PowerShell For Pentesters Part 1: Introduction to PowerShell and Cmdlets

PowerShell represents one of the most interesting and powerful languages for a pentesting purpose.

So, we will try to focus on this context with this suite of articles.

This article represents the first one of the lab series about PowerShell for pentesters when we will begin by discovering the basics that we need to perform pentesting tasks using PowerShell.

Microsoft defines PowerShell as the following :

PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.”

But, for us, as pentesters, PowerShell represent a powerful shell and scripting language which is present (in most cases from windows 7, it’s integrated by default) on our pentest targets and provide to us specially a powerful post-exploitation “tool/language” that can give us so much power and a very big attack surface/possibility.

PowerShell provides us many aspects that make it perfect for a pentesting context like :

  • Easy to learn
  • Based on .Net Framework
  • Trusted by the OS
  • Provide access almost to everything in the Window based Operating Systems!
  • Integrated by default from Windows 7
  • Object Oriented
  • Scripting interface with ISE

And this why we use PowerShell!

Note that we will work with PowerShell v2 because this version is present in almost all Windows Operating Systems versions.

To launch PowerShell command line, you can do it from the launch bar on any version of Windows, ( From Windows 7, PowerShell is integrated by default) by taping “PowerShell.exe” :

Figure 1: Launching PowerShell

You can launch it also directly from its own directory based on: “C:WindowsSystem32WindowsPowerShellvX.0PowerShell.exe,” where x represents the version number

Once done, we will (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Kondah Hamza. Read the original post at: