Practical PowerShell Programming for Professional People - Extended Edition

Practical PowerShell Programmingfor

Professional People

Ben Ten(@Ben0xA)

Slides: http://www.slideshare.net/BenTen0xA

BSidesDFW 2014

Practical PowerShell Programming for Professional PeopleBSidesDFW - Ben Ten (@Ben0xA)

About Me

Ben Ten (0xA)@Ben0xA - twitter

Chicago - #burbsecSecurity ConsultantDeveloperPoshSec Framework Developer / CreatorGamerGeek


About Me


SecurityFail


About Me


Overview

● Languages and Development● PowerShell Scripting

● PowerShell Modules● ActiveDirectory

● Resources● Q&A

}

} 2nd Hour

1st Hour


Overview

Feel free to interrupt and ask questions!


Languages and Development

Before we begin, a bit of a primer!

● Styles of Coding● Syntax● Getting Help● Starting Out



Styles of Coding/Scripting/Development

● Novice● Avid Scripter● Full Time Developer● Code Monkey



Syntax

syn•tax (sĭn tăks ) – the rules that govern ˈ ˌhow a script, or program, is developed in a given language.



Syntax

White Space, parens (), commas, periods, quotes (“ vs '), tabs, braces [], curly brackets {}, colons :, semi-colons ;, all play an integral part in the syntax of a language!



Getting Help!

RTF Manual/Docs/Reference

Often times, the documentation will have an answer for what you are trying to accomplish. *NOT ALWAYS THOUGH*



Getting Help!

Interactive Help

● ?● F1● Intellisense (Ctrl+Space)● Get-Help



Getting Help!

Search Engines FTW!

Google is not the end all in searches. For Development I prefer DuckDuckGo!

https://duckduckgo.com


PowerShell

Overview

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework.


PowerShell

Overview

PowerShell was designed by :● Jeffrey Snover (@jsnover)● Bruce Payette (@BrucePayette)● James Truher

Initial release was November 14, 2006


PowerShell

Overview

PowerShell is a part of the Windows Management Framework. WMF 5.0 was released on April 3, 2014.

For today's scripting we will be using WMF 3.0.


PowerShell

You will need:

● Windows Management Framework 3.0● Microsoft .NET Framework 4.5● Text Editor (your choice)

● Sublime Text http://www.sublimetext.com/

● Komodo Edit http://komodoide.com/komodo-edit/

● PowerShell ISE (comes with WMF)


PowerShell

File Name Extensions

.ps1 – Script Files

.psm1 – Script Module Files

.psd1 – Script Manifest Files

.ps1xml – Formatting and Type Files

.dll - Cmdlet and Provider Assemblies


PowerShell

Cmdlets, Functions, and Scripts Oh My!

From a functional standpoint, cmdlets, functions, and scripts are practically the same.

They are a way to call a specific block of code.


PowerShell

Cmdlet:

Written in a compiled .NET language.Easier to deploy.Help files are easier to write.Has support for parameter validation.


PowerShell

Function:

Written in a PowerShell language.Has to be deployed with a library.Help is written inside the function.Parameter validation has to be done in the function itself.


PowerShell

Script:

Written in a PowerShell language.Is invoked by calling the .ps1 file.Deployed by itself or in a manifest file.Can contain functions.


PowerShell

Set-ExecutionPolicy

Before you can run your custom scripts you have to set the ExecutionPolicy to RemoteSigned.

In PowerShell type:Set-ExecutionPolicy RemoteSigned


PowerShell


PowerShell

HelloWorld.ps1

Enough of the primer! Let's get coding!

This is where you code along with me if you can!


HelloWorld.ps1


HelloWorld.ps1

Variable(s):

a symbolic name associated with a value and whose associated value may be changed.


HelloWorld.ps1

Hard-Coded:

Typing the value directly into your script. Our “Hello World” text was hard-coded.


HelloWorld.ps1

PowerShell Variables:

A PowerShell variable is defined with the dollar sign $ followed by the name of the variable.

For example: $message is a variable.


HelloWorld.ps1

PowerShell Variables:

Let's rewrite our HelloWorld.ps1 to use a variable $message with our text “Hello World”.


HelloWorld.ps1


HelloWorld.ps1

Strong vs Weak Typing:

$a = 1 weak type[int]$a = 1 strong type

[String]$a = “1”


HelloWorld.ps1


HelloWorld.ps1

Quotes! Single vs Double

Double Quotes (“) will attempt to resolve any variables before anything is printed to the screen.

Single Quotes (') will print exactly what is typed between the quotes.


HelloWorld.ps1


HelloWorld.ps1

Backtick `

The backtick, or grave accent, is a special escape character. This means that you want the next character to be printed and not interpreted in anyway.


HelloWorld.ps1


Getting Input

Write-Output is great. But how do you get information from a user?

Read-Host


Getting Input


Conditional Logic

A Condition is:

a feature of a programming language which perform a different set of computations or actions depending on whether a programmer-specified boolean condition evaluates to true or false.


Conditional Logic

A Condition is:

Is the stop light is green? Keep going.Is the stop light is red? Stop.Is the stop light is yellow? Floor it!!!!


Conditional Logic

A Condition expressed:● If - Beginning of the condition.● Else - Evaluates only if preceding condition(s)

is(are) false.● ElseIf – Evaluates if preceding condition(s)

is(are) false with a new condition.

● Switch – Multiple conditions for a single variable or object.


Conditional Logic

A Conditional Operator:

-and = both conditions must be true.

-or = only one of the conditions must be true.


Conditional Logic


-eq = Equals-lt = Less Than-gt = Greater Than-ne = Not Equal-ge = Great Than or Equal-le = Less Than or Equal


Conditional Logic


-Like-NotLike-Match-NotMatch-Contains-NotContains

-In-NotIn-Replace


Conditional Logic


Conditional Logic

Operator Precedence:

When operators have equal precedence, Windows PowerShell evaluates them from left to right. The exceptions are the assignment operators, the cast operators, and the negation operators (!, -not, -bnot), which are evaluated from right to left.


Conditional Logic

Operator Precedence:

You can use enclosures, such as parentheses, to override the standard precedence order and force Windows PowerShell to evaluate the enclosed part of an expression before an unenclosed part.


Conditional Logic


Parameters

A Parameter is:

A variable that allows you to pass an object to a Cmdlet, Function, or Script.

Get-ChildItem


Parameters


Parameters

Get-Help Get-ChildItem

Get-ChildItem [[-Path] <String[]>] [[-Filter] <String>] [-Exclude <String[]>[-Name] [-Recurse] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>

Get-ChildItem [[-Filter] <String>] [-Exclude <String[]>] [-Force] [-Include-LiteralPath <String[]> [-UseTransaction [<SwitchParameter>]] [<CommonParame

Get-ChildItem [-Attributes <FileAttributes]>] [-Directory] [-File] [-Force][-UseTransaction] [<CommonParameters>]


Parameters


Objects vs Text

PowerShell is Object Based.

Even if you see text on the screen, that text is actually a “String” object.

You can access the members of the object using the . operator after the variable name.


Objects vs Text


Piping

Piping is:

a way of moving something, unchanged, from one place to another.


Piping

Piping is represented by the | (pipe) character.

A pipe takes the object from the left side and passes it to the right side.

Note: When passing to another cmdlet, $_ is used to reference the passed object.


Piping


Loops

Loops:

A way to perform the same block of code for a specific number of times, until a specific condition is met, or while a specific condition exists.


Loops

Loops:

● ForEach● ForEach-Object● For● While● Do While● Do Until


Loops


Comments

Comments are defined by the # symbol.Block comments are enclosed with <# and #>.

.SYNOPSIS

.DESCRIPTION

.PARAMETER

.EXAMPLE


Comments


Putting it all Together

The final script!

Requirements:● Search all files.● Find the ones that were modified in a specific date range.

● Create a list of those files and display them.


Short Break!

Be back in 10 minutes!


Add Parameters for Date

Use Param () block to Add Parameters.

Get-Help about_Parameters

Param([Parameter(Mandatory=$true)]

[Date]$FromDate,)


Add Parameters for Date


PowerShell

File Name Extensions

.ps1 – Script Files

.psm1 – Script Module Files

.psd1 – Script Manifest Files

.ps1xml – Formatting and Type Files

.dll - Cmdlet and Provider Assemblies


Module


Module

Making Changes to Modules

● Must use -Force parameter when using Import-Module for a module that is already loaded into the session.


Import-Module -Force


Module

Note on Compiled Modules (DLLs)

● You can not import a compiled module in an active PowerShell RunSpace after it was already imported.

● You have to close the RunSpace and open it again.


File I/O

Get-Content <filename>

● Export-CliXML, Export-Csv, Export-FormatData

● Out-File, Out-Csv, Out-Data


File I/O

Let's create a script that will read each line of a CSV file, and write out only the first delimited column.


ActiveDirectory

ActiveDirectory PowerShell Module● Available in the RSAT● Comes Standard on Server (2008, 2012)

● Windows 8 Note: Must use pkgmgr to install the .cab file.


ActiveDirectory


ActiveDirectory

Yes, you can do this the hard way...

Here's an example.


ActiveDirectory

But why do it the hard way?

Get-Command -Module ActiveDirectory

135 Commands!


ActiveDirectory


ActiveDirectory

Get-AdUser

● Query the domain controller.

● Get-Help Get-AdUser


ActiveDirectory


ActiveDirectory

New-ADUser

● Adds a new user to the domain.

● Disabled by default!


ActiveDirectory


ActiveDirectory

New-ADUser

● We can add a user with very few parameters, but that user is not “usable”.

● Need -DisplayName -SAMAccountName


ActiveDirectory


ActiveDirectory

Remove-ADUser

● Uses the DN to remove the specified user.

● Remove-ADUser “CN=Ben Ten,CN=Users,DC=dfw,DC=local”


Final Script

Take what you have learned and write a PowerShell Function called Import-Users

● Imports Users from csv file Users.txt● Must force Password Reset


Error Handling

Try / Catch / Finally Blocks are used to catch exceptions.

Try { } Catch [Type] { } Finally { }


Error Handling

ErrorVariable / ErrorAction are also used but in a different way.

Get-Help about_CommonParameters

Do-Something -ErrorVariable $err -ErrorAction [Continue | Ignore | Inquire | SilentlyContinue | Stop]


Homework

Go back to your Import-User function. Add Error Handling for when:

1. The DC is not responding.2. The line you are trying to import is not delimited correctly.3. The user already exists.


Pitfalls

Don't overuse the Pipe! Not everything has to be done in a single line.

It's more important that you understand the code before you try to condense it to a single line.


Pitfalls

With Loops, start small then open the valve all the way!

You can get more than you wanted, or get stuck in an endless loop.

Especially true when doing File operations!


Resources

Freenode (irc.freenode.net)#PowerShell, #pssec, #poshsec channels.

Learn Windows PowerShell in a Month of Lunches ~ Don Jones

Carlos Perez – PowerShell Workshop at BSidesDFW.


Resources

PoshSec – https://github.com/PoshSecPoshSec Framework

PowerSploit – https://github.com/mattifestation/

Posh-SecMod – https://github.com/DarkOperator/

https://github.com/PoshSec

https://github.com/mattifestation/

https://github.com/DarkOperator/


Resources

http://www.slideshare.net/BenTen0xA/

practical-powershell-programming-for-professional-people

http://www.slideshare.net/BenTen0xA/


Matt Johnson (mwjcomputing)


Follow these People!

@mwjcomputing@securitymoey@jaysonstreet@BSidesDFW@tonikjdk@darkoperator@mattifestation@obscuresec@harmj0y


Contact - Q&A

Ben Ten (0xA)@Ben0xA - twitterhttp://ben0xa.comhttps://[email protected] – LinkedIn, Github, keybase, etc.

irc.freenode.net#burbsec, #poshsec, #pssechttp://www.slideshare.net/BenTen0xA

QUESTIONS?!

http://ben0xa.com/

https://poshsec.org/

mailto:[email protected]


Thank You!

Practical PowerShell Programming for Professional People - Extended Edition

Technology

Transcript of Practical PowerShell Programming for Professional People - Extended Edition