Powershell Simplified — Part 1
Windows PowerShell is a Windows command-line shell created to simplify administration of various Microsoft products. Powershell, as the name suggests is a powerful jewellery in windows, which is useful in a variety of ways. Powershell is used by both red teamer as well as blue teamer in cyber security.
In this article, we will be simplifying powershell so that even a person with no knowledge of the utility will start understanding & using powershell in its day-to-day activity. Let us start learning powershell from scratch.
Powershell can be accessed via its command line or by ISE (Integrated scripting engine)
To start with, let’s use command to get details of all drives
We can navigate to any of the drives using dir command
Every command in powershell is always in the following format i.e. Verb-Noun
Now, for discovering any command in powershell, use help * — -*
Once, you get the command, use get-help or help to understand how to use the command.
We can also use Get-command to discover the commands.
If we want to execute script .ps1 file in powershell, we need to change configuration policy in powershell.
Modules in powershell:-
To get list of all modules available use
For getting list of commands which can be used in that module
To obtain all the services in system, use Get-service command.
But there are only 3 columns, there will be more columns than this, there should be required services, dependent services, log on name service uses, etc.
Powershell has some config files which specifies which columns of table should be displayed by default.
In order to get list, use Get-member
Anything listed as property is one of the column name. Each row in the table is considered as object.
We can view the default column name mentioned in default views in PS installation folder
So opening one of the .ps1 file, we can search for the data type name and we can see that views are defined. That view is selected whenever we type the commands.
Powershell checks this file and displays results based on the config file.
Where-object:-
$_ represent one of the table row at a time.
-filterscript will be executed for every single row of table
Remote computing — In order to execute command on remote computer, we can use invoke-command.
We need to enable remoting on the systems where we want to receive remoting connections. Enable-psremoting
One — to –One remoting-
Next topic, will be WMI.
Wmi windows management instrumentation is set of specifications from Microsoft for consolidating the management of devices and applications in network from windows computer systems.
For exploring WMI, use wmiExplorer tool
Left side panel contains namespaces which is helpful in getting class names.
Powershell is also very much useful in running jobs both on local system as well as remotely.
Here, we have run a command of getting security event logs of top 200 on remote system server-r2. Instead of running this command and waiting for the output, we will schedule this as a job so that it will run in the background and can check the job status anytime using Get-job.
To be Continued …
