Scripting for the Aspiring Hacker (Windows PowerShell)
As you know, I firmly believe that to be a true professional hacker, you need to be proficient in Linux. This is for a number of good reasons.
Most hacker tools are developed in Linux (well over 90 percent).
Linux offers us greater granularity of control.
The
terminal in Linux gives us complete control over the operating system,
unlike cmd.exe in Windows that has only limited capabilities.
Most
importantly, Linux is open source and transparent. That means that we
can actually see the source code and manipulate the operating system to a
far greater degree than the closed source and opaque Windows operating
system.
In recent years, Microsoft seems have gained
religion is terms of the advantage of the command line and terminal in
Linux. They now seem to understand the strengths and advantages of the
command line, and as a response, introduced the Windows PowerShell.
PowerShell BackGround
Microsoft
had recognized the limitations of their cmd.exe as early as the 1990s
and attempted to remedy it with a bunch a workarounds. In 2002,
Microsoft released a whitepaper on a product that was under development
called MONAD, or Microsoft Shell. Eventually, Windows PowerShell was
released as an add-on in 2007 and Windows PowerShell 2.0 was fully
integrated into Windows 7 and Windows Server 2008 and all Windows
operating systems since. Windows PowerShell borrows much from the
Linux environment including many Linux commands. It also includes the
ability to pipe commands and link commands into a script. With
PowerShell capability, Windows becomes a more powerful hacking
platform, but until Microsoft makes its source code open source (don't
hold your breath), Linux will still be the operating system of choice
for hackers. All that having been said, we should still explore
and become familiar with the Windows PowerShell for when the Windows
platform is appropriate, such as when using Cain and Abel and some of the other hacking tools developed for Windows.
Cmdlets
One
of the key differences between Windows PowerShell and the BASH shell in
Linux is that Microsoft has developed cmdlets (command lets) for
PowerShell. They cmdlets are essentially single commands that accomplish
sometimes more complex tasks similar to functions. These cmdlets take
the form of verb-noun, such as "get-help".
Step 1Open Powershell
Most
system administrators and users are unaware that beneath that familiar
Windows GUI lurks a powerful tool and engine for manipulating Windows.
You can get to it by typing "powershell" into the search window at the
Start or Windows button and click on "PowerShell". When it opens, you should get a screen that looks like this.
Step 2Get Help
Once
we have the PowerShell terminal open, the first thing we want to
explore is how we get help. PowerShell has a cmdlet for that called,
unsurprisingly, "get-help".
When
we type "get-help", we receive the help screen like that above.
Microsoft has aliased this cmdlet so that "help" and the Linux command "man" accomplish the same thing.
Step 3Context Sensitive Help
In Windows
PowerShell, you can use "get-help" followed by the cmdlet to see the
manual page. Let's get the manual page for a cmdlet named
"Write-Output".
> get-help Write-Output
You
can see that PowerShell returns us a manual page for the cmdlet,
"Write-Output". As I mentioned above, "man" and "help" will both pull up
the same context-sensitive information.
Step 4Run the Same Commands as Linux
Microsoft,
recognizing that Linux system administrators are more accustomed to
working from the command line and to encourage them to adopt and use the
PowerShell, aliased many of the most common Linux commands into its
PowerShell. For instance, I can use the Windows command "dir" and the Linux command "ls" to get a directory listing in PowerShell.
Some of the other Linux commands that are available in PowerShell, include but aren't limited to the following.
grep
cat
ps
mv
rm
echo
pwd
kill
export
Step 5Use the Integrated Scripting Environment
To
create a script in PowerShell, similar to Linux, you can use Notepad or
other text editor such as Notepad++. In addition, PowerShell comes with
a Integrated Scripting Environment (ISE) that we can use. There
are numerous ways to get into the ISE, but probably the simplest is to
create a file, right-click on it, and choose "Edit". In this case, I
created a file in Notepad called "Helloworld.ps1". This will open the
PowerShell ISE like that below.
Step 6Hello World
When
starting out in ANY programming language, it's requisite to write the
ubiquitous "Hello World" program. We are not going to deviate from that
path and we will create our own "Hello World" script here. With the ISE open, we can type:
Write-Output "Hello World"
Just
like in the Linux terminal, we enclose the string "Hello World" in
double quotation marks to indicate that we want the string literals to
be output (meaning we want these human language words and not computer
commands). We can run this script by either opening the PowerShell
and navigating to this file and running Helloworld.ps1 or clicking on
the green arrow on the ISE with the script open.
Comments
Post a Comment