Objects are essentially a representation of data that is provided as a result of running a cmdlet. Rather than with other scripting languages where data is output as text most of the time, PowerShell is different in that the data being output originates from classes within the .NET Framework in the form of âobjects.â
Objects are partly comprised of collections of properties, along with âmethodsâ that we can use to manipulate the objects.
Letâs take the Get-Process cmdlet as an example. When we run the Get-Process cmdlet along with the âFormat-List *â command, as weâve seen earlier, we get a list of all processes along with their properties.
If we take a look at the âfirefoxâ process object for example, we can see it contains a number of different properties, (Name, Id, Path) to name a few.
Each of the objects also has multiple methods that we can use to manipulate a particular object. To get a list of methods for objects associated with a cmdlet, we can use the âGet-Memberâ cmdlet as part of a pipeline command, like the following:
The âGet-Memberâ cmdlet will give us an idea of all of the methods for associated objects, as can be seen below for the âGet-Processâ objects.
We can see from the previous output, that several methods that might be of interest to us for the âGet-Processâ objects might be, âKill,â or âStart,â which we could use to Kill, or Start processes.
So far:
1. Weâve identified an object (in this case, a process âfirefoxâ) weâd
like to manipulate in some way using the âGet-Processâ cmdlet.
2. Weâve determined the methods that are available for use with the
objects that were returned by using the âGet-Process | GetMemberâ cmdlet and pipeline.
3. And weâve decided that the âKillâ method is the method weâd like
to use for that process (as an example).
The next step is straightforward. We can simply call the âGet-Processâ cmdlet, along with the â-Nameâ parameter for the âfirefoxâ process, and pipe that to the âKillâ method we identified using the âGet-Memberâ cmdlet. Our command would like the following:
PS C:\> Get-Process âName âfirefoxâ | Kill
Which effectively kills any Firefox processes.
This is just one example of how we can manipulate objects using their associated methods to help us meet our objectives.
In addition to using the built-in cmdlets to access a large number of objects, which we can then manipulate, we can also create .Net Objects which greatly extends our capabilities using the âNewObjectâ cmdlet.
We can use the âNew-Objectâ cmdlet to create an instance of a .Net Framework object, or COM object.
These can be either created as a âTypeâ of the .NET Framework class, using fully qualified names of .NET classes, or, we can use the âProgIDâ of a COM object.
As an example of creating a basic object based off of a .NET class with the âNew-Objectâ cmdlet, we can use the âNet.WebClientâ .NET system class to download a file to a target system with the following code:
In the example on the previous slide (line by line):
Weâll see more examples of creating .NET and COM objects in the module that follows, but for now, experiment and research on ways you can use the âNew-Objectâ cmdlet to create objects we can leverage for offensive purposes.
And this concludes our lesson on PowerShell fundamentals. Although we really only scratched the surface in regards to PowerShell fundamentals, we encourage you to explore its capabilities and apply those to your offensive work. In the next Module, weâll be covering specific toolsets and even more useful things we can do with PowerShell for our purposes.
1. We create a variable called â$webclientâ which instantiates the
âSystem.Net.WebClientâ .NET class, which is used to create a web client.
2. We then create another variable ($payload_url), which is the url to our
payload.
3. The â$fileâ variable is then used as the location to which we want to save
the payload on the target system.
4. And finally, we call the $webclientâ variable with the âDownloadFileâ
method which downloads our payload.exe to the target.