PowerShell – More than the command prompt

Use Netsparker

For this article you should thank Patrick Ogenstad and his comment on my post , because I did not know about PowerShell until he mentioned about it… so a white point for him =)
The parts that will follow are snippets from the Getting Started document that comes with it…


Windows PowerShell™ is a new Windows command-line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination.

Introducing Windows PowerShell

Most shells, including Cmd.exe and the SH, KSH, CSH, and BASH Unix shells, operate by executing a command or utility in a new process, and presenting the results to the user as text. Over the years, many text processing utilities, such as sed, AWK, and PERL, have evolved to support this interaction.
These shells also have commands that are built into the shell and run in the shell process, such as the typeset command in KSH and the dir command in Cmd.exe. In most shells, because there are few built-in commands.many utilities have been created.
Windows PowerShell is very different.

  • Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.
  • Windows PowerShell comes with a large set of built-in commands with a consistent interface.
  • All shell commands use the same command parser, instead of different parsers for each tool. This makes it much easier to learn how to use each command.

Best of all, you don’t have to give up the tools that you have become accustomed to using. You can still use the traditional Windows tools, such as Net, SC, and Reg.exe in Windows PowerShell.

Windows PowerShell Cmdlets

A cmdlet (pronounced “command-let”) is a single-feature command that manipulates objects in Windows PowerShell. You can recognize cmdlets by their name format — a verb and noun separated by a dash (-), such as Get-Help, Get-Process, and Start-Service.

In traditional shells, the commands are executable programs that range from the very simple (such as attrib.exe) to the very complex (such as netsh.exe).

In Windows PowerShell, most cmdlets are very simple, and they are designed to be used in combination with other cmdlets. For example, the “get” cmdlets only retrieve data, the “set” cmdlets only establish or change data, the “format” cmdlets only format data, and the “out” cmdlets only direct the output to a specified destination.
Each cmdlet has a help file that you can access by typing:

get-help -detailed

The detailed view of the cmdlet help file includes a description of the cmdlet, the command syntax, descriptions of the parameters, and example that demonstrate use of the cmdlet.

…and more

Besides the above mentioned things, powerShell also includes: a new scripting language (not the lame-ass batch), processes objects, object pipelines, interaction, etc. If you are interested take a look at microsoft.com/powershell

Once again thanks to Patrick….

Posted in: Secure Coding, Windows Hacking

, , ,

Latest Posts:

Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.

13 Responses to PowerShell – More than the command prompt

  1. SN July 11, 2007 at 4:23 pm #


  2. backbone July 11, 2007 at 5:30 pm #

    I know… It’s to awesome to have words to describe it =)

  3. Bogwitch July 12, 2007 at 7:29 pm #

    Wot no Win2K support?

  4. backbone July 12, 2007 at 8:42 pm #

    nope… microsoft never cared about backwards compatibility… X(
    anyway powershell was though for windows 2k8

  5. freyk July 16, 2007 at 7:16 am #

    I’ve compared powershell with cygwin.
    And i can now say that cygwin is more powerfull

  6. Bogwitch July 16, 2007 at 1:58 pm #

    Thanks freyk, I would have stuck with cygwin anyway due to the lack of 2k support, but that saves me investigating it for 2k3 up!

  7. backbone July 16, 2007 at 5:43 pm #

    freyk can you write a paper on your comparison? I’ll post it ;)

  8. lrbell July 16, 2007 at 6:53 pm #

    I think Powershell is better in a homogenous environment. I have written KSH BASH etc.. for 8 years, and LOVE IT, but actually having OBJECTS to pass around in Powershell is the HUGE difference maker.
    It all has to do with what you want to do.

    If the environment is Windows centric, then the Powershell is easily superior.
    If it is heterogeneous, then I would have to agree that Cygwin/Perl etc… ties the pieces together. Python has topped the list for me of late.

    It is the age old argument. It just depends on the task of the day, and the direction of the group.

    On that same note. Powershell is packaged with Exchange 2007 and also works with SQL 2005 SMO (SQL Management Objects).

    It also plays nicely with Sharepoint, Active Directory, and will be bundled with Server 2008.

    Also, I have found that rudimentary automation in Windows with Powershell can effectively cut out 80% lines of code.

    What takes me 200 lines in VB or Java, takes 20 lines in Powershell
    (It took MSFT until 2006 to get it going, vs. 30 yrs ago in UNIX LOL!!).

    freyk, please let me know what you found to be far superior in function, as I too am interested in knowing.

    BTW, Cross platform is a no brain-er.


  9. backbone July 16, 2007 at 11:45 pm #

    very interesting thing you point Irbell… i think that is very good to have ppl who are accomodated with powerShell to tell us some informative tips about it…. keep up the good commenting… ;)

  10. backbone July 27, 2007 at 11:51 pm #

    I wrote a comparison between bash and powershell for the ones who really want to see them compared in an non-subjective way =)


  11. Joaquin Menchaca July 30, 2007 at 5:05 pm #

    Considering only the Windows platform, you have a command shell that only works on certain Windows (no w2k), and doesn’t have raw ability to access important parts of OS needed for security and system administration (ACLs on pipes, services, drivers, etc.). So to get the job done, one will used Windows command console tools from 3rd parties, e.g. system internals group at MS, do stuff in C++, or well, just use Perl which has wrappers to a lot of these.

    In contrast to all the platforms, Powershell looks extremely resource intensive, and limited or cumbersome to program in certain areas. For example, short-circuit operations:

    command1 && command2 # do command2 if command1 succeeds

    And still, just piping objects is limited when you just want to get at the text:

    command | awk '{ do stuff }' # easy
    command | perl -a -e 'do stuff using $_ per line' # easy too
    command | write "strings using $_" # fails in power shell
    command | } # works, ugly

    Notes: Web Site Mangling my Code, cannot do ampersand squiggly “process” squiggly combination.

  12. lrbell July 30, 2007 at 5:39 pm #

    I am right there with you on a lack of backward compatibility, but upgrade and commence!

    Now this is just not accurate Joaquin;

    “And still, just piping objects is limited when you just want to get at the text”

    The absolute sweetest thing about PS is that beneath teh covers you are pass OBJECTS around.

    command | foreach {$_.getSomthing}

    works like a charm.
    Piping objects, not text.

    so, get-Process | foreach{$_.ID} will spit out all the PIDs for the procs running, ala “ps -ealf” in my beloved *NIX.

    Anything that is not a cmdlet can be cast to the .NET object of your choosing, and hence has the properties of said object.

    You can pipe a cmdlet to Get-Member and see the plethora of methods and properties associated with the object.

    For example;
    Get-Childitem | Get-Member will return all methods and props associated with a file or directory object.

    I do not mind the opinions, but be sure facts are straight to be fair.



  13. Sir Henry December 15, 2007 at 6:06 pm #

    I have found powershell to be vital when working in a windows environment, while being a linux user first. There is no better feeling that to have all the same tools and commands at your disposal when you absolutely have to use windows.