🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page

Was this helpful?

  1. Windows Post Exploitation
  2. Notes

Powershell

Basic notes for powershell and its explanations

In Powershell, Get-Help, Get-Command, Get-Alias are the most handful commands to ever exist

Aliases are the shorthand notes for the commandlets, it lets to identify the correct commandlet of the specified alias 

Get-Alias iwr

Provides help of the specified commandlet, if -Examples is specified the usage examples are also provided

Get-Help Get-ChildItem
Get-Help Get-ChildItem -Examples

Lists the available commandlets with the sepecified noun and verb

Get-Command "Get-*"
Get-Command "*-Service"

  • Know the propeties of a command

Get-NetTCPConnection | Get-Member

  • Reference

$_ --> refers to the element which is piped

  • Referncing with conditions

# ? --> alias to where 
# $_ --> refers to the ouptut of the Get-NetTCPConenction
# LocalAddress --> an members of the Get-NetTCPConnection cmdlet
Get-NetTCPConnection | ? {$_.LocalAddress -eq "127.0.0.1"}
Get-NetTCPConnection | Where-Object {$_.LocalAddress -eq "127.0.0.1"}

  • Only select contents whose contents are not empty

# $null --> value of the emptry string in powershell
Get-Process | ? {$_.Path -ne $null } | Select-Object path

  • Head / tail in powershell

# head
Get-Process | Get-Member | Select-Object -First 10
# tail
Get-Process | Get-Member | Select-Object -last 10

  • The gettype() is used to identify the output type from a command

  • Based on the type of output, we can query it accordingly

(whoami).gettype()
(ls).gettype()

  • Once the type is identified, the parameters that support the ouptut of the commandlet can be identified with Get-Member

whoami | Get-Member

  • The methods and properties of the specified commandlet can be accessed with (). operator

# accessing property
(whoami).length

# accessing mehtod
(whoami).ToUpper()

  • The commands can be nested or can be used as a subset with the ()

  • The Format-Table, Format-List, Format-Custom are common ways to show an output

(New-Object -com "Microsoft.Update.AutoUpdate").Results | Format-List

  • The 2>/dev/null equivalent of powershell is -ErrorAction

Get-ChildItem -ErrorAction 'SilentlyContinue'

  • ls -la of powershell Get-ChildItem -Force

PreviousNotesNextCommands

Last updated 2 years ago

Was this helpful?