PowerShell for Pentest- Examples of Commands, Scripts for Pentesters

cyber security webinar
Cyber Security Webinar CISO 2021: The Unveiling of API Security Myths
March 23, 2021
account takeover vulnerability
Run Interface for Account takeover vulnerability fraud detection
April 7, 2021

March 30, 2021

powershell

Over the last decade, Powershell is now used to do everything on a Windows platform and we as pentesters can also utilize it as a powerful post-exploitation “tool/language” that can give us so much power and a very big attack surface/possibility.

It can also be leveraged to run “file-less” malware, which are non-binary files that can’t easily be detected by anti-virus (AV) solutions.

Microsoft has also made PowerShell available for non-Windows platforms using .NET Core. Recently, Offensive Security added PowerShell to Kali Linux.

So, what is PowerShell, let’s begin. Also, this blog is divided in three categories

  • Base-I 
  • Base-II (To be read after Base-I)
  • Conclusion (Users, who are in windows target and have no time to waste)

Powershell is a scripting language, built on a .NET framework. The core of PowerShell is the cmdlets (command – lets), which basically help us with everything in a Windows platform.

Cmdlets are basically the objects in PowerShell.

And we know that objects in programming languages have properties as well as methods.

Same is with the cmdlets.

Each cmdlet has properties and methods.

Basic structure is Verb  + Noun.

Here, Get-Process is a cmdlet. Forget about what it does.

Now remember that you don’t want to memorize any command. Our motto is the concept.

Get-help, the only cmdlet we will learn about.

The only difference between professionals and beginners is that professionals know how to figure out things and beginners just mug out everything. So, guys let’s make a habit of becoming professionals, we too will figure out things when stuck.

BASE-I

Now, just fire up your PowerShell and get started.

What’s the noun you want to search for, think it for a while, then just add get-help in front of it, with wild characters.

Like, I want to list all the processes in the system, maybe “process” is a noun here, let’s do get-help with wildcards.

Get-help *process*

powershell help command

Yeah. I got tons of commands, now just using some basic common sense, it can be found that “get-process” matches the work we want to perform, right ?

But wait let’s verify it .

Get-help get-process

powershell help

Ok this is cool !

So what do we have to do every time ? Just close your eyes and

“Think about something you want to do, then type it and get it.”

Some people like me hate to read those long manual pages, but what we love are some short and concise examples.

Examples are really close to what you want to do and here is how we can achieve it.

Get-help Get-Process -Examples

powershell-Get-help-Get-Process

See, there are enough, they contain basically everything we want to do.

Then, there is one more way to list get-help , this is the most handy and easy to use way.

How about, if we can get a whole help system with examples in one place with just one command.

Here is it,

get-help get-process -showWindow

get-help-command

A nice and beautiful UI will get popped in front of you.

cmdlet

Go to the settings on the top right and select only the things you want to see.

Here, I only want to see examples.

cmdlet

See, it gives us the whole help system in one place. I only want to see examples, though.

cmdlet-get-process-help

Isn’t it awesome ?

PowerShell is very flexible to their users.

BASE-II

The next command I want to show you will list all the commands in the system itself.

Let’s search for it.

Get-help *command*

powershell command list

Here, get-command matches with our desire so I’m going with it.

Get-help Get-command | more

Get-help-powershell

Also, windows is case in-sensitive and more is a useful command for Linux too, right ?

Finally, to list all the commands in system, type the following command

Get-command  | more

powershell-commannd

It will list all the aliases, functions and cmdlets.

Ok, I will show you the cmdlets alone.

Get-command -CommandType cmdlets | more

powershell-cmdlet-help

Here, I have added command type as a parameter, you can always use get-help get-command -full or get-help get-command -show-window to see the full help system of get-command.

Windows gives its users everything they want. And yes, if you just need core commands and don’t want all the tricks, then windows has already given a list of them.

Get-help *command*

powershell-help-command

There are some help files about commands at the bottom.

Get-help about_core_commands

powershell-core-commands

CONCLUSION

Now, maybe you are a Linux user and know nothing about PowerShell and you hate reading. But still, you got a shell in the windows system and now are ready for post-exploitation.

So, here is the list of PowerShell commands collected from various corners of the Internet which could be helpful during penetration tests or red team exercises.

Powershell Commands for Pentesters

I’m sure that this will help you a lot.

For the readers, who want to dive with me in PowerShell, I will be back with scripting, remoting, and some more cool things.

See you in my next blog. Till then, Take care !

Discover more from SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

Subscribe now to keep reading and get access to the full archive.

Continue reading