PowerShell for Pentesters Part 3: Functions and Scripting with PowerShell
Introduction
The more we advance in our articles, the more we notice the power of PowerShell, and that impression will only increase as we move forward.
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
In this article, we will try to focus on Scripting and Functions with PowerShell.
Functions with PowerShell
As we've seen for all concepts with PowerShell so far, functions are also very simple to use.
To use them, all you have to do is to use the following syntax:
function [<scope:>]<name> [([type]$parameter1[,[type]$parameter2])]
{
param([type]$parameter1 [,[type]$parameter2])
dynamicparam {<statement list>}
begin {<statement list>}
process {<statement list>}
end {<statement list>}
}
It can be very simple or very complex, depending on the context.
Now let's discover how to use functions with PowerShell. We'll begin with a simple function: multiplying 4 by 3.
Figure 1: Simple function with PowerShell
It can also be used with arguments by using the object $args as an array, and the positions will simply represent the order of arguments that we will get from the user. We can see this in the following screenshot:
Figure 2: Exploiting functions with arguments
We can also use named parameters as following:
Figure 3: Exploiting named parameters in functions with PowerShell
There is also a very interesting feature with parameters. We can monitor the type of parameters that are parsed.
In the following example, we will try to filter and permit only integer parameters to be parsed. Anything else will launch an exception.
Figure 4: Manipulating type with functions
Don't forget: I'm only presenting to you the basics needed, but there's a lot of things you can discover for yourself, especially when using advanced functions like parameters and attributes or working with parameter validation. We'll discuss some examples later.
Scripting with PowerShell
Now, let's talk a little bit about scripting with PowerShell. But before we began to write some scripts directly, let's talk about how Microsoft is protecting our systems from malicious scripts.
There's a very interesting concept that we can found on scripts' execution security policy which Microsoft calls the execution policy. The execution policy is part of the security strategy of Windows PowerShell.
It determines whether you run scripts or not, and it also determines which scripts, if any, must be digitally signed before running it.
You can get the current execution policy by using the following command:
Figure 5: Result of Get-ExecutionPolicy Command
There are multiple execution policies that can be exploited. Per Microsoft's own documentation:
Figure 6: Execution policies set in PowerShell
You can change the default policy by using the following command : Set-ExecutionPolicy <policy>.
Figure 7: Set-ExecutionPolicy result
Now that we've set our execution policy to a mode that makes us able to execute scripts, let's attack this. (Yes, I'm excited to finish this part and attack pentest use cases!)
You can write scripts with a simple notepad or you can exploit the scripting interface of PowerShell, which is the PowerShell Integrated Scripting Environment (ISE). This is present by default.
And yes, my friends, it will be very useful to us!
Figure 8: PowerShell ISE
The most important things are the following points:
- Scripting Area
- PowerShell Interpreter
- Existing Commands (it can also be filtered)
Now, you can write a simple script and executing with the green Execute button:
Figure 9: Executing script using execute button
Or save it and execute using command line, like the following screenshot:
Figure 10: Executing script using command line
Now, you can do whatever you want with whatever we discovered. And together, we will discover awesome use cases and scenarios with the following articles and pentest use cases.
Use Case with Scripts and Functions
Here's a simple script that will make us able to kill a specific process, based on a parameter which is the PID of the process that we want to kill.
Figure 11: Script of the use case
Figure 12: Result of the script
Conclusion
Of course, this is still just the beginning. In the next few articles we will discuss advanced situations, use cases, best practices and more.
Become a Certified Ethical Hacker, guaranteed!
Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.
Brace yourself — the best is coming!
In this Series
- PowerShell for Pentesters Part 3: Functions and Scripting with PowerShell
- Intelligence-led pentesting and the evolution of Red Team operations
- Red Teaming: Taking advantage of Certify to attack AD networks
- How ethical hacking and pentesting is changing in 2022
- Ransomware penetration testing: Verifying your ransomware readiness
- Red Teaming: Main tools for wireless penetration tests
- Fundamentals of IoT firmware reverse engineering
- Red Teaming: Top tools and gadgets for physical assessments
- Red teaming: Initial access and foothold
- Top tools for red teaming
- What is penetration testing, anyway?
- Red Teaming: Persistence Techniques
- Red Teaming: Credential dumping techniques
- Top 6 bug bounty programs for cybersecurity professionals
- Tunneling and port forwarding tools used during red teaming assessments
- SigintOS: Signal Intelligence via a single graphical interface
- Top tools for mobile android assessments
- Top tools for mobile iOS assessments
- Red Team: C2 frameworks for pentesting
- Inside 1,602 pentests: Common vulnerabilities, findings and fixes
- Red teaming tutorial: Active directory pentesting approach and tools
- Red Team tutorial: A walkthrough on memory injection techniques
- Python for active defense: Monitoring
- Python for active defense: Network
- Python for active defense: Decoys
- How to write a port scanner in Python in 5 minutes: Example and walkthrough
- Using Python for MITRE ATT&CK and data encrypted for impact
- Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol
- Explore Python for MITRE ATT&CK command-and-control
- Explore Python for MITRE ATT&CK email collection and clipboard data
- Explore Python for MITRE ATT&CK lateral movement and remote services
- Explore Python for MITRE ATT&CK account and directory discovery
- Explore Python for MITRE ATT&CK credential access and network sniffing
- Top 10 security tools for bug bounty hunters
- Kali Linux: Top 5 tools for password attacks
- Kali Linux: Top 5 tools for post exploitation
- Kali Linux: Top 5 tools for database security assessments
- Kali Linux: Top 5 tools for information gathering
- Kali Linux: Top 5 tools for sniffing and spoofing
- Kali Linux: Top 8 tools for wireless attacks
- Kali Linux: Top 5 tools for penetration testing reporting
- Kali Linux overview: 14 uses for digital forensics and pentesting
- Top 19 Kali Linux tools for vulnerability assessments
- Explore Python for MITRE ATT&CK persistence
- Explore Python for MITRE ATT&CK defense evasion
- Explore Python for MITRE ATT&CK privilege escalation
- Explore Python for MITRE ATT&CK initial access
- Top 18 tools for vulnerability exploitation in Kali Linux
- Explore Python for MITRE PRE-ATT&CK, network scanning and Scapy
- Kali Linux: Top 5 tools for social engineering
- Basic snort rules syntax and usage [updated 2021]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Penetration testing
Intelligence-led pentesting and the evolution of Red Team operations
Penetration testing
Red Teaming: Taking advantage of Certify to attack AD networks
Penetration testing
Penetration testing
Ransomware penetration testing: Verifying your ransomware readiness