Powershell basics

MSF power shell has the same capabilities as the command prompt. Powershell runs on bash scripting, however, it uses a different syntax language. There are two main differences between PowerShell and PowerShell ISE. The ISE is an ide text editor you can load, run, and make scripts in. Powershell is very similar to a Linux terminal. Ls and cat work. However, Powershell works by not returning text in the ide. It returns something called an object.

For example, when using the ls command to display files, PowerShell returns with an object.

In objects, there is something called properties

Properties include

Piping commands allows you to streamline commands and automate commands in a multi-use fashion.

This is done by doing command-1 | command-2

This is saying that you want to pipe the result of command 1 to command 2. This is convenient and powerful for useful for automating tasks.

Examples of this would be ls | format-list

This would then return the LS objects into text and list all of the properties of the files.

Get-process

When running get-process this is all of the processes that are running on the computer. This is extremely similar to Task Manager, however, you can hide certain processes from Task Manager which will list all of them.

Measure

When using the measure command you can have Powershell count the amount of something that will be displayed.

An example would be LS | Measure

Where-object

This command allows you to find an object, you can specify this by adding variables and attributes to the properties.

Where-Object

[-InputObject <PSObject>]

[-Property] <String>

[[-Value] <Object>]

[-EQ]

[<CommonParameters>]

This allows you to see the returned objects for a block statement that is true.

{$_.}

The $_ is saying that everything under the condition look for, every object that is available look at it and for it.

The . Is just saying to Powershell that you want to access on of the deeper properties of Powershell.

Where allows you to limit the objects down to just what you want them to look like and wear at.

This is say list all the files where the extensions end in a .txt document. The syntax for this is {$_.} This allows you to write the condition. Then it lists the Extension to look at then for equals you put .eq with the extension for it to look at.

To break this down, you would be trying to get the process running on your PC and then where is the pointed object. Then everything goes into {$_.} You are then looking at the CPU process, and then the gt is saying GET anything greater than anything using the CPU for longer than 20 seconds.

For more syntax, MSF has a sheet and an 8,000-page-long pdf.

Get-P

Sort

This is similar to where however this is just telling you to sort it by the condition that you set it to.

This is telling you to sort the process by ID

References

PowerShell Documentation - PowerShelldocsmsft

Get-Process (Microsoft.PowerShell.Management) - PowerShellMicrosoftLearn