Windows Powershell @KINGAMIR 1 Agenda for Powershell ▪ PowerShell Basics ▪ PowerShell Operations ▪ Writing your own script ▪ PowerShell Remoting ▪ Powershell for Pentesters 2 What is Powershell?? ▪ Windows PowerShell is a command-line shell and scripting environment that brings the power of the .NET Framework to command-line users and script writers. ▪ It introduces a number of powerful new concepts that enables you to extend the knowledge you have gained and the scripts you have created within the Windows Command Prompt and Windows Script Host environments. 3 Main Features in Powershell ▪ It's not going away any time soon ▪ Most Microsoft products will eventually use it ▪ PowerShell Supports the Full .NET API ▪ PowerShell Can Be Used on Linux 4 Powershell fundamental ▪ Revolutionary interactive shell and scripting language Based on .NET New set of built-in tools (~130) New language to take advantage of .NET An “object-based” pipeline view Can continue to use current tools Can continue to use current instrumentation (COM, ADSI, WMI, ADO, XML, Text, …) 5 Frequently Asked Questions ▪ Do I need to learn .NET before I can use Powershell? No - you can continue to use existing tools ▪ Do I need to rewrite all my existing tools? No - existing tools will run just fine ▪ Do I need to learn the new language? No -You can easily run existing commands without modification Many Unix and DOS commands work… try them… 6 Learning and Documentation ▪ Online help is full of examples ▪ Many books and documentation are available already Microsoft Press – Microsoft Windows PowerShell Step By Step Manning – Windows PowerShell in Action Sams – Windows PowerShell Unleashed Sapien Press – Microsoft Windows PowerShell TechNet - Scripting with Windows PowerShell 7 PowerShell Interface 8 Installation Requirements ▪ Before you install Windows PowerShell, be sure that your system has the software programs that Windows PowerShell requires. Windows PowerShell requires the following programs: • Windows XP Service Pack 2, Windows 2003 Service Pack 1, or later versions of Windows • Microsoft .NET Framework 2.0 ▪ If any version of Windows PowerShell is already installed on the computer, use Add or Remove Programs in Control Panel to uninstall it before installing a new version. 9 PowerShell Versions V2 ▪Windows XP, Windows Server 2003 V3 ▪Windows 7, Windows Server 2008 V4 ▪Windows 7+, Windows Server 2008R2+ V5 ▪Windows 10+, Windows Server 2016+ 10 PowerShell Version2 ▪ Windows XP or later ▪ Windows 2003 or later ▪ .NET Framework 2.0 (min) ▪ .NET Framework 3.5 (opt) 11 PowerShell Version3 ▪ Windows 7 or later ▪ Windows 2008 or later ▪ .NET Framework 4.0 full 12 PowerShell Version4 ▪ Windows 7 or later ▪ Windows 2008R2 or later ▪ .NET Framework 4.5 full 13 PowerShell Version5 ▪ Windows 10 or later ▪ Windows 2016 or later ▪ Windows Management Framework 5.0 14 15 Session 1 PowerShell Basics To begin working… ▪ Commands are built with logic Verb-noun ▪ Pipeline “ | ” ▪ Some good starters Get-Help Get-Command | more Get-Command | sort-object noun | format-table -group noun Get-Alias | more Get-Help stop-service -detailed | more 16 File extensions ▪ PS1 – Windows PowerShell shell script ▪ PSD1 – Windows PowerShell data file (for Version 2) ▪ PSM1 – Windows PowerShell module file (for Version 2) ▪ PS1XML – Windows PowerShell format and type definitions ▪ CLIXML – Windows PowerShell serialized data ▪ PSC1 – Windows PowerShell console file ▪ PSSC – Windows PowerShell Session Configuration file 17 PowerShell Concepts ▪ Module A module is a set of related Windows PowerShell functionalities, grouped together as a convenient unit. ▪ Cmdlet Cmdlet is a lightweight command that is used in the Windows PowerShell environment. ▪ Alias An alias is an alternate name or nickname for a Cmdlet or for a command element, such as a function, script,… 18 Windows PowerShell ▪ Getting Modules Get-Module –ListAvailable ▪ Searching for commands Get-Command -Name *proc* ▪ Using Cmdlet keyword Help online by this keyword – (Cmdlet process) ▪ Using alias Get-Alias -Name dir 19 Windows PowerShell ▪ Command and Parameters ▪ Optional and Required Parameters ▪ Parameters Value ▪ Positional and named Parameters ▪ External Commands 20 Optional and Required Parameters ▪PARAMETERS -ComputerName <string[]> Required? false Position? Named Accept pipeline input? true (ByPropertyName) Parameter set name Id, Name, InputObject Aliases Cn Dynamic? false 21 Optional and Required Parameters ▪-Id <int[]> Required? true Position? Named Accept pipeline input? true (ByPropertyName) Parameter set name IdWithUserName, Id Aliases PID Dynamic? false 22 Parameters Value ▪ Get-Process -Id <int[]> -IncludeUserName [<CommonParameters>] ▪Get-Process [[-Name] <string[]>] -IncludeUserName [<CommonParameters>] 23 Positional and named Parameters ▪ Get-Process [[-Name] <string[]>] [-ComputerName <string[]>] [-Module] [- FileVersionInfo] [<CommonParameters>] ▪ Get-Process explorer,conhost ▪ The Brackets shows that this parameter is positional 24 External Commands ▪ icacls C:\logs /grant Administrator:(D,WDAC) It will not run in PowerShell you must use “” ▪ icacls C:\logs /grant “Administrator:(D,WDAC)” ▪ Icacls --% C:\logs /grant Administrator:(D,WDAC) This will run 25 Pipeline Mastery ▪ Import, Export, and Converting CVS, CLiXML and HTML ▪ Understanding Pipeline Its all about extracting command output to another command in order to produce one line code 26 Import, Export, and Converting ▪ Get-Process | Export-Csv -Path C:\Processes.csv ▪ Get-Process | ConvertTo-Csv | Out-File -FilePath C:\Processes.csv ▪ Get-Process | Export-Clixml -Path D:\Processes.xml After launching some processes like notepad calc we compare processes ▪ Compare-Object -ReferenceObject (Import-Clixml D:\Processes.xml) -DifferenceObject (Get- Process) -Property Name ▪ Get-Service | ConvertTo-Html | Out-File -FilePath C:\Services.html 27 PowerShell Objects ▪ Commands that output to pipeline make objects you can see their property by piping them to Get-Member Get-Process | Get-Member TypeName: System.Diagnostics.Process me MemberType Definition -- ---------- ---------- ndles AliasProperty Handles = Handlecount GetHashCode Method int GetHashCode() M AliasProperty NPM = NonpagedSystemMemorySize64 28 Understanding Pipeline ▪ You can google TypeName to find out what is all property means and show. ▪ $x = "Hello" ▪ $x | Get-Member ▪ Replace Method string Replace ▪ $x.Replace('ll','xx') → Hexxo 29 Core Commands ▪ Selecting Get-Process | Sort-Object -Property ws –Descending | Select-Object -First 10 Get-Process | Sort-Object -Property ws –Descending | Select-Object -First 10 –Property Name ▪ Sorting Get-Process | Sort-Object -Property ws -Descending ▪ Measuring Get-Process | Measure-Object -Property ws -Sum -Average -Maximum -Minimum ▪ Grouping Get-Process | Group-Object -Property Status 30 Passing Command ▪ Get-Everyone | Export-Csv -Path D:\user.csv ▪ import-csv -Path D:\user.csv | New-Aduser -Whatif 31 Formatting output Command ▪ Get-Process | Format-Wide -Property id -Column 8 ▪ Get-Process | Format-List -Property id,cpu ▪ Get-Process | Format-List -Property * ▪ Get-Process | Format-Table -Property * -AutoSize ▪ Formatting must be last in your command 32 Variable & Object & HashTable ▪ Variable Name ▪ Variable Type and Type Adaptation ▪ All Variables are Object ▪ Array ▪ HashTable ▪ Environmental Variables 33 Variable Name ▪ You can use virtually any variable name you choose, names are not case sensitive. ▪ But, there are illegal characters such as; ! @ # % & , . and spaces. PowerShell will throw an error if you use an illegal character. $Microsoft $MicroSoft $microsoft are The Same! ${My English Name is #merlin@} is OK! 34 Variable Type ▪ Powershell variable type is base on .NET Framework. ▪ Common variable is as below: [adsi], [array], [bool], [byte], [char] [datetime], [decimal], [double] [int] or [int32], [long] [single], [scriptblock], [string] [WMI], [WMIclass], [xml] 35 Declaring Variables and Type Adaptation ▪ $a=333 ▪ $b=“66” ▪ $c=SS $a.GetType() $b.GetType().Name $a+$b ; $b+$a ?? $b+$c ; $c+$b ?? $a+$c ; $c+$a ?? 36 All Variables are Object ▪ [int]$Age=22 ▪ $Age.GetType() ▪ $Age GetType().Name ▪ $Age | Get-Member ▪ $Title=“manager” ▪ $Title.length ▪ $Title.CompareTo() 37 HashTable ▪ Defenition of HashTable $states = @{"Washington" = "Olympia"; "Oregon" = "Salem"; California = "Sacramento"} Name Value ---- ----- Washington Olympia Oregon Salem California Sacramento 38 HashTable ▪ Add or remove items in HashTable $states.Add("Alaska", "Fairbanks") $states.Remove("Alaska") $states.Get_Item("Oregon") $states.ContainsKey("Oregon") $states.ContainsValue("Salem") 39 Array ▪ $RainbowColor = "red", "orange", "yellow", "green", "blue", "indigo", "violet" ▪ $a = 3, "apple", 3.1415926, “cat“, 23 ▪ [int[]]$b = 51, 29, 88, 27,50 ▪ $b.SetValue(19, 3) ▪ $b[-1]=888 ▪ $PeopleTable = @{“Merlin Lin" = “3725-3888"; “Linda Chen" = “0800-000-213"…} 40 41 Session 2 PowerShell Operations Powershell Operator ▪ Arithmetic Binary Operators +, -, *, \, %, ++, -- ▪ Assignment Operators =, +=, -=, *=, /=, %= ▪ Logical Operators !, -not, -and, -or ▪ String Operators +, *, -f, -replace, -match, -like ▪ Comparison Operators -eq, -ne, -gt, –ge, -lt, –le 42 Arithmetic Binary Operators ▪ 123+789 ; 222-876 ▪ 34.5*44.2 ; 13/7 ▪ 123%5 ▪ $var++ ; ++$var ➔ $var = $var + 1 ▪ $var-- ; --$var ➔ $var = $var – 1 43 Assignment Operators ▪ $var=3 ▪ $var+=3 ; $var-=3 ▪ $var*=3 ;$var/=3 ; $var%=3 ▪ $var = 0x10 ➔ echo $var ➔ 16 ▪ $var = 7.56e3