Out of the Box Survival, Part One: A Guide to PowerShell Basics
by Kris Occhipinti (Metalx1000)
I am primarily a Linux user.
So when I sit down at a computer, I'm used to having development tools at my disposal.
On most Linux machines, you are going to have interpreters for Bash, Python, and Perl already installed and ready to go. You will also, in many cases, have compiles for both C and C++ either already installed, or quickly installed, through the use of whichever package manager your distribution uses.
This is why I find it so frustrating to sit down at a Windows machine.
Microsoft Windows provides you with almost nothing of use when it come to development (or really anything for that matter). Although you can install interpreting tools such as Python, Perl, and even Bash, they aren't already there, out of the box, as they are on a Linux system.
In the past we have had to survive with tools such as batch files and VBScript scripts, which are both very limited to say the least.
Batch files are not very useful without implementing external tools, which also need to be installed as they are not distributed with Windows. And if you want to install a compiler, they are either overblown in size, giving you way more than a simple compiler, or they tend to be missing library and header files that you require.
It's important to have development tools if you are going to be doing anything of use on a computer beyond simple web surfing or document reading.
Whether you are working as IT for a living and just trying to get the system to automate tasks, or if you are up to no good and trying to do something malicious on a system quick and easy, it saves you a lot of headaches when the tools you need are already on the system and you don't have to go looking for them and installing them.
In my search to try and make Windows do something useful out of the box, I was very disappointed.
But in recent years, Microsoft has upped their game quite a bit. Since Windows Vista, Microsoft Windows has been packaged with PowerShell, which, as much as I dislike Microsoft (if you couldn't already tell), is pretty powerful.
I would not recommend someone learn to program in PowerShell because they want to learn to program.
There are way better tools for creating programs, and I recommend learning a language that has the ability to run on more than one platform (which is pretty much everything non-Microsoft). Definitely don't limit yourself by learning a restrictive language as your first language. But, if you are already familiar with programming but desire the power to be able to sit down at a Windows machine and just start typing and create something useful, PowerShell seems like the best option available at this time.
But do remember that this is a no go on anything prior to Windows Vista. So no Windows XP, even though there are plenty of those systems still out there.
When it comes to learning any programming language, there are a handful of things you need to learn off the bat. Once you learn these few basic things, you know 90 percent of what you are going to be doing over and over again.
Those basic things are:
- Output to the screen.
- Input from the user and storing that input to a variable.
- Writing to a file.
- Reading from a file.
- Sending and retrieving data from the Internet.
Beyond these few basic things, the majority of what you will be doing is manipulating the data you get from the user, file, or Internet.
Today my goal is to teach you these basics so you can get going with creating your own tools and scripts.
Let's first look at sending output to the screen for the user to see. This, of course, is the classic "Hello World" program.
As with most languages this is fairly simple when it comes to printing the words in a terminal.
Write-Host "Hello World" |
PowerShell allows for some more advanced GUIs, but you can also create basic dialog boxes.
Here is an example of that:
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | out-put null [System.Windows.Forms.MessageBox]::Show("Hello World!" , "Welcome") |
I think that is pretty straightforward and doesn't need much explaining.
First we load up our forms functions and then create a dialog box. Then you have your main message and a title for the box.
Let's now move on to getting input from the user.
First we'll look at getting text from the user in a terminal window:
$name = Read-Host 'What is your name?' $pass = Read-Host 'What is your password?' -AsSecureString |
Using the Read-Host function, you can post a message and then wait for the user input, while at the same time you can put the input into a variable, just as I did here when asking for the user's name.
Adding the "-AsSecureString" will hide the user's input as they type, which makes it nice for getting private data such as a password.
Let's look at that same example using the system's built in credential prompt screen:
$cred = $host.ui.promptforcredential('','','',''); $name = $cred.username; $password = $cred.getnetworkcredential().password; |
Or with a little more info added:
$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName + "\" + [Environment]::UserName,[Environment]::UserDomainName); $name = $cred.username; $password = $cred.getnetworkcredential().password; |
This is a little more complex than the "Hello World" GUI, but not by much.
Here you can see we are creating a dialog using the "PromptForCredential" function.
We are giving that dialog a title of "Failed Authentication", making the user believe that something has failed and that they need to re-enter their username and password - which we later place into variables.
Let's once again get input from the user and this time write that data into a file:
$name = Read-Host 'What is your name?' $name | out-file ".\name.log" |
Again, this is pretty straightforward.
We get the user's name and place it into a variable called $name and then we take that data and pipe it into the out-file function, which places the user's name into a file called name.log.
Since we now have data in a file, at some point we might want to be able to retrieve that data.
So let's do a simple file read with the Get-Content command.
Get-Content ".\name.log" |
This command will just get the data from the file - in this case the user's name - and display it to the screen.
If we wanted to store it into a variable for use later in our program, we can do that as well by issuing this command:
$name = Get-Content ".\name.log" Write-Host $name |
Here we have the Get-Content command reading the name.log, but this time placing all of the data from that file into a variable called $name.
Right after that, we are issuing the command to write that data to the screen.
Seems a little silly in this example, but can be very useful when creating a real script that has purpose.
Lastly, let's play with network connections and access the Internet.
A computer these days is pretty much useless without the Internet.
If you want to be able to send or retrieve information from a server that you or someone else has set up, you are going to need to know how to script it out. Whether it's as a system admin trying to scan a system and retrieve data remotely, or as an unauthorized user trying to scan a system and retrieve data remotely, the ability to do this with tools that are already on the system is a relief.
Let's look at just downloading a file for now.
We can do it in just a few lines of code:
$webclient = New-Object System.Net.WebClient $webclient.DownloadFile("http://i.ytimg.com/vi/iDpwKiRKmZc/0.jpg","downloaded.jpg") |
Normally, I would have stored the URL and the file name into variables first, but I wanted to keep this as short as possible for you.
We have two lines.
The first is creating a new WebClient object.
The second is using that object to download a JPEG and save it to a file locally.
Here we are downloading an image, but we can download any type of file. It could even be other tools you need for your script.
So, even if PowerShell doesn't meet all of your needs, you can use it to quickly get all of the tools you do need (although I do suggest using as many built-in tools as possible).
There is much more I want to show you.
I want to show you how to put all of this into scripts and work around Microsoft's poor security on how these scripts run. I want to show you how to get PowerShell scripts from a remote server and run them in RAM without touching the hard drive. I also want to show you how to package these script into an EXE file for easy execution.
I plan on expanding on these and other PowerShell abilities in future submissions.
This is all for now.
Enough to get you started playing with PowerShell.
For more programming tips check out: filmsbykris.com.
A hacker makes the most out of what they have.
They take the technology that is in front of them and change it, recreate it, and repurpose it to solve the problems they face.
In the case of Windows OS, tools are limited on a default install. Learn what is available. Use those tools to their fullest and beyond.
Become comfortable with them so that you know you can sit down at a machine and know that you can make it do whatever you want without anything but a keyboard. No need to copy or install excess garbage. Keep it light.
Like a ninja, go unnoticed, because you are just using the system and its own tools.