We covered basics of the scripting language, Powershell, for penetration testers. We covered basic commands, scripting, enumerating targets and took a nice challenge that is part of TryHackMe Hacking with Powershell room.
Get COMPTIA Pentest+ Study Notes
Windows Privilege Escalation Techniques Course
Challenge Description
Learn the basics of PowerShell and PowerShell Scripting
Video Highlights
Powershell is the Windows Scripting Language and shell environment built using the .NET framework.
This also allows Powershell to execute .NET functions directly from its shell. Most Powershell commands, called cmdlets, are written in .NET. Unlike other scripting languages and shell environments, the output of these cmdlets are objects – making Powershell somewhat object-oriented.
This also means that running cmdlets allows you to perform actions on the output object (which makes it convenient to pass output from one cmdlet to another). The normal format of a cmdlet is represented using Verb-Noun; for example, the cmdlet to list commands is called Get-Command
Common verbs to use include:
- Get
- Start
- Stop
- Read
- Write
- New
- Out
To get the complete list of approved verbs, visit this link.
Using Get-Help
Get-Help
displays information about a cmdlet. To get help with a particular command, run the following:
Get-Help Command-Name
Room Answers
What is the command to get a new object?
What is the location of the file “interesting-file.txt”
Specify the contents of this file
How many cmdlets are installed on the system(only cmdlets, not functions and aliases)?
Get the MD5 hash of interesting-file.txt
What is the command to get the current working directory?
Does the path “C:\Users\Administrator\Documents\Passwords” Exist (Y/N)?
What command would you use to make a request to a web server?
Base64 decode the file b64.txt on Windows.
How many users are there on the machine?
Which local user does this SID(S-1-5-21-1394777289-3961777894-1791813945-501) belong to?
How many users have their password required values set to False?
How many local groups exist?
What command did you use to get the IP address info?
How many ports are listed as listening?
What is the remote address of the local port listening on port 445?
How many patches have been applied?
When was the patch with ID KB4023834 installed?
Find the contents of a backup file.
Search for all files containing API_KEY
What command do you do to list all the running processes?
What is the path of the scheduled task called new-sched-task?
What file contains the password?
What is the password?
What files contains an HTTPS link?
How many open ports did you find between 130 and 140(inclusive of those two)?
Video Walkthrough