The document provides an overview of PowerShell and describes useful cmdlets and techniques for using PowerShell. It covers launching PowerShell, common cmdlets for file operations, formatting output, navigating the registry, and pipelining between cmdlets. The document also includes a section on PowerShell for post-exploitation tasks and notes on efficient usage.
The document provides an overview of PowerShell and describes useful cmdlets and techniques for using PowerShell. It covers launching PowerShell, common cmdlets for file operations, formatting output, navigating the registry, and pipelining between cmdlets. The document also includes a section on PowerShell for post-exploitation tasks and notes on efficient usage.
The document provides an overview of PowerShell and describes useful cmdlets and techniques for using PowerShell. It covers launching PowerShell, common cmdlets for file operations, formatting output, navigating the registry, and pipelining between cmdlets. The document also includes a section on PowerShell for post-exploitation tasks and notes on efficient usage.
The document provides an overview of PowerShell and describes useful cmdlets and techniques for using PowerShell. It covers launching PowerShell, common cmdlets for file operations, formatting output, navigating the registry, and pipelining between cmdlets. The document also includes a section on PowerShell for post-exploitation tasks and notes on efficient usage.
Purpose The purpose of this cheat sheet is to describe some common options and techniques for use in Microsoft’s PowerShell.
PowerShell Overview PowerShell Background
PowerShell is the successor to command.com, cmd.exe and cscript. Initially released as a
separate download, it is now built in to all modern versions of Microsoft Windows. PowerShell syntax takes the form of verb-noun patterns implemented in cmdlets.
Launching PowerShell PowerShell is accessed by pressing Start -> typing powershell and pressing enter. Some operations require administrative privileges and can be accomplished by launching PowerShell as an elevated session. You can launch an elevated PowerShell by pressing Start -> typing powershell and pressing Shift-CTRL-Enter.
Additionally, PowerShell cmdlets can be called from cmd.exe by typing:
Syntax Cmdlets are small scripts that follow a dashseparated verb-noun convention such as "Get-Process". Similar Verbs with Different Actions:
New- Creates a new resource
Set- Modifies an existing resource Get- Retrieves an existing resource Read- Gets information from a source, such as a file Find- Used to look for an object Search- Used to create a reference to a resource Star t- (asynchronous) begin an operation, such as starting a process Invoke- (synchronous) perform an operation such as running a command
Parameters: Each verb-noun named cmdlet may have many parameters to control cmdlet functionality.
Objects: The output of most cmdlets are objects that can be passed to other cmdlets and further acted upon. This becomes important in pipelining cmdlets.
4/9 Finding Cmdlets To get a list of all available cmdlets:
PS C:\> Get-Command
Get-Command suppor ts filtering. To filter cmdlets on the verb set:
PS C:\> Get-Command Set*
PS C:\> Get-Command –Verb Set
Or on the noun process:
PS C:\> Get-Command *Process
PS C:\> Get-Command –Noun process
Getting Help To get help with help:
PS C:\> Get-Help
To read cmdlet self documentation:
PS C:\> Get-Help <cmdlet>
Detailed help:
PS C:\> Get-Help <cmdlet> -detailed
Usage examples:
5/9 PS C:\> Get-Help <cmdlet> -examples
Full (ever ything) help:
PS C:\> Get-Help <cmdlet> -full
Online help (if available):
PS C:\> Get-Help <cmdlet> -online
Cmdlet Aliases Aliases provide short references to long commands.
To list available aliases (alias alias):
PS C:\> Get-Alias
To expand an alias into a full name:
PS C:\> alias <unknown alias>
PS C:\> alias gcm
Efficient PowerShell Tab completion:
PS C:\> get-child<TAB>
PS C:\> Get-ChildItem
Parameter shor tening:
6/9 PS C:\> ls –recurse
is equivalent to:
PS C:\> ls -r
5 PowerShell Essentials Shows help & examples
PS C:\> Get-Help [cmdlet] -examples
Alias
PS C:\> help [cmdlet] -examples
Shows a list of commands
PS C:\> Get-Command
Alias
PS C:\> gcm *[string]*
Shows proper ties & methods
PS C:\> [cmdlet] | Get-Member
Alias
PS C:\> [cmdlet] | gm
Takes each item on pipeline and handles it as $_
7/9 PS C:\> ForEach-Object { $_ }
Alias
PS C:\> [cmdlet] | % { [cmdlet] $_ }
Searches for strings in files or output, like grep
