Hack Like a Pro: Scripting for the Aspiring Hacker, Part 3 (Windows PowerShell)

Scripting for the Aspiring Hacker, Part 3 (Windows PowerShell)

Hack Like a Pro: Scripting for the Aspiring Hacker, Part 3 (Windows PowerShell)

Welcome back, my budding hackers!

As you know, I firmly believe that to be a true professional hacker, you need to be proficient in Linux. This is for a number of good reasons.

  1. Most hacker tools are developed in Linux (well over 90 percent).
  2. Linux offers us greater granularity of control.
  3. The terminal in Linux gives us complete control over the operating system, unlike cmd.exe in Windows that has only limited capabilities.
  4. Most importantly, Linux is open source and transparent. That means that we can actually see the source code and manipulate the operating system to a far greater degree than the closed source and opaque Windows operating system.

In recent years, Microsoft seems have gained religion is terms of the advantage of the command line and terminal in Linux. They now seem to understand the strengths and advantages of the command line, and as a response, introduced the Windows PowerShell.

PowerShell BackGround

Microsoft had recognized the limitations of their cmd.exe as early as the 1990s and attempted to remedy it with a bunch a workarounds. In 2002, Microsoft released a whitepaper on a product that was under development called MONAD, or Microsoft Shell. Eventually, Windows PowerShell was released as an add-on in 2007 and Windows PowerShell 2.0 was fully integrated into Windows 7 and Windows Server 2008 and all Windows operating systems since.

Windows PowerShell borrows much from the Linux environment including many Linux commands. It also includes the ability to pipe commands and link commands into a script.

With PowerShell capability, Windows becomes a more powerful hacking platform, but until Microsoft makes its source code open source (don't hold your breath), Linux will still be the operating system of choice for hackers.

All that having been said, we should still explore and become familiar with the Windows PowerShell for when the Windows platform is appropriate, such as when using Cain and Abel and some of the other hacking tools developed for Windows.

Cmdlets

One of the key differences between Windows PowerShell and the BASH shell in Linux is that Microsoft has developed cmdlets (command lets) for PowerShell. They cmdlets are essentially single commands that accomplish sometimes more complex tasks similar to functions. These cmdlets take the form of verb-noun, such as "get-help".

Step 1: Open Powershell

Most system administrators and users are unaware that beneath that familiar Windows GUI lurks a powerful tool and engine for manipulating Windows. You can get to it by typing "powershell" into the search window at the Start or Windows button and click on "PowerShell".

When it opens, you should get a screen that looks like this.

Step 2: Get Help

Once we have the PowerShell terminal open, the first thing we want to explore is how we get help. PowerShell has a cmdlet for that called, unsurprisingly, "get-help".

When we type "get-help", we receive the help screen like that above. Microsoft has aliased this cmdlet so that "help" and the Linux command "man" accomplish the same thing.

Step 3: Context Sensitive Help

As you remember from Linux, you can see the manual page for any command in Linux, by preceding the command with the keyword "man". Likewise, in Windows PowerShell, you can use "get-help" followed by the cmdlet to see the manual page. Let's get the manual page for a cmdlet named "Write-Output".

  • > get-help Write-Output

You can see that PowerShell returns us a manual page for the cmdlet, "Write-Output". As I mentioned above, "man" and "help" will both pull up the same context-sensitive information.

Step 4: Run the Same Commands as Linux

Microsoft, recognizing that Linux system administrators are more accustomed to working from the command line and to encourage them to adopt and use the PowerShell, aliased many of the most common Linux commands into its PowerShell.

For instance, I can use the Windows command "dir" and the Linux command "ls" to get a directory listing in PowerShell.

Some of the other Linux commands that are available in PowerShell, include but aren't limited to the following.

Step 5: Use the Integrated Scripting Environment

To create a script in PowerShell, similar to Linux, you can use Notepad or other text editor such as Notepad++. In addition, PowerShell comes with a Integrated Scripting Environment (ISE) that we can use.

There are numerous ways to get into the ISE, but probably the simplest is to create a file, right-click on it, and choose "Edit". In this case, I created a file in Notepad called "Helloworld.ps1". This will open the PowerShell ISE like that below.

Step 6: Hello World

When starting out in ANY programming language, it's requisite to write the ubiquitous "Hello World" program. We are not going to deviate from that path and we will create our own "Hello World" script here.

With the ISE open, we can type:

  • Write-Output "Hello World"

Just like in the Linux terminal, we enclose the string "Hello World" in double quotation marks to indicate that we want the string literals to be output (meaning we want these human language words and not computer commands).

We can run this script by either opening the PowerShell and navigating to this file and running Helloworld.ps1 or clicking on the green arrow on the ISE with the script open.

In my next PowerShell tutorial, we'll delve a bit deeper into this powerful tool and use it to develop a port scanner, so keep coming back!

9 Comments

I've always been curious about PowerShell but never really looked into it; this should be a fun series to follow.

ghost_

Ok...so 1. I get to the get-help write-output, and I get a statement saying that type of information is not available.

  1. You say to open a notepad document and name it "helloworld.ps1". I right clicked it and there was no "ISE" option. There was an "open IME" option and when I clicked that, nothing happened. So frustrated. I cant seem to come across one article or youtube video that actually works for what I'm trying to do. Which I'm sure you're aware of what that is. Should I just install Linux or something. I'm ready to throw my computer out of the window

Emilie:

Welcome to Null Byte!

First, I'm hoping you are Windows 7?

Second, you must save the "helloworld.ps1". Then right click and choose EDIT. This will open the ISE.

OTW

If you're windows 7 you can just search powershell and the ISE should be the 2nd option down too.

Emilie Sniper Katz:

If at first you don't succeed, try again. Don't get frustrated, find a solution to the problem presented.

If you're wanting to give Linux a test drive, install it on a USB as a bootable disc. I wouldn't install it over your existing OS because if you don't like it, you're stuck with it unless you buy a new windows OS.

ghost_

firstly to thank the administrators of this site!
I'm surprised on your skills and knowledge!
This is the most useful site!
big-big thanks!!!!
excuse my english .. still learning lol!

powershell ISE did not open the file after i created it
i don't know if the procedure i used was wrong or something else

was this a joke? why not go into Enter-PSSession, and run commands on LAN computers?

Share Your Thoughts

  • Hot
  • Latest