Practical PowerShell Programming for Professionals

Practical PowerShell Programming
for
Professional People
Ben Ten
(@Ben0xA)
Slides: http://www.slideshare.net/BenTen0xA
BSidesDFW 2014

Practical Powe rShell Programming for Professional People
BSidesDFW - Ben Ten (@Ben0xA)
About Me
Ben Ten (0xA)
@Ben0xA - twitter
Chicago - #burbsec
Security Consultant
Developer
PoshSec Framework Developer / Creator
Gamer
Geek

Practical PowerShell Programming for Professional People
About Me

SecurityFail

Overview
●Languages and Development
●PowerShell Scripting
●PowerShell Modules
●ActiveDirectory
●Resources
●Q&A
}
} 2nd Hour
1st Hour

Overview
Feel free to interrupt and ask questions!

Languages and Development
Before we begin, a bit of a primer!
●Styles of Coding
●Syntax
●Getting Help
●Starting Out

Styles of Coding/Scripting/Development
●Novice
●Avid Scripter
●Full Time Developer
●Code Monkey

Syntax
syn•tax (sĭnˈtăksˌ) – the rules that govern
how a script, or program, is developed in a
given language.

Syntax
White Space, parens (), commas, periods,
quotes (“ vs '), tabs, braces [], curly
brackets {}, colons :, semi-colons ;, all play
an integral part in the syntax of a
language!

Getting Help!
RTF Manual/Docs/Reference
Often times, the documentation will have
an answer for what you are trying to
accomplish. *NOT ALWAYS THOUGH*

Getting Help!
Interactive Help
● ?
●F1
●Intellisense (Ctrl+Space)
●Get-Help

Getting Help!
Search Engines FTW!
Google is not the end all in searches. For
Development I prefer DuckDuckGo!
https://duckduckgo.com

PowerShell
Overview
PowerShell is a task automation and
configuration management framework
from Microsoft, consisting of a command-line
shell and associated scripting
language built on the .NET Framework.

PowerShell
Overview
PowerShell was designed by :
● Jeffrey Snover (@jsnover)
●Bruce Payette (@BrucePayette)
● James Truher
Initial release was November 14, 2006

PowerShell
Overview
PowerShell is a part of the Windows
Management Framework. WMF 5.0 was
released on April 3, 2014.
For today's scripting we will be using WMF
3.0.

PowerShell
You will need:
●Windows Management Framework 3.0
●Microsoft .NET Framework 4.5
●Text Editor (your choice)
●Sublime Text http://www.sublimetext.com/
●Komodo Edit http://komodoide.com/komodo-edit/
●PowerShell ISE (comes with WMF)

PowerShell
File Name Extensions
.ps1 – Script Files
.psm1 – Script Module Files
.psd1 – Script Manifest Files
.ps1xml – Formatting and Type Files
.dll - Cmdlet and Provider Assemblies

PowerShell
Cmdlets, Functions, and Scripts Oh My!
From a functional standpoint, cmdlets,
functions, and scripts are practically the
same.
They are a way to call a specific block of
code.

PowerShell
Cmdlet:
Written in a compiled .NET language.
Easier to deploy.
Help files are easier to write.
Has support for parameter validation.

PowerShell
Function:
Written in a PowerShell language.
Has to be deployed with a library.
Help is written inside the function.
Parameter validation has to be done in the
function itself.

PowerShell
Script:
Written in a PowerShell language.
Is invoked by calling the .ps1 file.
Deployed by itself or in a manifest file.
Can contain functions.

PowerShell
Set-ExecutionPolicy
Before you can run your custom scripts
you have to set the ExecutionPolicy to
RemoteSigned.
In PowerShell type:
Set-ExecutionPolicy RemoteSigned

PowerShell

PowerShell
HelloWorld.ps1
Enough of the primer! Let's get coding!
This is where you code along with me if
you can!

HelloWorld.ps1

HelloWorld.ps1
Variable(s):
a symbolic name associated with a value
and whose associated value may be
changed.

HelloWorld.ps1
Hard-Coded:
Typing the value directly into your script.
Our “Hello World” text was hard-coded.

HelloWorld.ps1
PowerShell Variables:
A PowerShell variable is defined with the
dollar sign $ followed by the name of the
variable.
For example: $message is a variable.

HelloWorld.ps1
PowerShell Variables:
Let's rewrite our HelloWorld.ps1 to use a
variable $message with our text “Hello
World”.

HelloWorld.ps1
Strong vs Weak Typing:
$a = 1 weak type
[int]$a = 1 strong type
[String]$a = “1”

HelloWorld.ps1
Quotes! Single vs Double
Double Quotes (“) will attempt to resolve
any variables before anything is printed to
the screen.
Single Quotes (') will print exactly what is
typed between the quotes.

HelloWorld.ps1
Backtick `
The backtick, or grave accent, is a special
escape character. This means that you
want the next character to be printed and
not interpreted in anyway.

Getting Input
Write-Output is great. But how do you get
information from a user?
Read-Host

Getting Input

Conditional Logic
A Condition is:
a feature of a programming language
which perform a different set of
computations or actions depending on
whether a programmer-specified boolean
condition evaluates to true or false.

Conditional Logic
A Condition is:
Is the stop light is green? Keep going.
Is the stop light is red? Stop.
Is the stop light is yellow? Floor it!!!!

Conditional Logic
A Condition expressed:
● If - Beginning of the condition.
●Else - Evaluates only if preceding condition(s)
is(are) false.
●ElseIf – Evaluates if preceding condition(s)
is(are) false with a new condition.
●Switch – Multiple conditions for a single
variable or object.

Conditional Logic
A Conditional Operator:
-and = both conditions must be true.
-or = only one of the conditions must be
true.

Conditional Logic
-eq = Equals
-lt = Less Than
-gt = Greater Than
-ne = Not Equal
-ge = Great Than or Equal
-le = Less Than or Equal

Conditional Logic
-Like
-NotLike
-Match
-NotMatch
-Contains
-NotContains
-In
-NotIn
-Replace

Conditional Logic

Conditional Logic
Operator Precedence:
When operators have equal precedence,
Windows PowerShell evaluates them from
left to right. The exceptions are the
assignment operators, the cast operators,
and the negation operators (!, -not, -bnot),
which are evaluated from right to left.

Conditional Logic
Operator Precedence:
You can use enclosures, such as
parentheses, to override the standard
precedence order and force Windows
PowerShell to evaluate the enclosed part
of an expression before an unenclosed
part.

Parameters
A Parameter is:
A variable that allows you to pass an
object to a Cmdlet, Function, or Script.
Get-ChildItem

Parameters

Parameters
Get-Help Get-ChildItem
Get-ChildItem [[-Path] <String[]>] [[-Filter] <String>] [-Exclude <String[]>
[-Name] [-Recurse] [-UseTransaction [<SwitchParameter>]]
[<CommonParameters>
Get-ChildItem [[-Filter] <String>] [-Exclude <String[]>] [-Force] [-Include
-LiteralPath <String[]> [-UseTransaction [<SwitchParameter>]]
[<CommonParame
Get-ChildItem [-Attributes <FileAttributes]>] [-Directory] [-File] [-Force]
[-UseTransaction] [<CommonParameters>]

Objects vs Text
PowerShell is Object Based.
Even if you see text on the screen, that
text is actually a “String” object.
You can access the members of the object
using the . operator after the variable
name.

Objects vs Text

Piping
Piping is:
a way of moving something, unchanged,
from one place to another.

Piping
Piping is represented by the | (pipe)
character.
A pipe takes the object from the left side
and passes it to the right side.
Note: When passing to another cmdlet, $_
is used to reference the passed object.

Piping

Loops
Loops:
A way to perform the same block of code
for a specific number of times, until a
specific condition is met, or while a
specific condition exists.

Loops
Loops:
●ForEach
●ForEach-Object
●For
●While
●Do While
●Do Until

Loops

Comments
Comments are defined by the # symbol.
Block comments are enclosed with <# and
#>.
.SYNOPSIS
.DESCRIPTION
.PARAMETER
.EXAMPLE

Comments

Putting it all Together
The final script!
Requirements:
●Search all files.
●Find the ones that were modified in a
specific date range.
●Create a list of those files and display
them.

Short Break!
Be back in 10 minutes!

Add Parameters for Date
Use Param () block to Add Parameters.
Get-Help about_Parameters
Param(
[Parameter(Mandatory=$true)]
[Date]$FromDate,
)

Add Parameters for Date

PowerShell
File Name Extensions
.ps1 – Script Files
.psm1 – Script Module Files
.psd1 – Script Manifest Files
.ps1xml – Formatting and Type Files
.dll - Cmdlet and Provider Assemblies

Module

Module
Making Changes to Modules
●Must use -Force parameter when using
Import-Module for a module that is
already loaded into the session.

Import-Module -Force

Module
Note on Compiled Modules (DLLs)
●You can not import a compiled module in
an active PowerShell RunSpace after it
was already imported.
●You have to close the RunSpace and open
it again.

File I/O
Get-Content <filename>
●Export-CliXML, Export-Csv, Export-
FormatData
●Out-File, Out-Csv, Out-Data

File I/O
Let's create a script that will read each line
of a CSV file, and write out only the first
delimited column.

ActiveDirectory
ActiveDirectory PowerShell Module
●Available in the RSAT
●Comes Standard on Server (2008, 2012)
●Windows 8 Note: Must use pkgmgr to
install the .cab file.

ActiveDirectory

ActiveDirectory
Yes, you can do this the hard way...
Here's an example.

ActiveDirectory
But why do it the hard way?
Get-Command -Module ActiveDirectory
135 Commands!

ActiveDirectory
Get-AdUser
●Query the domain controller.
●Get-Help Get-AdUser

ActiveDirectory
New-ADUser
●Adds a new user to the domain.
●Disabled by default!

ActiveDirectory
New-ADUser
●We can add a user with very few
parameters, but that user is not “usable”.
●Need -DisplayName -SAMAccountName

ActiveDirectory
Remove-ADUser
●Uses the DN to remove the specified user.
●Remove-ADUser “CN=Ben
Ten,CN=Users,DC=dfw,DC=local”

Final Script
Take what you have learned and write a
PowerShell Function called Import-Users
●Imports Users from csv file Users.txt
●Must force Password Reset

Error Handling
Try / Catch / Finally Blocks are used to
catch exceptions.
Try {
}
Catch [Type] {
}
Finally {
}

Error Handling
ErrorVariable / ErrorAction are also used
but in a different way.
Get-Help about_CommonParameters
Do-Something -ErrorVariable $err
-ErrorAction [Continue | Ignore | Inquire |
SilentlyContinue | Stop]

Homework
Go back to your Import-User function. Add
Error Handling for when:
1. The DC is not responding.
2. The line you are trying to import is not
delimited correctly.
3. The user already exists.

Pitfalls
Don't overuse the Pipe! Not everything has
to be done in a single line.
It's more important that you understand
the code before you try to condense it to a
single line.

Pitfalls
With Loops, start small then open the
valve all the way!
You can get more than you wanted, or get
stuck in an endless loop.
Especially true when doing File operations!

Resources
Freenode (irc.freenode.net)
#PowerShell, #pssec, #poshsec channels.
Learn Windows PowerShell in a Month of
Lunches ~ Don Jones
Carlos Perez – PowerShell Workshop at
BSidesDFW.

Resources
PoshSec – https://github.com/PoshSec
PoshSec Framework
PowerSploit –
https://github.com/mattifestation/
Posh-SecMod –
https://github.com/DarkOperator/

Resources
http://www.slideshare.net/BenTen0xA/
practical-powershell-programming-for-professional-
people

Matt Johnson (mwjcomputing)

Follow these People!
@mwjcomputing
@securitymoey
@jaysonstreet
@BSidesDFW
@tonikjdk
@darkoperator
@mattifestation
@obscuresec
@harmj0y

Contact - Q&A
Ben Ten (0xA)
@Ben0xA - twitter
http://ben0xa.com
https://poshsec.org
web@ben0xa.com
Ben0xA – LinkedIn, Github, keybase, etc.
irc.freenode.net
#burbsec, #poshsec, #pssec
http://www.slideshare.net/BenTen0xA
QUESTIONS?!

Thank You!

Practical PowerShell Programming for Professionals

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (13)

En vedette

En vedette (20)

Similaire à Practical PowerShell Programming for Professionals

Similaire à Practical PowerShell Programming for Professionals (20)

Dernier

Dernier (20)

Practical PowerShell Programming for Professionals