep in mind the result is the same for the three options. So feel free to use which you think is better.

• Get-Help * ( Lists everything about the help topics )

Get-Help test ?( Lists everything which contains the word process )

• Get-Help process ( Lists everything which contains the word process )

• Get-Help Test-NetConnection ( Lists a simple help about a topic )

• Get-Help Test-NetConnection -Full ( Lists full help about a topic, like parameters, Test-NetConnection cmdlet in this case )

PowerShell Cmdlets

A cmdlet is a lightweight command that is used in the PowerShell environment. The PowerShell runtime invokes these cmdlets within the context of automation scripts that are provided at the command line. The PowerShell runtime also invokes them programmatically through PowerShell APIs.

In the link below, you'll find more information about PowerShell Cmdlets.

• English Version
• Portuguese Version?

We can use the below command for listing all cmdlets

• Get-Command -CommandType cmdlet

Get-Alias * ( Lists all aliases created )

Now I'll list some interesting cmdlets to use on daily basis.

• Get-Process ( lists all process that is running )

I create a while using (get-process / ps) to show CPU consumption every 3 seconds used by the processes.

• While(1) {get-process | sort -des cpu | select -f 15 | ft -a; sleep 3; cls} ( lists the 15 firsts process that is running time each 3 seconds)

3 seconds after new status about the process

• Get-CIMInstance Win32_OperatingSystem | Select FreePhysicalMemory ( lists Memory free )

• Get-ChildItem / ls ( lists all files / folders)

• New-Item -Path 'new_folder' -ItemType Directory ( Creating a folder )

• New-Item -Path '.\new_folder\file.txt' -ItemType File ( Creating a file.txt )

• Select-String ( Used to find a specific string )

• type .\new_folder\file.txt | Select-String "test3" ( In the example below I created a file with 5 lines and strings differents, I read and after I researched by string "test3" inside the file.txt )

• Test-NetConnection -ComputerName hulk -Port 445 ( this substitute telnet command )

• Get-WinEvent -ListLog * ( Get all the logs from a local computer )

• Get-WinEvent -Path 'C:\Windows\System32\Winevt\Logs\System.evtx' -MaxEvents 6 ( Get a specific number of events from an archived event log )

• Get-LocalUser ( Show all users from a local computer )

• Get-LocalGroup ( Show all groups from a local computer )

So this is the first approach to PowerShell and its possibilities. There are several things to use daily. First, PowerShell is essential when you don't have graphic access to the server or workstation. It can be an excellent and powerful tool to use during an incident response, pentest or solve problems. I hope this information is helpful, and I intend to create a part II to discuss more.