# Disboard #
  • Reconnaissance
    • Quick Guide
    • Ports and Protocols
    • Passive Reconnaissance
    • Active Reconnaissance
  • Web
    • OWASP Top 10
    • OWASP API
    • SQL Injection
      • Microsoft SQL Injection
    • Cross Site Scripting
    • Browser Vulnerabilities
    • Steganography
    • Fuzzing
  • Linux
    • Privilege Escalation
    • Hydra
    • Password Cracking
    • Docker
    • Program Life Cycle
    • Snort
  • Windows
    • Privilege Escalation
    • Active Directory
    • Powershell
  • Exploitation
    • Shells
      • Upgrading Shells
    • Metasploit
      • Meterpreter
    • KOTH
    • Source Code Review
  • Hack the Box
    • ARCHETYPE
    • BASE
    • BASHED
    • EXPLORE
    • NIBBLES
  • Try Hack Me
    • ADVENTURE TIME
    • HACKFINITY
    • MOTHER'S SECRET
    • OFFSEC
    • POSTEXPLOIT
    • ROASTED
    • TEMPEST
    • TRAVERSE
  • CompTIA
    • Network
      • 1.0 Networking Fundamentals
      • 2.0 Network Implementations
      • 3.0 Network Operations
      • 4.0 Network Security
      • 5.0 Network Troubleshooting
    • PenTest
  • SIEM
    • Splunk
    • Elastic
  • Wireless
    • Wi-Fi Hacking
  • Other
    • PicoCTF
    • SSH Tunneling
    • Life Hacks
    • My Pokémon API
    • Github
Powered by GitBook
On this page
  • Basic Powershell Commands
  • Useful Commands for Information Gathering
  1. Windows

Powershell

A cross-platform automation and configuration tool

PreviousActive DirectoryNextShells

Last updated 5 months ago

Powershell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language. Tasks are generally performed via cmdlets which are specialized .NET classes implementing a particular operation. Cmdlets work in tandem with the .NET API. Powershell is a non-case sensitive language.

Basic Powershell Commands

Get-Help: Displays information about a cmdlet. 

Get-Help $CMD 
Get-Help $CMD -Examples # Shows examples

Get-Command: Gets all the cmdlets installed on the current computer. Allows for pattern matching with the [*] symbol.

Get-Alias: Lists all aliases available

Get-Command $PATTERN-*

Get-ChildItem: Gets the items and child items in one of more specified locations.

Get-Content: Retrieves the content of a file and displays it in the console.

Get-ChildItem "*$PATTERN*" -Path C:\ -Recurse -ErrorAction SilentlyContinue
gci $PATTERN | Get-Content
gci $PATTERN | Get-FileHash -Algorithm MD5

New-Item: Creates a new item.

Remove-Item: Removes both directories and files.

Copy-Item: Equivalent to copy, it can copy files and directories alike to a new destination.

New-Item -Path "$PATH" -ItemType "$FILE_OR_DIR"
Remove-Item -Path "$PATH$"
Copy-Item -Path $PATH -Destination $TO_PATH

Get-Location: Gets information about the current working location or a location stack

Set-Location: Sets the current working location to a specified location.

Get-Location
Set-Location -Path "HKLM:\"
Set-Location -Path "Env:\" -PassThru
Set-Location C:

Invoke-WebRequest: Gets content from a web page on the internet.

Invoke-WebRequest -URI $URL
Invoke-WebRequest $URL -OutFile $PATH

Find-Module: Searches for modules in online repositories.

Install-Module: Downloads a module from an online repository and installs it, making it available for use.

Find-Modue -Name "$PATTERN"
Install-Module -Name "$PATTERN"

Useful Commands for Information Gathering

Basic Information:

# Get user information
Get-LocalUser
# Number of users
(Get-LocalUser).Name.Count
# Groups
Get-LocalGroup
# IP Address info
Get-NetIPAddress
# Get listening ports
Get-NetTCPConnection | Where-Object {$_.State eq "Listen"}
# Patches
Get-HotFix
# List running processes
Get-Process
# List scheduled tasks
Get-ScheduledTask

Find users with password required value set to False:

Get-LocalUser | Select-Object * | Where-Object {$_.PasswordRequired -eq “$False”}

Find files with a specified pattern in the content:

gci -Path C:\ -Recurse -ErrorAction SilentlyContinue | Select-String "$PATTERN"