Practical PowerShell Programming for Professional People - Extended Edition

Practical PowerShell Programmingfor

Professional People

Ben Ten(@Ben0xA)

Slides: http://www.slideshare.net/BenTen0xA

BSidesDFW 2014

Practical PowerShell Programming for Professional PeopleBSidesDFW - Ben Ten (@Ben0xA)

About Me

Ben Ten (0xA)@Ben0xA - twitter

Chicago - #burbsecSecurity ConsultantDeveloperPoshSec Framework Developer / CreatorGamerGeek

About Me

SecurityFail

About Me

Overview

● Languages and Development● PowerShell Scripting

● PowerShell Modules● ActiveDirectory

● Resources● Q&A

} 2nd Hour

1st Hour

Overview

Feel free to interrupt and ask questions!

Languages and Development

Before we begin, a bit of a primer!

● Styles of Coding● Syntax● Getting Help● Starting Out

Styles of Coding/Scripting/Development

● Novice● Avid Scripter● Full Time Developer● Code Monkey

Styles of Coding/Scripting/Development

● Novice● Avid Scripter● Full Time Developer● Code Monkey

Syntax

syn•tax (sĭn tăks ) – the rules that govern ˈ ˌhow a script, or program, is developed in a given language.

Syntax

White Space, parens (), commas, periods, quotes (“ vs '), tabs, braces [], curly brackets {}, colons :, semi-colons ;, all play an integral part in the syntax of a language!

Getting Help!

RTF Manual/Docs/Reference

Often times, the documentation will have an answer for what you are trying to accomplish. *NOT ALWAYS THOUGH*

Getting Help!

Interactive Help

● ?● F1● Intellisense (Ctrl+Space)● Get-Help

Getting Help!

Search Engines FTW!

Google is not the end all in searches. For Development I prefer DuckDuckGo!

https://duckduckgo.com

PowerShell

Overview

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework.

PowerShell

Overview

PowerShell was designed by :● Jeffrey Snover (@jsnover)● Bruce Payette (@BrucePayette)● James Truher

Initial release was November 14, 2006

PowerShell

Overview

PowerShell is a part of the Windows Management Framework. WMF 5.0 was released on April 3, 2014.

For today's scripting we will be using WMF 3.0.

PowerShell

You will need:

● Windows Management Framework 3.0● Microsoft .NET Framework 4.5● Text Editor (your choice)

● Sublime Text http://www.sublimetext.com/

● Komodo Edit http://komodoide.com/komodo-edit/

● PowerShell ISE (comes with WMF)

PowerShell

File Name Extensions

.ps1 – Script Files

.psm1 – Script Module Files

.psd1 – Script Manifest Files

.ps1xml – Formatting and Type Files

.dll - Cmdlet and Provider Assemblies

PowerShell

Cmdlets, Functions, and Scripts Oh My!

From a functional standpoint, cmdlets, functions, and scripts are practically the same.

They are a way to call a specific block of code.

PowerShell

Cmdlet:

Written in a compiled .NET language.Easier to deploy.Help files are easier to write.Has support for parameter validation.

PowerShell

Function:

Written in a PowerShell language.Has to be deployed with a library.Help is written inside the function.Parameter validation has to be done in the function itself.

PowerShell

Script:

Written in a PowerShell language.Is invoked by calling the .ps1 file.Deployed by itself or in a manifest file.Can contain functions.

PowerShell

Set-ExecutionPolicy

Before you can run your custom scripts you have to set the ExecutionPolicy to RemoteSigned.

In PowerShell type:Set-ExecutionPolicy RemoteSigned

PowerShell

HelloWorld.ps1

Enough of the primer! Let's get coding!

This is where you code along with me if you can!

HelloWorld.ps1

Variable(s):

a symbolic name associated with a value and whose associated value may be changed.

HelloWorld.ps1

Hard-Coded:

Typing the value directly into your script. Our “Hello World” text was hard-coded.

HelloWorld.ps1

PowerShell Variables:

A PowerShell variable is defined with the dollar sign $ followed by the name of the variable.

For example: $message is a variable.

HelloWorld.ps1

PowerShell Variables:

Let's rewrite our HelloWorld.ps1 to use a variable $message with our text “Hello World”.

HelloWorld.ps1

Strong vs Weak Typing:

$a = 1 weak type[int]$a = 1 strong type

[String]$a = “1”

HelloWorld.ps1

Quotes! Single vs Double

Double Quotes (“) will attempt to resolve any variables before anything is printed to the screen.

Single Quotes (') will print exactly what is typed between the quotes.

HelloWorld.ps1

Backtick `

The backtick, or grave accent, is a special escape character. This means that you want the next character to be printed and not interpreted in anyway.

HelloWorld.ps1

Getting Input

Write-Output is great. But how do you get information from a user?

Read-Host

Getting Input

Conditional Logic

A Condition is:

a feature of a programming language which perform a different set of computations or actions depending on whether a programmer-specified boolean condition evaluates to true or false.

Conditional Logic

A Condition is:

Is the stop light is green? Keep going.Is the stop light is red? Stop.Is the stop light is yellow? Floor it!!!!

Conditional Logic

A Condition expressed:● If - Beginning of the condition.● Else - Evaluates only if preceding condition(s)

is(are) false.● ElseIf – Evaluates if preceding condition(s)

is(are) false with a new condition.

● Switch – Multiple conditions for a single variable or object.

Conditional Logic

A Conditional Operator:

-and = both conditions must be true.

-or = only one of the conditions must be true.

Conditional Logic

-eq = Equals-lt = Less Than-gt = Greater Than-ne = Not Equal-ge = Great Than or Equal-le = Less Than or Equal

Conditional Logic

-Like-NotLike-Match-NotMatch-Contains-NotContains

-In-NotIn-Replace

Conditional Logic

Operator Precedence:

When operators have equal precedence, Windows PowerShell evaluates them from left to right. The exceptions are the assignment operators, the cast operators, and the negation operators (!, -not, -bnot), which are evaluated from right to left.

Conditional Logic

Operator Precedence:

You can use enclosures, such as parentheses, to override the standard precedence order and force Windows PowerShell to evaluate the enclosed part of an expression before an unenclosed part.

Conditional Logic

Parameters

A Parameter is:

A variable that allows you to pass an object to a Cmdlet, Function, or Script.

Get-ChildItem

Parameters

Get-Help Get-ChildItem

Get-ChildItem [[-Path] <String[]>] [[-Filter] <String>] [-Exclude <String[]>[-Name] [-Recurse] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>

Get-ChildItem [[-Filter] <String>] [-Exclude <String[]>] [-Force] [-Include-LiteralPath <String[]> [-UseTransaction [<SwitchParameter>]] [<CommonParame

Get-ChildItem [-Attributes <FileAttributes]>] [-Directory] [-File] [-Force][-UseTransaction] [<CommonParameters>]

Parameters

Objects vs Text

PowerShell is Object Based.

Even if you see text on the screen, that text is actually a “String” object.

You can access the members of the object using the . operator after the variable name.

Objects vs Text

Piping

Piping is:

a way of moving something, unchanged, from one place to another.

Piping

Piping is represented by the | (pipe) character.

A pipe takes the object from the left side and passes it to the right side.

Note: When passing to another cmdlet, $_ is used to reference the passed object.

Piping

Loops:

A way to perform the same block of code for a specific number of times, until a specific condition is met, or while a specific condition exists.

Loops:

● ForEach● ForEach-Object● For● While● Do While● Do Until

Comments

Comments are defined by the # symbol.Block comments are enclosed with <# and #>.

.SYNOPSIS

.DESCRIPTION

.PARAMETER

.EXAMPLE

Comments

Putting it all Together

The final script!

Requirements:● Search all files.● Find the ones that were modified in a specific date range.

● Create a list of those files and display them.

Short Break!

Be back in 10 minutes!

Add Parameters for Date

Use Param () block to Add Parameters.

Get-Help about_Parameters

Param([Parameter(Mandatory=$true)]

[Date]$FromDate,)

PowerShell

Module

Making Changes to Modules

● Must use -Force parameter when using Import-Module for a module that is already loaded into the session.

Import-Module -Force

Module

Note on Compiled Modules (DLLs)

● You can not import a compiled module in an active PowerShell RunSpace after it was already imported.

● You have to close the RunSpace and open it again.

File I/O

Get-Content <filename>

● Export-CliXML, Export-Csv, Export-FormatData

● Out-File, Out-Csv, Out-Data

File I/O

Let's create a script that will read each line of a CSV file, and write out only the first delimited column.

ActiveDirectory

ActiveDirectory PowerShell Module● Available in the RSAT● Comes Standard on Server (2008, 2012)

● Windows 8 Note: Must use pkgmgr to install the .cab file.

ActiveDirectory

Yes, you can do this the hard way...

Here's an example.

ActiveDirectory

But why do it the hard way?

Get-Command -Module ActiveDirectory

135 Commands!

ActiveDirectory

Get-AdUser

● Query the domain controller.

● Get-Help Get-AdUser

ActiveDirectory

New-ADUser

● Adds a new user to the domain.

● Disabled by default!

ActiveDirectory

New-ADUser

● We can add a user with very few parameters, but that user is not “usable”.

● Need -DisplayName -SAMAccountName

ActiveDirectory

Remove-ADUser

● Uses the DN to remove the specified user.

● Remove-ADUser “CN=Ben Ten,CN=Users,DC=dfw,DC=local”

Final Script

Take what you have learned and write a PowerShell Function called Import-Users

● Imports Users from csv file Users.txt● Must force Password Reset

Error Handling

Try / Catch / Finally Blocks are used to catch exceptions.

Try { } Catch [Type] { } Finally { }

Error Handling

ErrorVariable / ErrorAction are also used but in a different way.

Get-Help about_CommonParameters

Do-Something -ErrorVariable $err -ErrorAction [Continue | Ignore | Inquire | SilentlyContinue | Stop]

Homework

Go back to your Import-User function. Add Error Handling for when:

1. The DC is not responding.2. The line you are trying to import is not delimited correctly.3. The user already exists.

Pitfalls

Don't overuse the Pipe! Not everything has to be done in a single line.

It's more important that you understand the code before you try to condense it to a single line.

Pitfalls

With Loops, start small then open the valve all the way!

You can get more than you wanted, or get stuck in an endless loop.

Especially true when doing File operations!

Resources

Freenode (irc.freenode.net)#PowerShell, #pssec, #poshsec channels.

Learn Windows PowerShell in a Month of Lunches ~ Don Jones

Carlos Perez – PowerShell Workshop at BSidesDFW.

Resources

PoshSec – https://github.com/PoshSecPoshSec Framework

PowerSploit – https://github.com/mattifestation/

Posh-SecMod – https://github.com/DarkOperator/

Resources

http://www.slideshare.net/BenTen0xA/

practical-powershell-programming-for-professional-people

Resources

http://www.slideshare.net/BenTen0xA/

practical-powershell-programming-for-professional-people

Matt Johnson (mwjcomputing)

Follow these People!

@mwjcomputing@securitymoey@jaysonstreet@BSidesDFW@tonikjdk@darkoperator@mattifestation@obscuresec@harmj0y

Contact - Q&A

Ben Ten (0xA)@Ben0xA - twitterhttp://ben0xa.comhttps://poshsec.orgweb@ben0xa.comBen0xA – LinkedIn, Github, keybase, etc.

irc.freenode.net#burbsec, #poshsec, #pssechttp://www.slideshare.net/BenTen0xA

QUESTIONS?!

Thank You!

Practical PowerShell Programming for Professional People - Extended Edition

Technology

Windows Powershell Windows Server 2012. Índice Powershell Powershell Powershell 3.0 Powershell 3.0 Powershell en Windows 8 / 2012 Powershell en Windows

POWERSHELL SHENANIGANS LATERAL MOVEMENT WITH POWERSHELL KIERAN JACOBSEN READIFY

Go Further: A practical guide to extended science projects

Section 6: Using Windows PowerShell to Manage Group Policy Introducing Windows PowerShell Windows PowerShell Library for Group Policy Windows PowerShell-Based

Practical Accounting in Content-Centric Networking (extended version)

EXTENDED REPORT A practical approach to measuring …bjo.bmj.com/content/bjophthalmol/88/9/1191.full.pdf · EXTENDED REPORT A practical approach to measuring the visual field component

Automation Azure with PowerShell - files.informatandm.comfiles.informatandm.com/...with_PowerShell_Beyond_the_Azure_PowerShell... · #ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM PowerShell

Windows Powershell 3 - Netz-Weise€¢Powershell-ISE •Integration in ... Windows PowerShell •Workflows bestehen aus den Elementen ... • Don Jones –PowerShell Workflow: When

PS405: Windows PowerShell Tool Making for … Jones’ book on PowerShell Toolmaking. ... Windows PowerShell Tool Making for Administrators PowerShell Scripting and Tool Making is

PowerShell UIAtomation

Windows: H10 - PowerShell...Windows: H10 - PowerShell Pagina 4 van 30 Process Manipulation PowerShell Cmdlet PowerShell alias cmd.exe bash Purpose Get-Process gps, ps tlist, tasklist

(When you don’t have any $$$$) - Hampton Roads Sql ...hrssug.thecloudlyfe.com/wp-content/uploads/2016/11/FreeTools.pdf · PowerShell Extended Events Developer Edition Activity Monitor

Automation Using PowerShell - cdn.ttgtmedia.com · 328 CHAPTER 8 AUTOMATION USING POWERSHELL Installing the VMM PowerShell Cmdlets Even though the VMM PowerShell interface does not

PowerShell Saturday #009 (Singapore) - Azure + PowerShell

Weltner, Powershell

Practical, open-ended and extended investigative projects

Leseprobe „Windows PowerShell 5 und PowerShell Core 6“files.hanser.de/Files/Article/ARTK_LPR_9783446453319_0001.pdf · Leseprobe zu „Windows PowerShell 5 und PowerShell Core

Automate successfully with PowerShell 7...PowerShell 7 - Introduction Windows Linux macOS.NET Framework.NET Core Windows PowerShell 2006 - today PowerShell 7 2016 - today It’s open

Guida operativa di Comandi PowerShell per CA … ARCserve...Concetti relativi a PowerShell Capitolo 1: Introduzione 11 Concetti relativi a PowerShell Cmdlet di PowerShell Windows PowerShell

Introduction to PowerShell€¦ · Title: Introduction to PowerShell Author: Peter McEldowney Subject: PowerShell, Active Directory Keywords: powershell, power shell, active directory,