This post provides a comprehensive introduction to PowerShell, a Microsoft-developed task automation and configuration management framework. It covers essential commands and workflows, including navigation, file management, and installing external modules. The post also covers the answers for TryHackMe Windows Powershell room.

COMPTIA Cyber Security Analyst (CySA+) Study Notes

HackTheBox Certified Defensive Security Analyst (CDSA) Study Notes

Overview

Solve challenges from the TryHackMe Windows PowerShell Room.

PowerShell Basics:

Integrates a command-line interface with a scripting language.

Based on the .NET framework, suitable for automating tasks and managing configurations.

Objective:

Learn foundational PowerShell commands.

Apply PowerShell for system administration tasks.

Key Topics Covered

1. Getting Started with PowerShell

  1. List Available Commands:
    • Command:
Get-Command

Outputs all available cmdlets, functions, aliases, and scripts in the current session.

Filter specific types:

Get-Command -CommandType Cmdlet
Get-Command -CommandType Function

Accessing Help for Commands:

  • Command:
Get-Help <CommandName>

Displays command syntax, description, and usage examples.

Example:

Get-Help Get-Command -Examples

2. Working with External Modules

  1. Find External Modules:
    • Search for modules in online repositories:
Find-Module -Name PowerShell*

Install a Module:

  • Command:
Install-Module -Name <ModuleName>

Example:

Install-Module -Name PowerShellGet

3. Navigating the File System

  1. List Directory Contents:
    • Command:
Get-ChildItem -Path <Path>
  • Default behavior shows contents of the current directory.

Change Directory:

  • Command:
Set-Location -Path <Path>

Example:

Set-Location -Path "C:\Users"

Create Directories and Files:

  • New Directory:
New-Item -Path <Path> -Name <DirectoryName> -ItemType Directory

New File:

New-Item -Path <Path> -Name <FileName> -ItemType File

4. Managing Files and Directories

  1. Delete Files or Directories:
    • Command:
Remove-Item -Path <Path>

Example:

Remove-Item -Path "C:\Temp\TestFile.txt"

Copy Files:

  • Command:
Copy-Item -Path <SourcePath> -Destination <DestinationPath>

Move Files:

  • Command:
Move-Item -Path <SourcePath> -Destination <DestinationPath>

Advanced Usage

  1. Filter and Search Output:
    • Example: List all .txt files in a directory.
Get-ChildItem -Path "C:\Temp" -Filter "*.txt"

Retrieve System Information:

  • Command
Get-Process
  • Example: Display all running processes.

Create Loops for Automation:

  • Example: Loop through files and perform actions:
Get-ChildItem -Path "C:\Temp" | ForEach-Object {
    Write-Output "Processing file: $_"
}

Practical Applications

  • Navigating Directories:
    • Navigate to a user directory:
Set-Location -Path "C:\Users\<Username>\Documents"

File Creation and Management:

  • Create a test file:
New-Item -Path "C:\Temp" -Name "TestFile.txt" -ItemType File

Installing Modules:

  • Install a module for JSON serialization:
Install-Module -Name "PowerShellForJSON"

Key Takeaways

  • PowerShell provides robust capabilities for automation and system administration.
  • The Get-Command, Get-Help, and Find-Module commands are critical for discovering and learning PowerShell functionalities.
  • Practical use cases include file management, module installation, and task automation.

TryHackMe Windows Powershell Room Answers

What do we call the advanced approach used to develop PowerShell?

object-oriented

How would you retrieve a list of commands that start with the verb Remove? [for the sake of this question, avoid the use of quotes (” or ‘) in your answer]

Get-Command -Name Remove*
What cmdlet has its traditional counterpart echo as an alias?

Write-Output
What is the command to retrieve some example usage for the cmdlet New-LocalUser?

Get-Help New-LocalUser -examples

What cmdlet can you use instead of the traditional Windows command type?

Get-Content

What PowerShell command would you use to display the content of the “C:\Users” directory? [for the sake of this question, avoid the use of quotes (” or ‘) in your answer]

Get-ChildItem -Path C:\Users

How many items are displayed by the command described in the previous question?

4
How would you retrieve the items in the current directory with size greater than 100? [for the sake of this question, avoid the use of quotes (” or ‘) in your answer]
Get-ChildItem | Where-Object -Property Length -gt 100

Other than your current user and the default “Administrator” account, what other user is enabled on the target machine?

p1r4t3

This lad has hidden his account among the others with no regard for our beloved captain! What is the motto he has so bluntly put as his account’s description?

A merry life and a short one.

Now a small challenge to put it all together. This shady lad that we just found hidden among the local users has his own home folder in the “C:\Users” directory.
Can you navigate the filesystem and find the hidden treasure inside this pirate’s home?

THM{p34rlInAsh3ll}

In the previous task, you found a marvellous treasure carefully hidden in the target machine. What is the hash of the file that contains it?

71FC5EC11C2497A32F8F08E61399687D90ABE6E204D2964DF589543A613F3E08

What property retrieved by default by Get-NetTCPConnection contains information about the process that has started the connection?

OwningProcess

It’s time for another small challenge. Some vital service has been installed on this pirate ship to guarantee that the captain can always navigate safely. But something isn’t working as expected, and the captain wonders why. Investigating, they find out the truth, at last: the service has been tampered with! The shady lad from before has modified the service DisplayName to reflect his very own motto, the same that he put in his user description.

With this information and the PowerShell knowledge you have built so far, can you find the service name?

p1r4t3-s-compass

What is the syntax to execute the command Get-Service on a remote computer named “RoyalFortune”? Assume you don’t need to provide credentials to establish the connection. [for the sake of this question, avoid the use of quotes (” or ‘) in your answer]

Invoke-Command -ComputerName RoyalFortune -ScriptBlock { Get-Service }



Video Walkthrough

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles