As you already know Power Shell for Hackers I firmly consider that to be a real professional hacker, you need to be proficient in Linux. There are some accurate motives for this.

maximum hacking tools are advanced in Linux (well over ninety percent).

Linux gives us more granularity Power Shell for Hackers:

The terminal in Linux offers us entire control over the running machine, in contrast to cmd.exe in home windows which has the simplest constrained talents Power Shell for Hackers.

most importantly, Linux is open supply and obvious. that means that we are able to really see the supply code and control the working system to a much greater degree than the closed source and opaque home windows working machine Power Shell for Hackers.

In current years, Microsoft seems Power Shell for Hackers:

“gotten faith” is in terms of the benefit of the command line and terminal in Linux. They now seem to understand the strengths and blessings of the command line, and as a reaction, added the home windows Power Shell for Hackers.

Microsoft had recognized the constraints of their cmd.exe as early as the Nineteen Nineties and tried to treat it with a gaggle a workarounds. In 2002, Microsoft launched a whitepaper on a product that was below development called MONAD, or Microsoft Shell. sooner or later, home windows PowerShell become released as an add-on in 2007 and home windows PowerShell 2.zero changed into absolutely included in windows 7 and windows Server 2008 and all home windows operating systems due to the fact that Power Shell for Hackers.

 

home windows Power Shell for Hackers borrows a whole lot from the Linux surroundings consisting:

many Linux commands. it’s also the ability to pipe instructions and link instructions right into a script With PowerShell functionality, windows become a more powerful hacking platform, but till Microsoft makes its supply code open supply (do not keep your breath), Linux will nevertheless be the working gadget of choice for hackers Power Shell for Hackers.

 

on the other hand, PowerShell at the target home windows device may be used to make the most or compromise it. as an instance, test out my education on the use of PowerSploit or Metasploit’s web shipping towards windows systems. both of them make use of the power of PowerShell on Power Shell for Hackers the sufferer’s device. for example, those PowerShell instructions had been used in the PowerSploit exploit;

My factor is truly this, Powershell is an amazing tool for home windows directors, but provides one extra attack vector for the hacker. As an end result, you need to grow to be acquainted with it.

 

one of the key differences between home windows PowerShell and the BASH shell in Linux is that Microsoft has evolved cmdlets (command-lets) for PowerShell. The cmdlets are basically single instructions that accomplish every so often greater complex task, similar to capabilities. those cmdlets take the form of verb-noun, together with “get-assist”.

Many device directors and customers are unaware that beneath that familiar windows, GUI lurks an effective tool and engine for manipulating home windows. you could get to it by way of typing “PowerShell” into the hunt window on the begin or windows button and click on “PowerShell”.

when it opens, you must get a display screen that seems like this Power Shell for Hackers.

 

once we have the PowerShell terminal open, the first factor we want to explore is how we get help. PowerShell has a cmdlet known as–unsurprisingly– “get-assist”.

when we kind “get help”, we acquire the help screen like that above. Microsoft has aliased this cmdlet in order that “help” and the Linux command “guy” accomplish the same element (for a list of commonplace aliases Power Shell for Hackers.

 

As you don’t forget from Linux, you may see the manual web page for any command in Linux, by way of previous the command with the key-word “man”. Likewise, in home windows PowerShell, you may use “get-assist” followed by way of the cmdlet to see the guide web page. allow’s get the manual web page for a cmdlet named “Write-Output”.

you could see above that Power Shell returns a guide page for the cmdlet, “Write-Output”. As I mentioned above, “guy” and “help” will each pull up the same context-touchy data Power Shell for Hackers.

 

Run the equal commands as Linux Power Shell for Hackers:

Microsoft, spotting that Linux device administrators are more conversant in running from the command line and to inspire them to adopt and use the PowerShell, they aliased among the most not unusual Linux commands into Power Shell for Hackers.

 

some of the Linux instructions which can be available in Power Shell for Hackers include but are not restricted to the following.

 

The list below consists of among the maximum commonly used cmdlets and their aliases from cmd.exe and Linux/UNIX.

normally, these PowerShell cmd-we could will appear a chunk clunkier than the Linux or the aliased commands. for instance, the “dir” command from the cmd.exe or the “ls” command from Linux, is “Get-Childitem” in PowerShell. a bit inelegant, so I usually use “ls”.

 

 

Use the incorporated Scripting surroundings To create a script in PowerShell, similar to Linux, you could use Notepad or another textual content editor together with Notepad++. in addition, PowerShell comes with an integrated Scripting Environment (ISE) that we are able to use Power Shell for Hackers.

 

there are various methods to get into the ISE, but possibly the handiest is to go to the “seek” window and kind “Powershell”. you’ll see that similar to the PowerShell environment, you may pick out the PowerShell ISE.

 

this may open the PowerShell ISE like that under Power Shell for Hackers.

 

Step 6: hi there Hackers-stand up Power Shell for Hackers.

when starting out in ANY programming language, it’s requisite to write the ubiquitous “good day international” application. we’re going to deviate barely from that course and we are able to create our own “hiya Hackers-arise” script here.

With the ISE open, we can kind Power Shell for Hackers:

 

Write-Output “good day Hackers-get up Power Shell for Hackers much like within the Linux terminal, we enclose the string “whats up the world” in double quotation marks to signify that we want the string literals to be output (which means we want those human language phrases and now not laptop instructions) Power Shell for Hackers.

 

we will then click on the green execute button to run our script and the output will appear on the center display as seen above.

 

 

we are able to then shop this script with the aid of going to the record menu and deciding on a shop. when you accomplish that, it’s going to spark off you for a document call and then shop it as .ps1 file extension Power Shell for Hackers.
what’s Powershell and the way does it really works
fundamental Powershell commands
windows enumeration with Powershell
Powershell scripting

you could manipulate the machine to your browser or RDP into the example with the following credentials Power Shell for Hackers:

Username: Administrator Power Shell for Hackers, Password: BHN2UVw0Q

Please note that this machine no longer responds to ping (ICMP) and may take a couple of minutes as well up.

Powershell is the home windows Scripting Language and shell environment this is built Power Shell for Hackers.

This additionally lets Powershell execute .net features immediately from its shell. most Powershell commands, known as cmdlets, are written in .net. unlike different scripting languages and shell environments, the output of those cmdlets is gadgets — making Powershell particularly item-orientated.

This additional method that strolling cmdlets permits you to carry out movements on the output item(which makes it handy to skip output from one cmdlet to every other). The ordinary layout of a cmdlet has represented the use of Verb-Noun; as an example, the cmdlet to list commands is called Get-Command Power Shell for Hackers.

not unusual verbs to use include Power Shell for Hackers:

primary PowerShell instructions :
Now that we’ve understood how cmdlets work — allow’s discover the way to use them! the principle element to recollect here is that Get-Command and Get-assist are your best friends!

the use of Get-help Power Shell for Hackers

Get-assist shows statistics approximately a cmdlet. To get assistance with a specific command, run the following:

Get-help Command-call Power Shell for Hackers

you can additionally understand how exactly to use the command by passing within the -examples flag. this would go back to output like the following:

the use of Get-Command

Get-Command receives all of the cmdlets hooked up at the present day laptop. The wonderful aspect about this cmdlet is that it lets in for sample matching like the following

Get-Command Verb-* or Get-Command *-Noun Power Shell for Hackers

running Get-Command New-* to view all of the cmdlets for the verb new shows the following Power Shell for Hackers:

item Manipulation

in the preceding task, we noticed how the output of each cmdlet is an object. If we need to sincerely manage the output, we need to determine some matters:

passing the output to different cmdlets
the usage of unique object cmdlets to extract records
The Pipeline(|) is used to skip output from one cmdlet to another. a prime distinction in comparison to different shells is that as opposed to passing text or string to the command after the pipe, PowerShell passes an object to the subsequent cmdlet. Like every item in object-oriented frameworks, an object will comprise strategies and houses. you could consider techniques as capabilities that can be applied to output from the cmdlet and you may consider residences as variables in the output from a cmdlet. To view this info, skip the output of a cmdlet to the Get-Member cmdlet.

Verb-Noun | Get-Member

An instance of strolling this to view the individuals for Get-Command is:

Get-Command | Get-Member -MemberType technique Power Shell for Hackers

From the above flag within the command, you could see that you can also pick out between techniques and residences.

growing items From previous cmdlets Power Shell for Hackers:

One way of manipulating objects is pulling out the residences from the output of a cmdlet and creating a brand-new item. this is executed with the use of the pick-object cmdlet.

right here’s an example of listing the directories and just selecting the mode and the call Power Shell for Hackers

you can additionally use the following flags to select specific statistics Power Shell for Hackers:

first — receives the first x object
final — receives the closing x item
particular — suggests the specific items
pass — skips x items
Filtering objects

whilst retrieving output gadgets, you could need to pick out items that suit a completely specific price. you may do that the use of the wherein-object to filter out primarily based at the fee of properties.

the overall layout of the usage of this cmdlet is Power Shell for Hackers.

Verb-Noun | in which-item -assets PropertyName -operator cost

Verb-Noun | wherein-item {$_.PropertyName -operator fee}

the second version makes use of the $_ operator to iterate through every item surpassed to the in which-item cmdlet.

Powershell is pretty touchy so make certain you don’t position costs across the command!

wherein -the operator is a listing of the following operators:

-incorporates: if any object inside the property cost is an exact suit for the specified cost
-EQ: If the value of the belongings is the same as the desired cost
-GT: if the value of the belongings is greater than the specified price
For a complete list of operators, use this hyperlink.

here’s an example of checking the stopped tactics:

while a cmdlet outputs quite a little information, you can want to sort it to extract the information more efficiently. You do this with the aid of pipelining the output of a cmdlet to the sort-object cmdlet.

The format of the command could be Power Shell for Hackers:

Now that you’ve understood the basics of the way Powershell works, allow striving some commands to use this expertise!

answeres and explanation
what is location of the report “interesting-record.txt”

get-child item c: -consist of *thrilling-record.txt* -record -recurse -erroraction silentlycontinue
Specify the contents of this document

Get-content material -route “C: software Filesinteresting-document.txt.txt”
how many cmdlets are installed on the device(best cmdlets, now not functions and aliases)?

get-command | in which-item -property command type cmdlet | measure
Get the MD5 hash of thrilling-report.txt

Get-FileHash -direction “C: application Filesinteresting-record.txt.txt” -set of rules MD5
what is the command to get the modern working listing?

Get-location
Does the course “C: UsersAdministratorDocumentsPasswords” Exist(Y/N)?

Get-area -path “C: UsersAdministratorDocumentsPasswords”
# if we get any error, method that path does no longer exist
What command would you operate to make a request to a web server?

Invoke-WebRequest Power Shell for Hackers:

Base64 decodes the record b64.txt on windows.

certutil -decode “C:UsersAdministratorDesktopb64.txt” output.txt
get-content material output.txt

the first step if you have gained preliminary get entry to any machine would be to enumerate. We’ll be enumerating the following:

customers basic networking records document permissions registry permissions scheduled and running responsibilities insecure documents Your project could be to reply to the following questions to enumerate the machine the use of Powershell commands!

how many users are there on Power Shell for Hackers the machine?

how many users have their password required values set to fake?

Get-LocalUser | wherein-item -property PasswordRequired -in shape fake
how many nearby corporations exist?

Get-LocalGroup | degree
What command did you use to get the IP deal with info?

Get-NetIPAddress
how many ports are indexed as listening?

GET-NetTCPConnection | in which-item -property kingdom -healthy concentrate | degree
what is the remote address of the nearby port listening on port 445?

GEt-NetTCPConnection | in which-object -property nation -suit concentrate

how many patches have been applied?

Get-Hotfix | measure
# beneficial to locate kernel exploit for home windows system
while changed into the patch with identity KB4023834 set up?

discover the contents of a backup record.

Get-ChildItem -route C: -encompass *.bak* -file -Recurse -ErrorAction SilentlyContinue
# now you may get the location of the record; nwo view it
Get-content material “C:application files (x86)net Explorerpasswords.bak.txt”
Search for all documents containing API_KEY

Get-ChildItem C:* -Recurse | pick-String -sample API_KEY
What command do you do to list all of the strolling strategies?

Get-system
what is the direction of the scheduled mission called new-sched-undertaking?

Now that we’ve run PowerShell instructions Power Shell for Hackers:

permits certainly to try to write and run a script to do greater complicated and effective actions For this ask, we’ll be using PowerShell ISE(which is the Powershell textual content Editor). to show an instance of this script, which permits the use of a particular situation. Given a list of port numbers, we want to use this listing to look if the neighborhood port is listening. Open the listening-ports.ps1 script on the computer with the usage of Powershell ISE. Powershell scripts usually have the .ps1 document extension Power Shell for Hackers.

On the primary line, we need to get a list of all of the ports at the system which might be listening. We do this the usage of the Get-NetTCPConnection cmdlet. we are then saving the output of this cmdlet right into a variable. The conference to create variables is used as:

$variable_name = fee
On the next line, we need to read a listing of ports from the record. We do this using the Get-content cmdlet. once more, we save this output within the variables. The handiest next step is to iterate thru all of the ports within the file to peer if the ports are listening. To iterate thru the ports inside the report, we use the following

This precise code block is used to loop thru a hard and fast of objects. once we have every individual port, we need to check if this port occurs in the listening neighborhood ports. rather than doing any other for loop, we simply use and if declaration with the -in operator to test if the port exists in the LocalPort property of any item. A full list of if statement contrast operators can be discovered right here. To run the script, just call the script route the use of Powershell or click on the inexperienced button on Powershell ISE Power Shell for Hackers:

Now that we’ve visible what a fundamental script looks like — it’s time to write one of your own. The emails folder at the laptop carries copies of the emails John, Martha, and Mary were sent to every different(and themselves). the solution to the subsequent questions as regards these emails(strive now not to open the files and use a script to reply to the questions) is Power Shell for Hackers.

Now that you’ve found out a bit bit about Power Shell for Hackers:

how scripting works — let’s strive for something a bit more interesting. from time to time we may not have utilities like Nmap and python to be had, and we are compelled to write down scripts to do very rudimentary responsibilities. Why don’t you strive to write a simple port scanner with the usage of Power Shell for Hackers right here’s the general method to apply:

decide IP stages to experiment(in this example it is going to be localhost) and you could provide the enter in any way you want
determine the port ranges to scan
decide the form of test to run(in this case it is going to be a simple TCP join test)
we can run this script via either opening the Power Shell for Hackers’ surroundings strolling hi there Hackers-rise up.ps1 or clicking at the green arrow at the ISE with the script open.

 

manifestly, we’ve got just scratched the surface of what can be accomplished with PowerShell and we created an easy one-line script, however, in destiny tutorials we will delve deeper into the skills of PowerShell from the attacker’s perspective. In my next PowerShell for Hackers academic, we can increase the port scanner with Power Shell for Hackers.

Sources