Objects
Objects are essentially a representation of data that is provided as a result of running a cmdlet. Rather than with other scripting languages where data is output as text most of the time, PowerShell is different in that the data being output originates from classes within the .NET Framework in the form of “objects.”
Objects are partly comprised of collections of properties, along with “methods” that we can use to manipulate the objects.
Let’s take the Get-Process cmdlet as an example. When we run the Get-Process cmdlet along with the “Format-List *” command, as we’ve seen earlier, we get a list of all processes along with their properties.
If we take a look at the “firefox” process object for example, we can see it contains a number of different properties, (Name, Id, Path) to name a few.
Each of the objects also has multiple methods that we can use to manipulate a particular object. To get a list of methods for objects associated with a cmdlet, we can use the “Get-Member” cmdlet as part of a pipeline command, like the following:
The “Get-Member” cmdlet will give us an idea of all of the methods for associated objects, as can be seen below for the “Get-Process” objects.
We can see from the previous output, that several methods that might be of interest to us for the “Get-Process” objects might be, “Kill,” or “Start,” which we could use to Kill, or Start processes.
So far:
The next step is straightforward. We can simply call the “Get-Process” cmdlet, along with the “-Name” parameter for the “firefox” process, and pipe that to the “Kill” method we identified using the “Get-Member” cmdlet. Our command would like the following:
Which effectively kills any Firefox processes.
This is just one example of how we can manipulate objects using their associated methods to help us meet our objectives.
In addition to using the built-in cmdlets to access a large number of objects, which we can then manipulate, we can also create .Net Objects which greatly extends our capabilities using the “NewObject” cmdlet.
We can use the “New-Object” cmdlet to create an instance of a .Net Framework object, or COM object.
These can be either created as a “Type” of the .NET Framework class, using fully qualified names of .NET classes, or, we can use the “ProgID” of a COM object.
As an example of creating a basic object based off of a .NET class with the “New-Object” cmdlet, we can use the “Net.WebClient” .NET system class to download a file to a target system with the following code:
In the example on the previous slide (line by line):
We’ll see more examples of creating .NET and COM objects in the module that follows, but for now, experiment and research on ways you can use the “New-Object” cmdlet to create objects we can leverage for offensive purposes.
And this concludes our lesson on PowerShell fundamentals. Although we really only scratched the surface in regards to PowerShell fundamentals, we encourage you to explore its capabilities and apply those to your offensive work. In the next Module, we’ll be covering specific toolsets and even more useful things we can do with PowerShell for our purposes.
Last updated