Powershell

A cross-platform automation and configuration tool

Powershell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language. Tasks are generally performed via cmdlets which are specialized .NET classes implementing a particular operation. Cmdlets work in tandem with the .NET API. Powershell is a non-case sensitive language.

Basic Powershell Commands

Get-Help: Displays information about a cmdlet.

Get-Help $CMD 
Get-Help $CMD -Examples # Shows examples

Get-Command: Gets all the cmdlets installed on the current computer. Allows for pattern matching with the [*] symbol.

Get-Alias: Lists all aliases available

Get-Command $PATTERN-*

Get-ChildItem: Gets the items and child items in one of more specified locations.

Get-Content: Retrieves the content of a file and displays it in the console.

Get-ChildItem "*$PATTERN*" -Path C:\ -Recurse -ErrorAction SilentlyContinue
gci $PATTERN | Get-Content
gci $PATTERN | Get-FileHash -Algorithm MD5

New-Item: Creates a new item.

Remove-Item: Removes both directories and files.

Copy-Item: Equivalent to copy, it can copy files and directories alike to a new destination.

New-Item -Path "$PATH" -ItemType "$FILE_OR_DIR"
Remove-Item -Path "$PATH$"
Copy-Item -Path $PATH -Destination $TO_PATH

Get-Location: Gets information about the current working location or a location stack

Set-Location: Sets the current working location to a specified location.

Get-Location
Set-Location -Path "HKLM:\"
Set-Location -Path "Env:\" -PassThru
Set-Location C:

Invoke-WebRequest: Gets content from a web page on the internet.

Invoke-WebRequest -URI $URL
Invoke-WebRequest $URL -OutFile $PATH

Find-Module: Searches for modules in online repositories.

Install-Module: Downloads a module from an online repository and installs it, making it available for use.

Find-Modue -Name "$PATTERN"
Install-Module -Name "$PATTERN"

Useful Commands for Information Gathering

Basic Information:

# Get user information
Get-LocalUser
# Number of users
(Get-LocalUser).Name.Count
# Groups
Get-LocalGroup
# IP Address info
Get-NetIPAddress
# Get listening ports
Get-NetTCPConnection | Where-Object {$_.State eq "Listen"}
# Patches
Get-HotFix
# List running processes
Get-Process
# List scheduled tasks
Get-ScheduledTask

Find users with password required value set to False:

Get-LocalUser | Select-Object * | Where-Object {$_.PasswordRequired -eq “$False”}

Find files with a specified pattern in the content:

gci -Path C:\ -Recurse -ErrorAction SilentlyContinue | Select-String "$PATTERN"

PreviousActive Directory NextEvent Logs

Last updated 1 year ago