Last active
July 3, 2019 12:15
-
-
Save silicontrip/d3323e694d336dd13d1e6e451309e7f6 to your computer and use it in GitHub Desktop.
powershell for unix users
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- general commands -- | |
| \ ` | |
| \n `n | |
| ! invoke-history | |
| ~ $home | |
| alias new-alias | |
| cat get-content | |
| cd set-location | |
| |dd of=<blah> | set-content -path <blah> | |
| |dd of=<blah> | out-file -path <blah> | |
| df get-volume | |
| echo write-output | |
| echo "" > file new-item -type file -name file -value "" | |
| grep select-string | |
| grep where propName -match ".*regex.*" | |
| |head |select -First <n> | |
| history get-history | |
| killall get-process | where name -eq "processname" | stop-process | |
| less | |
| ls get-childitem | |
| ls -a get-childitem -force | |
| ls -r get-childitem -recurse | |
| man get-help | |
| mkdir new-item <path> -itemtype directory | |
| more out-host -paging | |
| pwd get-location | |
| pwd <path> resolve-path <path> | |
| rm remove-item | |
| rm -f remove-item -force | |
| rm -r remove-item -recurse | |
| rmdir remove-item // warning this will remove files and non empty directories | |
| tail get-content -Tail <n> | |
| |tail |select -Last <M> | |
| time measure-command { command } | |
| unalias remove-item alias:aliasname | |
| which get-command | |
| -- word excel documents -- | |
| $w = New-Object -comobject Word.Application | |
| $x = New-Object -comobject Excel.Application | |
| $d=$w.Documents.open("C:\full\path.doc") | |
| $d=$x.Workbooks.open("C:\full\path.xls") | |
| -- new user -- | |
| $Password = Read-Host -AsSecureString | |
| $Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Password | |
| New-LocalUser "mark" -Password $Password -FullName "Mark H" -Description "A user." | |
| Add-LocalGroupMember -Group "Administrators" -Member "mark" | |
| -- install sshd -- | |
| Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' | |
| Add-WindowsCapability -Online -Name OpenSSH.Server* | |
| Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| set-service sshd -startuptype automatic | |
| New-ItemProperty -path HKLM:\SOFTWARE\OpenSSH -name DefaultShell -value C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -propertytype string | |
| -- enable psremoting -- | |
| Enable-psremoting | |
| set-item wsman:\localhost\Client\TrustedHosts -value * | |
| -- $profile -- | |
| Set-PSReadlineOption -TokenKind parameter -ForegroundColor cyan | |
| Set-PSReadlineKeyHandler -Key Tab -Function Complete | |
| Set-PSReadLineOption -EditMode Emacs | |
| -- installed software -- | |
| Get-WmiObject -class win32_product |
Author
Author
-- update powershell windows 10 from 5.0 to 5.1 --
install-module -name pswindowupdate
get-wuhistory
get-windowsupdate
get-wuinstall -microsoftupdate -listonly
Author
-- check if you have escalated privileges --
whoami /priv
-- escalation has about 28 privileges --
-- non escalated has about 5 --
-- to enable administrator enabled user to remote with escalation --
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1
Author
-- su
-- start new powershell as another user --
runas /user:user@domain powershell
-- sudo
-- if the user has local admin privileges --
-- open a new window with admin escalation --
start-process -filepath powershell -verb runas
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-- total filesize by date --
gci | Group-Object {$.LastWriteTime.ToString("yyyy-MM-dd")} | Select-Object name, @{n='TotalSize';e={$.group | ForEach-Object -Begin {$size=0} -Process {$size += $_.length} -End {$size}}} | Sort-Object -Property 'TotalSize' -Descending | sort name | Format-Table -AutoSize