Join Malcolm Shore for an in-depth discussion in this video Scripting with PowerShell, part of Penetration Testing Essential Training.
- [Instructor] Windows PowerShell comes built into all current Windows systems; and it's to Windows what the Bash shell is to Linux, a powerful command line tool for automating systems and network administration. It's also a useful tool for the pen tester to be able to use when carrying out testing. PowerShell combines the features of a scripting language with command line utilities and commandlets, as well as the ability to interface to the Windows Management Instrumentation, or WMI, system. Commandlets are a new concept with PowerShell.
They use a standard naming convention that follows a verb-noun pattern, such as get help, get event log, get process, and set service. The get verb displays information about the noun, and the set verb modifies or sets some (mumbles) of that information. Get and set are just two examples. There are around a hundred verbs that can be used. I'm in the PowerShell console, and I can list the available verbs by entering the command Get-Verb.
We can see in this list get and set and many other verbs. We can see how many with a handy function call by entering (Get-Verb).count, and we see there's 98. We look at some more of these verbs as we refresh our skills in PowerShell. We can get help on the various forms of these verbs. For example, we can enter help push.
We can see there's a commandlet Push-Location and an alias of pushd for that. By entering help pushd, we get the full documentation on the commandlet. We can see this is a stack operation commandlet, which pushes the location onto a stack and that there's an associated set of commandlets, such as Get-Location, Set-Location, and Pop-Location. PowerShell supports the standard Windows shell commands, such as cd, dir, and ipconfig, to name a few.
You can use the standard less than and greater than operators in PowerShell as we would in Windows. (typing) We can see the host name and the directory by typing the file. We can also use the count command to list the file, as we would in Linux. PowerShell commands can be scripted into a text file, and we use the .ps1 extension to show that the file is a PowerShell script.
We can run any Windows program or PowerShell script by entering its name, so let's create a text file using Notepad. For a normal executable, we'll prefix it with dot slash; but for Windows commands, we can omit that. Okay, let's just put in a couple of PowerShell commands as an example; and we'll save it as test1.ps1.
Now we can run the script, this time using the .\ prefix. And we can see the Get-Process command being executed. We don't need to use Notepad to write scripts. PowerShell comes with an intelligent scripting system, ISE, which makes developing and testing complex scripts much easier. I'm in the ISE and can create a script by clicking New on the toolbar. Okay, we've got to tab to write a script.
As I write it, I get assistance with the command format. I can now save that as my test1 (typing) and then run. Back in the console, let's see how we can use variables in PowerShell; and we prefix them with a dollar sign. We can also set up a list by just declaring it, and we can check the number of list entries using the count function.
We can also use the echo command to print information to the standard output, and there's also a PowerShell commandlet called Write-Host that does the same. We can also include variables in the string, and the value of the variable is substituted. We can use if-then commands in PowerShell using a Bash-like syntax.
Note the ability to use multi-line entry for this, with execution at the completion of the command. We can also script loops using the do while, (typing) and we get the elements of the list displayed.
It's a bit obtuse really, so there's another way to do this using the ForEach clause. (typing) Much simpler. This has been just a refresher. There's much more to learning PowerShell if you're new to it. You can really get into the details by taking the PowerShell 5 Course by Matt Testa, and you can deep dive into greater scripting by taking the Integrated Scripting Environment Course with Mike Pfeiffer.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code