PS for bash converts

PS for bash converts

PowerShell for bash converts + pentesting goodies

Note for the image... while it isn't directly correlated to the right kind of Windows, it is a peaceful picture. Normally I don't associate peacefulness with powershell, it is normally me fighting with the shell and it normally wins πŸ€•, so I am trying to use that picture as a reminder to thing of powershell pleasantly πŸ˜…

This post is mainly going to be a translation layer for my bash thinking to powershell, and if I run across anything that is useful on pentests


Official docs -

What I do: sudo snap install powershell --classic


Primitives - arrays


declare -a arrayz

powershell ( docs )

$arrayz = @(

Primitives - arrays - practical examples

# lookup multiple hosts on the same domain
#   i.e. if you are trying to get IP addresses for computers on an active directory domain
@( 'google', 'microsoft' ) | %{ nslookup "$" }

Primitives - For Each


for i in one two three ; do
  echo "${i}"

read -ra arrz < <(echo one two three )
# or if something is newline delimited
mapfile -t arrz < <(echo one two three | tr ' ' '\n')

for i in "${arrz[@]}" ; do
  echo "${i}"

powershell ( docs ) ( thanks to Jared's powershell classes ( and he contributed to most of my powershell knowledge ) )

@('one', 'two', 'three' ) | % { echo $_ }

Package management

Package management - less masochistic

You should still vet these, since there are a lot of them that are community contributed but they are a lot easier to get going IMO:

Package management - native solution

$ gcm -Module PackageManagement -CommandType cmdlet, function | select name


Remote Commands

# launch a powershell session on a remote computer
.\PsExec64.exe \\<server> -u '<netbios_domain>\<user>' -accepteula -nobanner -i -s powershell.exe

# run a cmd command against a bunch of different remote computers
Invoke-Command -ComputerName <computer00>, <computer01> -ScriptBlock { net localgroup Administrators "<netbios_domain>\<user>" /add }

# run a powershell command against a bunch of different remote computers
Invoke-Command -ComputerName <computer00>, <computer01> -ScriptBlock {Get-ComputerInfo | Select-Object -Property WindowsProductName,WindowsVersion} | Export-CSV ".\WinServer_Info.csv"

Running creds under domain user

Thanks to coworker for this one ( and a lot of my powershell stuff )

# set dns to be the domain controllers
runas /netonly /user:[email protected] powershell

# validate creds against domain
get-addomain -server <domainfqdn>