Powershell Basics

Powershell is the Windows Scripting Language and shell environment that is built using the .NET framework.

Most Powershell commands, called cmdlets, are written in .NET. Unlike other scripting languages and shell environments, the output of these cmdlets are objects - making Powershell somewhat object oriented.

This also means that running cmdlets allows you to perform actions on the output object(which makes it convenient to pass output from one cmdlet to another). The normal format of a cmdlet is represented using Verb-Noun; for example the cmdlet to list commands is called Get-Command.

Common verbs to use include:

• Get

• Start

• Stop

• Read

• Write

• New

• Out

Get-Help

Get-Help Command-Name You can also use "-examples" to see how it is used Get-Help Command-Name -Examples

Get-Command gets all the cmdlets installed on the current Computer. The great thing about this cmdlet is that it allows for pattern matching like the following

Get-Command Verb-* or Get-Command *-Noun

Running Get-Command New-* to view all the cmdlets for the verb new displays the following

The Pipeline(|) is used to pass output from one cmdlet to another. A major difference compared to other shells is that instead of passing text or string to the command after the pipe, powershell passes an object to the next cmdlet

To view these details, pass the output of a cmdlet to the Get-Member cmdlet

Get-Command | Get-Member -MemberType Method

Creating Objects From Previous cmdlets

One way of manipulating objects is pulling out the properties from the output of a cmdlet and creating a new object. This is done using the Select-Object cmdlet.

Get-ChildItem | Select-Object -Property Mode, Name

Filtering Objects

When retrieving output objects, you may want to select objects that match a very specific value. You can do this using the Where-Object to filter based on the value of properties.

Get-Service | Where-Object -Property Status -eq stopped

Other operators than "-eq" can be found here

Sort Object

When a cmdlet outputs a lot of information, you may need to sort it to extract the information more efficiently. You do this by pipe lining the output of a cmdlet to the Sort-Object cmdlet.

Finding a file

Get-ChildItem -Path c:\ -Include *interesting-file.txt* -File -Recurse -ErrorAction SilentlyContinue

Counting an output (using measure)

Lets count the cmdlets installed in the system

Get-Command | Where-Object -Parameter CommandType -eq Cmdlet | measure

Getting a file's hash

We want MD5 hash here, so:

Get-FileHash -Path "C:\Program Files\interesting-file.txt.txt" -Algorithm MD5

Current Working Directory?

Get-Location

To see if a directory exists?

Get-Location -Path "C:\Users\Administrator\Documents\Passwords"

Making a request to web server

Invoke-WebRequest

Base64 decode a file

Get-ChildItem -Path C:/ -Include b64.txt -Recurse -File -ErrorAction SIlentlyContinue

certutil -decode "path\file.txt" decode.txt