Powershell: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 9: | Line 9: | ||
*Get-ChildItem Env: | *Get-ChildItem Env: | ||
= invoke bluescreen bsod = | |||
<syntaxhighlight lang="powershell"> | |||
function Invoke-BlueScreen | |||
{ | |||
Add-Type " | |||
using System; | |||
using System.Runtime.InteropServices; | |||
public class PInvoke | |||
{ | |||
[DllImport(`"user32.dll`")] | |||
public static extern IntPtr CreateDesktop(string desktopName, IntPtr device, IntPtr deviceMode, int flags, long accessMask, IntPtr attributes); | |||
} | |||
" | |||
[PInvoke]::CreateDesktop("BSOD", [IntPtr]::Zero, [IntPtr]::Zero, 0, $null, [IntPtr]::Zero) | |||
} | |||
</syntaxhighlight> | |||
= self elevate = | = self elevate = | ||
Start-Process PowerShell –Verb RunAs | |||
or | |||
<syntaxhighlight lang="powershell"> | <syntaxhighlight lang="powershell"> | ||
# Get the ID and security principal of the current user account | # Get the ID and security principal of the current user account |
Revision as of 13:59, 21 November 2013
- get-help
- get-command
- get-module
- $PSVersionTable.psversion
- get-history
- get-process | get-member
- Get-Host
- $psversiontable
- Get-ChildItem Env:
invoke bluescreen bsod
function Invoke-BlueScreen
{
Add-Type "
using System;
using System.Runtime.InteropServices;
public class PInvoke
{
[DllImport(`"user32.dll`")]
public static extern IntPtr CreateDesktop(string desktopName, IntPtr device, IntPtr deviceMode, int flags, long accessMask, IntPtr attributes);
}
"
[PInvoke]::CreateDesktop("BSOD", [IntPtr]::Zero, [IntPtr]::Zero, 0, $null, [IntPtr]::Zero)
}
self elevate
Start-Process PowerShell –Verb RunAs
or
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator
# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
# Indicate that the process should be elevated
$newProcess.Verb = "runas";
# Start the new process
[System.Diagnostics.Process]::Start($newProcess);
# Exit from the current, unelevated, process
exit
}
# Run your code that needs to be elevated here
Write-Host -NoNewLine "Press any key to continue..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
check authenticity of process
PS C:\WINDOWS\system32> (get-process svchost | select-object path).path | Get-AuthenticodeSignature
Directory: C:\WINDOWS\system32
SignerCertificate Status Path
----------------- ------ ----
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
9C4F3BDB96A8F46DB59EDBB7A65CC090841236AA Valid svchost.exe
#get info about domain
get-addomain