logo

Windows information security basics

Powershell

Easy
15 min

What is Powershell?

PowerShell is a command-line scripting language and command prompt developed by Microsoft, designed specifically for system management and automation. It combines command execution, scripting, and configuration management into a versatile tool.

PowerShell is built on the .NET Framework, which means that it supports .NET libraries. In practice, this means that if you happen to be familiar with, for example, the C# programming language, you can use familiar classes and functions (.NET modules) in PowerShell.

Running Powershell

You can find PowerShell by typing "powershell" into the search field that you can access through the Windows button. Do not choose the top, black "PowerShell 7" but select the blue "Windows PowerShell".

Basics of PowerShell

cmdlets

The basic components of PowerShell are cmdlets (pronounced "command-lets"), which are small commands used to perform specific tasks. For example, the Get-Command cmdlet lists all available cmdlets, and Get-Help provides instructions for using a cmdlet.

Powershell has aliases

The previous example of the Get-Process command can also be executed using its alias ps.

You can find out the aliases of the command using the Get-Help command.

Get-Help cmdlet

When you want help with a cmdlet, you can use the Get-Help cmdlet.

Scripting and Powershell ISE

PowerShell allows writing scripts that are a set of cmdlets and other commands run in order. Scripts are saved in files with a .ps1 extension.

It is convenient to write and test scripts in Powershell ISE editor.

Pipelines

In PowerShell, you can send the output of one cmdlet to another cmdlet using a pipe (|), enabling the construction of complex command sequences with simple components.

For example, the previous example where processes were searched could be piped to the Where-Object cmdlet, which can filter the objects returned by the previous command based on their attribute value. This way, only the processes currently using over 10% of the CPU could be listed.

Get-Process | Where-Object {$_.CPU -gt 10}

Powershell retrieves objects

Get-Process is a cmdlet that lists processes. The output looks similar to the output of the "ps" command in the Unix world.

However, there is a fundamental difference between Unix and PowerShell commands in cybersecurity: PowerShell returns objects, not text. The objects are simply formatted as text. The type of object can be seen with the Get-Member cmdlet.

Tasks

Windows practice

The lab takes a couple of minutes to start up, please wait patiently and add more time if needed. You don't need to close the lab between switching modules in this course. You can log in to the server via RDP with the username "EVILCORP\john.doe"and the password "Letmein123!"

Find out the version of Windows operating system

You can find out the version with this PowerShell command:

(Get-CimInstance -ClassName Win32_OperatingSystem).Version

Operating system version

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.