[go: up one dir, main page]
Scribd
Upload
28 views18 pages

3.3.11 Lab - Using Windows PowerShell - TRINIDAD

The document provides a guide on accessing and using PowerShell and Command Prompt, detailing methods to open these tools and explore basic commands like 'dir', 'ping', 'cd', and 'ipconfig'. It explains cmdlets in PowerShell, specifically the 'Get-ChildItem' command for listing files and directories, and how to use the 'netstat' command for network statistics. The document also includes instructions for running PowerShell with administrative privileges and examples of active TCP connections.

Uploaded by

adtrinidad1197ant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views18 pages

3.3.11 Lab - Using Windows PowerShell - TRINIDAD

The document provides a guide on accessing and using PowerShell and Command Prompt, detailing methods to open these tools and explore basic commands like 'dir', 'ping', 'cd', and 'ipconfig'. It explains cmdlets in PowerShell, specifically the 'Get-ChildItem' command for listing files and directories, and how to use the 'netstat' command for network statistics. The document also includes instructions for running PowerShell with administrative privileges and examples of active TCP connections.

Uploaded by

adtrinidad1197ant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 18

TRINIDAD, Aloysius Maria D.

ITEL412 – BSIT 4-Y1-2 (IRR)

Part 1: Access PowerShell

a. There are four methods to open PowerShell


i. Click Start, then search powershell and select Windows PowerShell
ii. In Start Menu, search the Windows PowerShell folder and select Windows PowerShell
iii. Access the Run dialog, type powershell and hit Enter
iv. Use the Win+X shortcut or right-click the Start Button and select Windows PowerShell
b. You can use the same procedures to open Command Prompt

Part 2: Explore commands on Command Prompt and PowerShell

a. Enter the dir command on both programs

What are the outputs to the dir command?


Both provide an output for showing the list of directories, it also shows the date, time,
file size and file type. In PowerShell, they also give you the attribute and mode of the file
or folder.

b. Try other commands usually used in Command Prompt like ping, cd and ipconfig
Ping (Connection Test):
CD (Change Directory):

Ipconfig (Network configuration information):

What are the results?


Both commands considered the same
Part 3: Explore cmdlets

a. Cmdlets were constructed in a form of verb-noun strings. In order to identify a command to list
subdirectories and files, use the Get-Alias dir in the prompt

What is the PowerShell command for dir?


“Get-ChildItem”
b. For more details about cmdlets, you can research them on the internet.

Here are some examples:


Cmdlet Overview - PowerShell | Microsoft Learn – Overview of the PowerShell cmdlets
Table of Basic PowerShell Commands - Scripting Blog [archived] – For list of cmdlet commands
c. Once you’re done, you can close the PowerShell window or use the exit command
Part 4: Explore netstat in PS

a. In the PowerShell prompt, enter the command netstat –h, this outputs a guide on how to use
the netstat command

b. Use netstat –r for displaying the routing table with active routes

What is the IPv4 gateway?


This may vary from your output, but for this output, it was set to the default 192.168.1.1 IP
c. Now, open PowerShell with administrative privileges by:
i. Right-click PowerShell and select Run as administrator
ii. Use Run, type powershell and hit Control+Shift+Enter
iii. Use Win+X or right-click Start Button and select Windows PowerShell (Admin)
d. Use netstat –abno to display the processes associated with active TCP connections

PS C:\WINDOWS\system32> netstat -abno

Active Connections

Proto Local Address Foreign Address State


PID
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING
3960
[sshd.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
1088
RpcEptMapper
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
4
Can not obtain ownership information
TCP 0.0.0.0:3289 0.0.0.0:0 LISTENING
3644
[ENAgent.exe]
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
6484
CDPSvc
[svchost.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
4
Can not obtain ownership information
TCP 0.0.0.0:28252 0.0.0.0:0 LISTENING
3972
[spacedeskService.exe]
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
984
[lsass.exe]
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
856
Can not obtain ownership information
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
1348
EventLog
[svchost.exe]
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
1768
Schedule
[svchost.exe]
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
3320
[spoolsv.exe]
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING
976
Can not obtain ownership information
TCP 127.0.0.1:26822 0.0.0.0:0 LISTENING
7732
[MSI.TerminalServer.exe]
TCP 127.0.0.1:32683 0.0.0.0:0 LISTENING
6136
[MSI.CentralServer.exe]
TCP 127.0.0.1:33683 0.0.0.0:0 LISTENING
6136
[MSI.CentralServer.exe]
TCP 192.168.1.8:139 0.0.0.0:0 LISTENING
4
Can not obtain ownership information
TCP 192.168.1.8:49705 40.83.240.146:443
ESTABLISHED 4092
WpnService
[svchost.exe]
TCP 192.168.1.8:49983 142.250.157.188:5228
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:50050 108.158.213.74:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:50353 69.173.158.67:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:50832 34.226.134.46:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:50896 51.79.152.81:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51091 210.5.102.34:443 CLOSE_WAIT
7660
[SearchApp.exe]
TCP 192.168.1.8:51095 40.104.23.98:443
ESTABLISHED 7660
[SearchApp.exe]
TCP 192.168.1.8:51102 52.98.33.162:443
ESTABLISHED 7660
[SearchApp.exe]
TCP 192.168.1.8:51105 13.107.253.254:443 CLOSE_WAIT
7660
[SearchApp.exe]
TCP 192.168.1.8:51108 13.107.226.254:443 CLOSE_WAIT
7660
[SearchApp.exe]
TCP 192.168.1.8:51109 13.107.213.254:443 CLOSE_WAIT
7660
[SearchApp.exe]
TCP 192.168.1.8:51111 23.44.154.197:443 CLOSE_WAIT
11256
[SystemSettings.exe]
TCP 192.168.1.8:51112 202.138.181.227:443 CLOSE_WAIT
11256
[SystemSettings.exe]
TCP 192.168.1.8:51130 18.172.21.76:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51131 216.239.34.157:443 TIME_WAIT
0
TCP 192.168.1.8:51132 142.251.221.22:443 TIME_WAIT
0
TCP 192.168.1.8:51133 146.75.22.137:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51139 142.251.221.2:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51141 142.251.221.40:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51142 104.18.38.76:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51143 3.165.72.122:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51144 142.251.221.42:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51145 18.172.15.189:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51146 3.165.63.9:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51147 142.251.220.238:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51148 3.165.72.122:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51149 182.161.73.136:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51150 34.107.165.188:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51152 15.197.193.217:443 TIME_WAIT
0
TCP 192.168.1.8:51155 54.151.77.232:443 TIME_WAIT
0
TCP 192.168.1.8:51157 34.102.146.192:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51158 34.120.135.53:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51159 182.161.73.136:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51160 44.198.95.4:443 TIME_WAIT
0
TCP 192.168.1.8:51161 182.161.73.136:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51162 3.165.63.11:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51163 3.165.72.153:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51165 18.172.21.125:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51166 23.44.159.174:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51167 172.67.38.106:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51168 3.165.63.27:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51169 34.98.64.218:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51170 216.137.39.72:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51171 52.46.151.131:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51174 54.151.166.244:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51176 207.65.33.78:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51177 3.33.241.113:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51179 69.173.158.65:443 TIME_WAIT
0
TCP 192.168.1.8:51185 3.33.241.113:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51189 162.19.138.116:443 TIME_WAIT
0
TCP 192.168.1.8:51191 108.158.213.27:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51192 142.251.221.1:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51193 142.251.220.193:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51195 142.251.220.193:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51196 142.251.220.228:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51197 108.158.213.120:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51198 18.172.21.35:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51199 108.158.213.116:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51200 35.244.154.8:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51201 35.241.19.70:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51202 146.75.21.10:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51203 104.17.158.113:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51205 3.115.162.58:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51207 99.83.154.140:443 TIME_WAIT
0
TCP 192.168.1.8:51208 3.165.63.94:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51209 145.40.117.86:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51210 18.172.21.16:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51212 13.226.225.23:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51213 23.40.252.236:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51215 216.200.232.249:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51216 35.213.7.90:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51221 20.40.202.0:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51223 202.138.177.188:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51224 142.251.220.194:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51226 119.9.108.211:443 CLOSE_WAIT
10348
[chrome.exe]
TCP 192.168.1.8:51227 35.244.154.8:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51228 18.172.21.86:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51229 54.36.150.181:443 TIME_WAIT
0
TCP 192.168.1.8:51231 67.199.150.82:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51232 52.223.2.229:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51233 54.169.105.68:443 TIME_WAIT
0
TCP 192.168.1.8:51234 18.141.79.158:443 TIME_WAIT
0
TCP 192.168.1.8:51235 35.213.7.90:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51236 23.40.252.236:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51237 108.158.213.41:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51242 18.154.207.64:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.1.8:51243 103.43.89.4:443 TIME_WAIT
0
TCP 192.168.1.8:51244 204.79.197.203:443
ESTABLISHED 1808
[backgroundTaskHost.exe]
TCP 192.168.1.8:51245 202.138.177.27:443
ESTABLISHED 6560
[Explorer.EXE]
TCP 192.168.1.8:51246 202.138.177.27:443
ESTABLISHED 6560
[Explorer.EXE]
TCP 192.168.1.8:51247 104.22.37.229:443
ESTABLISHED 10348
[chrome.exe]
TCP 192.168.56.1:139 0.0.0.0:0 LISTENING
4
Can not obtain ownership information
TCP [::]:22 [::]:0 LISTENING
3960
[sshd.exe]
TCP [::]:135 [::]:0 LISTENING
1088
RpcEptMapper
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
4
Can not obtain ownership information
TCP [::]:5357 [::]:0 LISTENING
4
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING
984
[lsass.exe]
TCP [::]:49665 [::]:0 LISTENING
856
Can not obtain ownership information
TCP [::]:49666 [::]:0 LISTENING
1348
EventLog
[svchost.exe]
TCP [::]:49667 [::]:0 LISTENING
1768
Schedule
[svchost.exe]
TCP [::]:49668 [::]:0 LISTENING
3320
[spoolsv.exe]
TCP [::]:49669 [::]:0 LISTENING
976
Can not obtain ownership information
UDP 0.0.0.0:3289 *:*
3644
[ENAgent.exe]
UDP 0.0.0.0:3702 *:*
10100
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
10100
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
4156
[dashost.exe]
UDP 0.0.0.0:3702 *:*
4156
[dashost.exe]
UDP 0.0.0.0:5050 *:*
6484
CDPSvc
[svchost.exe]
UDP 0.0.0.0:5353 *:*
10348
[chrome.exe]
UDP 0.0.0.0:5353 *:*
10348
[chrome.exe]
UDP 0.0.0.0:5353 *:*
10348
[chrome.exe]
UDP 0.0.0.0:5353 *:*
10064
[chrome.exe]
UDP 0.0.0.0:5353 *:*
10064
[chrome.exe]
UDP 0.0.0.0:5353 *:*
2316
Dnscache
[svchost.exe]
UDP 0.0.0.0:5353 *:*
10064
[chrome.exe]
UDP 0.0.0.0:5355 *:*
2316
Dnscache
[svchost.exe]
UDP 0.0.0.0:28252 *:*
3972
[spacedeskService.exe]
UDP 0.0.0.0:49261 *:*
10348
[chrome.exe]
UDP 0.0.0.0:49355 *:*
10348
[chrome.exe]
UDP 0.0.0.0:49503 *:*
10348
[chrome.exe]
UDP 0.0.0.0:49841 *:*
10348
[chrome.exe]
UDP 0.0.0.0:50415 *:*
10348
[chrome.exe]
UDP 0.0.0.0:52047 *:*
10348
[chrome.exe]
UDP 0.0.0.0:58045 *:*
6136
[MSI.CentralServer.exe]
UDP 0.0.0.0:58046 *:*
6136
[MSI.CentralServer.exe]
UDP 0.0.0.0:58047 *:*
6136
[MSI.CentralServer.exe]
UDP 0.0.0.0:58048 *:*
6136
[MSI.CentralServer.exe]
UDP 0.0.0.0:58049 *:*
6136
[MSI.CentralServer.exe]
UDP 0.0.0.0:58662 *:*
10348
[chrome.exe]
UDP 0.0.0.0:60849 *:*
10348
[chrome.exe]
UDP 0.0.0.0:61733 *:*
10348
[chrome.exe]
UDP 0.0.0.0:62219 *:*
10348
[chrome.exe]
UDP 0.0.0.0:62423 *:*
10348
[chrome.exe]
UDP 0.0.0.0:63318 *:*
4156
[dashost.exe]
UDP 0.0.0.0:64360 *:*
4408
[remoting_host.exe]
UDP 0.0.0.0:64555 *:*
10348
[chrome.exe]
UDP 0.0.0.0:65052 *:*
10100
FDResPub
[svchost.exe]
UDP 127.0.0.1:1900 *:*
5216
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:57562 *:*
3612
iphlpsvc
[svchost.exe]
UDP 127.0.0.1:65051 *:*
5216
SSDPSRV
[svchost.exe]
UDP 192.168.1.8:137 *:*
4
Can not obtain ownership information
UDP 192.168.1.8:138 *:*
4
Can not obtain ownership information
UDP 192.168.1.8:1900 *:*
5216
SSDPSRV
[svchost.exe]
UDP 192.168.1.8:65050 *:*
5216
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:137 *:*
4
Can not obtain ownership information
UDP 192.168.56.1:138 *:*
4
Can not obtain ownership information
UDP 192.168.56.1:1900 *:*
5216
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:65049 *:*
5216
SSDPSRV
[svchost.exe]
UDP [::]:3289 *:*
3644
[ENAgent.exe]
UDP [::]:3702 *:*
4156
[dashost.exe]
UDP [::]:3702 *:*
4156
[dashost.exe]
UDP [::]:3702 *:*
10100
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
10100
FDResPub
[svchost.exe]
UDP [::]:5353 *:*
10064
[chrome.exe]
UDP [::]:5353 *:*
10348
[chrome.exe]
UDP [::]:5353 *:*
2316
Dnscache
[svchost.exe]
UDP [::]:5355 *:*
2316
Dnscache
[svchost.exe]
UDP [::]:63319 *:*
4156
[dashost.exe]
UDP [::]:65053 *:*
10100
FDResPub
[svchost.exe]
UDP [::1]:1900 *:*
5216
SSDPSRV
[svchost.exe]
UDP [::1]:65048 *:*
5216
SSDPSRV
[svchost.exe]
UDP [fe80::33d4:1951:f635:80f1%11]:1900 *:*
5216
SSDPSRV
[svchost.exe]
UDP [fe80::33d4:1951:f635:80f1%11]:65047 *:*
5216
SSDPSRV
[svchost.exe]
e. Open Task Manager and go to Details, then click the PID header to sort in PID order
f. Select one of the PIDs from results in the PS window. For this example, we’ll find PID 10348
g. Now locate the selected PID, then right-click and open Properties for more information

What information can you get from the Details tab and the Properties dialog box for your
selected PID?
PID 10348 is associated with Google Chrome (chrome.exe) and uses ~32MB of memory
Part 5: Empty Recycle Bin in PS

a. Open Recycle Bin and check if there are some contents that can be permanently deleted. If not,
restore
b. If there’s none in Recycle Bin, try making an empty folder or a new file (e.g. empty text file) as
test subjects and place them to the Recycle Bin
c. In the PS console, use the clear-recyclebin command, and select each option

What happened to the files in the Recycle Bin?


Permanently deleted
Reflection Question

PowerShell was developed for task automation and configuration management. Using the internet,
research commands that you could use to simplify your tasks as a security analyst. Record your findings.

The answer may vary but I’ll choose one command, which is the Get-Content cmdlet. It was used to
check file contents like a text file.

Example:

You might also like