PowerShell Background

PowerShell is the successor to command.com, cmd.exe and cscript. Initially released as a separate download, it is now built in to all modern versions of Microsoft Windows. PowerShell syntax takes the form of verb-noun patterns implemented in cmdlets.

PowerShell cmdlets can be called from cmd.exe by typing:

C:\> powershell -c "<command>"

Get a directory listing (ls, dir, gci):

PS C:\> Get-ChildItem

Copy a file (cp, copy, cpi):

PS C:\> Copy-Item src.txt dst.txt

Move a file (mv, move, mi):

PS C:\> Move-Item src.txt dst.txt

Find text within a file:

PS C:\> Select-String –path c:\users\*.txt –pattern password
PS C:\> ls -r c:\users\*.txt -file | % {Select-String -path $_ -pattern password}

Display file contents (cat, type, gc):

PS C:\> Get-Content file.txt

Get present directory (pwd, gl):

PS C:\> Get-Location

Get a process listing (ps, gps):

PS C:\> Get-Process

Get a service listing:

PS C:\> Get-Service

Formatting output of a command (Format-List):

PS C:\> ls | Format-List –property name

Paginating output:

PS C:\> ls –r | Out-Host -paging

Get the SHA1 hash of a file:

PS C:\> Get-FileHash -Algorithm SHA1 file.txt

Exporting output to CSV:

PS C:\> Get-Process | Export-Csv procs.csv

Conduct a ping sweep:

PS C:\> 1..255 | % {echo "10.10.10.$_";ping -n 1 -w 100 10.10.10.$_ | Select-String ttl}

Conduct a port scan:

PS C:\> 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("",$_)) "Port $_ is open!"} 2>$null

Fetch a file via HTTP (wget in PowerShell):

PS C:\> (New-Object System.Net.WebClient).DownloadFile("","nc.exe")

Find all files with a particular name:

PS C:\> Get-ChildItem "C:\Users\" -recurse -include *passwords*.txt

Get a listing of all installed Microsoft Hotfixes:

PS C:\> Get-HotFix

Navigate the Windows registry:

PS C:\> cd HKLM:\
PS HKLM:\> ls

List programs set to start automatically in the registry:

PS C:\> Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\run

Convert string from ascii to Base64:

PS C:\>[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("PSFTW!"))

List and modify the Windows firewall rules:

PS C:\> Get-NetFirewallRule –all
PS C:\> New-NetFirewallRule -Action Allow -DisplayName LetMeIn -RemoteAddress

Cmdlets are small scripts that follow a dashseparated verb-noun convention such as "Get-Process". Similar Verbs with Different Actions: - New- Creates a new resource - Set- Modifies an existing resource - Get- Retrieves an existing resource - Read- Gets information from a source, such as a file - Find- Used to look for an object - Search- Used to create a reference to a resource - Start- (asynchronous) begin an operation, such as starting a process - Invoke- (synchronous) perform an operation such as running a command

Parameters: Each verb-noun named cmdlet may have many parameters to control cmdlet functionality.

Objects: The output of most cmdlets are objects that can be passed to other cmdlets and further acted upon. This becomes important in pipelining cmdlets.

To get a list of all available cmdlets:

PS C:\> Get-Command

Get-Command supports filtering. To filter cmdlets on the verb set:

PS C:\> Get-Command Set*
PS C:\> Get-Command –Verb Set

Or on the noun process:

PS C:\> Get-Command *Process
PS C:\> Get-Command –Noun process

To get help with help:

PS C:\> Get-Help

To read cmdlet self documentation:

PS C:\> Get-Help <cmdlet>

Detailed help:

PS C:\> Get-Help <cmdlet> -detailed

Usage examples:

PS C:\> Get-Help <cmdlet> -examples

Full (everything) help:

PS C:\> Get-Help <cmdlet> -full

Online help (if available):

PS C:\> Get-Help <cmdlet> -online

Aliases provide short references to long commands.

To list available aliases (alias alias):

PS C:\> Get-Alias

To expand an alias into a full name:

PS C:\> alias <unknown alias>
PS C:\> alias gcm

Tab completion:

PS C:\> get-child<TAB>
PS C:\> Get-ChildItem

Parameter shortening:

PS C:\> ls –recurse

is equivalent to:

PS C:\> ls -r

Shows help & examples

PS C:\> Get-Help [cmdlet] -examples


PS C:\> help [cmdlet] -examples

Shows a list of commands

PS C:\> Get-Command


PS C:\> gcm *[string]*

Shows properties & methods

PS C:\> [cmdlet] | Get-Member


PS C:\> [cmdlet] | gm

Takes each item on pipeline and handles it as $_

PS C:\> ForEach-Object { $_ }


PS C:\> [cmdlet] | % { [cmdlet] $_ }

Searches for strings in files or output, like grep

PS C:\> Select-String


PS C:\> sls –path [file] –pattern [string]

Piping cmdlet output to another cmdlet:

PS C:\> Get-Process | Format-List –property name

ForEach-Object in the pipeline (alias %):

PS C:\> ls *.txt | ForEach-Object {cat $_}

Where-Object condition (alias where or ?):

PS C:\> Get-Process | Where-Object {$_.name –eq "notepad"}

Generating ranges of numbers and looping:

PS C:\> 1..10
PS C:\> 1..10 | % {echo "Hello!"}

Creating and listing variables:

PS C:\> $tmol = 42
PS C:\> ls variable:

Examples of passing cmdlet output down pipeline:

PS C:\> dir | group extension | sort
PS C:\> Get-Service dhcp | Stop-Service -PassThru | Set-Service -StartupType Disabled