We covered basics of the scripting language, Powershell, for penetration testers. We covered basic commands, scripting, enumerating targets and took a nice challenge that is part of TryHackMe Hacking with Powershell room.

Get COMPTIA Pentest+ Study Notes

Windows Privilege Escalation Techniques Course

Challenge Description

Learn the basics of PowerShell and PowerShell Scripting

Video Highlights

Powershell is the Windows Scripting Language and shell environment built using the .NET framework.

This also allows Powershell to execute .NET functions directly from its shell. Most Powershell commands, called cmdlets, are written in .NET. Unlike other scripting languages and shell environments, the output of these cmdlets are objects – making Powershell somewhat object-oriented.

This also means that running cmdlets allows you to perform actions on the output object (which makes it convenient to pass output from one cmdlet to another). The normal format of a cmdlet is represented using Verb-Noun; for example, the cmdlet to list commands is called Get-Command

Common verbs to use include:


  • Get
  • Start
  • Stop
  • Read
  • Write
  • New
  • Out

To get the complete list of approved verbs, visit this link.

Using Get-Help

Get-Help displays information about a cmdlet. To get help with a particular command, run the following:

Get-Help Command-Name

Room Answers

What is the command to get a new object?

What is the location of the file “interesting-file.txt”

Specify the contents of this file

How many cmdlets are installed on the system(only cmdlets, not functions and aliases)?

Get the MD5 hash of interesting-file.txt

What is the command to get the current working directory?

Does the path “C:\Users\Administrator\Documents\Passwords” Exist (Y/N)?

What command would you use to make a request to a web server?

Base64 decode the file b64.txt on Windows.

How many users are there on the machine?

Which local user does this SID(S-1-5-21-1394777289-3961777894-1791813945-501) belong to?

How many users have their password required values set to False?

How many local groups exist?

What command did you use to get the IP address info?

How many ports are listed as listening?

What is the remote address of the local port listening on port 445?

How many patches have been applied?

When was the patch with ID KB4023834 installed?

Find the contents of a backup file.

Search for all files containing API_KEY

What command do you do to list all the running processes?

What is the path of the scheduled task called new-sched-task?

Who is the owner of the C:\

What file contains the password?

What is the password?

What files contains an HTTPS link?

How many open ports did you find between 130 and 140(inclusive of those two)?

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles