Hack Like a Pro: Scripting for the Aspiring Hacker, Part 3 (Windows PowerShell)
Welcome back, my budding hackers!
As you know, I firmly believe that to be a true professional hacker, you need to be proficient in Linux. This is for a number of good reasons.
- Most hacker tools are developed in Linux (well over 90 percent).
- Linux offers us greater granularity of control.
- The terminal in Linux gives us complete control over the operating system, unlike cmd.exe in Windows that has only limited capabilities.
- Most importantly, Linux is open source and transparent. That means that we can actually see the source code and manipulate the operating system to a far greater degree than the closed source and opaque Windows operating system.
In recent years, Microsoft seems have gained religion is terms of the advantage of the command line and terminal in Linux. They now seem to understand the strengths and advantages of the command line, and as a response, introduced the Windows PowerShell.
Microsoft had recognized the limitations of their cmd.exe as early as the 1990s and attempted to remedy it with a bunch a workarounds. In 2002, Microsoft released a whitepaper on a product that was under development called MONAD, or Microsoft Shell. Eventually, Windows PowerShell was released as an add-on in 2007 and Windows PowerShell 2.0 was fully integrated into Windows 7 and Windows Server 2008 and all Windows operating systems since.
Windows PowerShell borrows much from the Linux environment including many Linux commands. It also includes the ability to pipe commands and link commands into a script.
With PowerShell capability, Windows becomes a more powerful hacking platform, but until Microsoft makes its source code open source (don't hold your breath), Linux will still be the operating system of choice for hackers.
All that having been said, we should still explore and become familiar with the Windows PowerShell for when the Windows platform is appropriate, such as when using Cain and Abel and some of the other hacking tools developed for Windows.
One of the key differences between Windows PowerShell and the BASH shell in Linux is that Microsoft has developed cmdlets (command lets) for PowerShell. They cmdlets are essentially single commands that accomplish sometimes more complex tasks similar to functions. These cmdlets take the form of verb-noun, such as "get-help".
Most system administrators and users are unaware that beneath that familiar Windows GUI lurks a powerful tool and engine for manipulating Windows. You can get to it by typing "powershell" into the search window at the Start or Windows button and click on "PowerShell".
When it opens, you should get a screen that looks like this.
Once we have the PowerShell terminal open, the first thing we want to explore is how we get help. PowerShell has a cmdlet for that called, unsurprisingly, "get-help".
When we type "get-help", we receive the help screen like that above. Microsoft has aliased this cmdlet so that "help" and the Linux command "man" accomplish the same thing.
As you remember from Linux, you can see the manual page for any command in Linux, by preceding the command with the keyword "man". Likewise, in Windows PowerShell, you can use "get-help" followed by the cmdlet to see the manual page. Let's get the manual page for a cmdlet named "Write-Output".
- > get-help Write-Output
You can see that PowerShell returns us a manual page for the cmdlet, "Write-Output". As I mentioned above, "man" and "help" will both pull up the same context-sensitive information.
Microsoft, recognizing that Linux system administrators are more accustomed to working from the command line and to encourage them to adopt and use the PowerShell, aliased many of the most common Linux commands into its PowerShell.
For instance, I can use the Windows command "dir" and the Linux command "ls" to get a directory listing in PowerShell.
Some of the other Linux commands that are available in PowerShell, include but aren't limited to the following.
To create a script in PowerShell, similar to Linux, you can use Notepad or other text editor such as Notepad++. In addition, PowerShell comes with a Integrated Scripting Environment (ISE) that we can use.
There are numerous ways to get into the ISE, but probably the simplest is to create a file, right-click on it, and choose "Edit". In this case, I created a file in Notepad called "Helloworld.ps1". This will open the PowerShell ISE like that below.
When starting out in ANY programming language, it's requisite to write the ubiquitous "Hello World" program. We are not going to deviate from that path and we will create our own "Hello World" script here.
With the ISE open, we can type:
- Write-Output "Hello World"
Just like in the Linux terminal, we enclose the string "Hello World" in double quotation marks to indicate that we want the string literals to be output (meaning we want these human language words and not computer commands).
We can run this script by either opening the PowerShell and navigating to this file and running Helloworld.ps1 or clicking on the green arrow on the ISE with the script open.
In my next PowerShell tutorial, we'll delve a bit deeper into this powerful tool and use it to develop a port scanner, so keep coming back!