Category: Powershell


# Try without doing anything bad

Stop-Computer -WhatIf

# Stop the local computer

Stop-Computer

# Try without doing anything bad on multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’ -whatif

# Stop multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’

Advertisements

To create a registry value remotely:

Example:

PS D:\> enter-pssession -computername server.mydomain.local
[server.mydomain.local]: PS C:\Users\admin\documents> set-itemproperty -path HKLM:\System\CurrentControlSet\Services\NTDS\Parameters -Name “Maximum Audit Queue Size” -value 0x61a8
[server.mydomain.local]: PS C:\Users\admin\Documents> exit-pssession

Links:

https://www.computerperformance.co.uk/powershell/registry/

https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/10/use-powershell-to-create-new-registry-keys-on-remote-systems/

https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

Windows Admin Center:

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

https://blogs.technet.microsoft.com/servermanagement/2018/04/12/windows-admin-center-formerly-project-honolulu-is-now-generally-available/

https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/

Installation:

You can install Windows Admin Center on the following Windows operating systems:

Version Installation Mode
Windows 10 (1709) Desktop mode
Windows Server, version 1709 Gateway mode
Windows Server 2016 Gateway mode

Desktop Mode: Connect to the Windows Admin Center gateway from the same computer on which it’s installed (for example, https://localhost:6516)

Gateway Mode: Connect to the Windows Admin Center gateway from a client browser on a different machine (for example, https://servername)

Deciding which protocol to use for which service

The key distinguishing factor for our service will be found in the URL of the resource… If our URL looks like X, then it is a Y service, and you use Z tool to get to it

URL Service Type Cmdlet
Ends in .asmx or ?WSDL SOAP New-WebServiceProxy
Contains API, especially api/v2 REST Invoke-RESTMethod
Ends in .php PHP/Form Invoke-WebRequest

REST v. Soap, whats the difference?

Both REST and SOAP are simply methods of accessing information presented via web services. It will suffice to say that REST is now in vogue, and is generally believed to be easier to use and manage than SOAP, which tends to be a bit heavier on XML.

“A nice analogy for REST vs. SOAP is mailing a letter: with SOAP, you’re using an envelope; with REST, it’s a postcard. ”

Resources:

https://www.codeproject.com/Tips/794949/Query-Webservices-with-Powershell

Working with Web Services, SOAP, PHP and all the REST with PowerShell

PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

The goal of PowerShell Core is to remain as compatible as possible with Windows PowerShell. PowerShell Core uses .NET Standard 2.0 to provide binary compatibility with existing .NET assemblies

Microsoft will not replace the standard PowerShell by PowerShell Core. Both will coexist side by side until further notice.

powershell

pwsh

https://docs.microsoft.com/en-us/powershell/scripting/whats-new/what-s-new-in-powershell-core-60?view=powershell-6

Installing PowerShell core:

https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-windows?view=powershell-6

https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-linux?view=powershell-6

 

PowerShell remoting with SSH:

https://docs.microsoft.com/en-us/powershell/scripting/core-powershell/ssh-remoting-in-powershell-core?view=powershell-6

========================================================================================

How to use SFTP (and SSH) with Powershell?

http://www.powershellmagazine.com/2014/07/03/posh-ssh-open-source-ssh-powershell-module/

https://github.com/darkoperator/Posh-SSH

or Using WinSCP: http://winscp.net/eng/docs/library_powershell#using_from_powershell

Else other:

SFTP powershell snap-in: http://www.k-tools.nl/index.php/download-sftp-powershell-snap-in/

and paying software: http://www.powershellserver.com/download/

 

example of code using POSH SSH to use SFTP for secure file transfer (certified working! ;)))

$sftpUser = “myaccount”
$sftpServer = “103.x.y.z”
$LocalFile = “d:\data\filetoupload.txt”
$sftpPass = ConvertTo-SecureString -String “ttIJP0YPuPS6” -AsPlainText -Force
$sftpCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $sftpUser, $sftpPass
$sftpSession = New-SFTPSession -ComputerName $sftpServer -Credential $sftpCred

Set-SFTPFile -SFTPSession $sftpSession -LocalFile $Localfile -RemotePath “/tmp/mydirectory/” -Overwrite

 

 

Reference: https://thehackernews.com/2018/03/kali-linux-hacking-windows.html

Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application:

First install the Linux subsystem and restart:

You can even do the same by opening PowerShell as Administrator and running the following command and restart your computer.

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

 

 

Reference: http://support.microsoft.com/kb/318785

Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment.

Free program called .NET Version Detector ( download here ).

PowerShell: how to get version of .net framework on a remote computer: https://gallery.technet.microsoft.com/scriptcenter/Detect-NET-Framework-120ec923

To query the local Registry using PowerShell, execute the below command in an elevated PowerShell session.

(Get-ItemProperty ‘HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full’  -Name Release).Release

You can then use the table below to reference the installed version of .NET. For instance, if the returned value is 379893, then .NET 4.5.2 is installed.

Full article:

https://blogs.technet.microsoft.com/askpfeplat/2017/12/04/simple-powershell-network-capture-tool/

Topic #1: What is the purpose of this tool as opposed to other tools available?

This certainly should be the first question. This tool is focused toward delivering an easy to understand approach to obtaining network captures on remote machines utilizing PowerShell and PowerShell Remoting.

I often encounter scenarios where utilizing an application such as Message Analyzer, NETMON, or Wireshark to conduct network captures is not an option. Much of the time this is due to security restrictions which make it very difficult to get approval to utilize these tools on the network. Alternatively, it could be due to the fact that the issue is with an end user workstation who might be located thousands of miles from you and loading a network capture utility on that end point makes ZERO sense, much less trying to walk an end user through using it. Now before we go too much further, both Message Analyzer and Wireshark can help on these fronts. So if those are available to you, I’d recommend you look into them, but of course only after you’ve read my entire post.

Topic #2: Where can I get this tool?

https://gallery.technet.microsoft.com/Remote-Network-Capture-8fa747ba