powershell

PS for bash converts

elrey741

2 min read
PS for bash converts

PowerShell for bash converts + pentesting goodies

Note for the image... while it isn't directly correlated to the right kind of Windows, it is a peaceful picture. Normally I don't associate peacefulness with powershell, it is normally me fighting with the shell and it normally wins 🤕, so I am trying to use that picture as a reminder to thing of powershell pleasantly 😅

This post is mainly going to be a translation layer for my bash thinking to powershell, and if I run across anything that is useful on pentests

Install

Official docs - https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1

What I do: sudo snap install powershell --classic

Primitives

Primitives - arrays

bash

declare -a arrayz
arrayz=(
  'one'
  'two'
)

powershell ( docs )

$arrayz = @(
  'one',
  'two'
)

Primitives - arrays - practical examples

# lookup multiple hosts on the same domain
#   i.e. if you are trying to get IP addresses for computers on an active directory domain
@( 'google', 'microsoft' ) | %{ nslookup "$_.com" }

Primitives - For Each

bash

for i in one two three ; do
  echo "${i}"
done

read -ra arrz < <(echo one two three )
# or if something is newline delimited
mapfile -t arrz < <(echo one two three | tr ' ' '\n')

for i in "${arrz[@]}" ; do
  echo "${i}"
done

powershell ( docs ) ( thanks to Jared's powershell classes ( and he contributed to most of my powershell knowledge ) )

@('one', 'two', 'three' ) | % { echo $_ }

Package management

Package management - less masochistic

You should still vet these, since there are a lot of them that are community contributed but they are a lot easier to get going IMO: https://chocolatey.org/

Package management - native solution

$ gcm -Module PackageManagement -CommandType cmdlet, function | select name

Pentesting

Remote Commands

# launch a powershell session on a remote computer
.\PsExec64.exe \\<server> -u '<netbios_domain>\<user>' -accepteula -nobanner -i -s powershell.exe

# run a cmd command against a bunch of different remote computers
Invoke-Command -ComputerName <computer00>, <computer01> -ScriptBlock { net localgroup Administrators "<netbios_domain>\<user>" /add }

# run a powershell command against a bunch of different remote computers
Invoke-Command -ComputerName <computer00>, <computer01> -ScriptBlock {Get-ComputerInfo | Select-Object -Property WindowsProductName,WindowsVersion} | Export-CSV ".\WinServer_Info.csv"

Running creds under domain user

Thanks to coworker for this one ( and a lot of my powershell stuff )

# set dns to be the domain controllers
runas /netonly /user:[email protected] powershell

# validate creds against domain
get-addomain -server <domainfqdn>

Sign up for more like this.

Enter your email
Subscribe