TryHackMe – Hacking with PowerShell Walkthrough

Introduction

This was a room that taught the basics of PowerShell, how to perform enumeration on Windows with Powershell and the fundamentals of PowerShell scripting.

Basic PowerShell Commands:

What is the location of the file “interesting-file.txt”

Specify the contents of this file:

How many cmdlets are installed on the system(only cmdlets, not functions and aliases)?

Get the MD5 hash of interesting-file.txt

What is the command to get the current working directory?

Does the path “C:\Users\Administrator\Documents\Passwords” Exist(Y/N)?

What command would you use to make a request to a web server?

Base64 decode the file b64.txt on Windows. 

Enumeration

How many users are there on the machine?

Which local user does this SID(S-1-5-21-1394777289-3961777894-1791813945-501) belong to?

How many users have their password required values set to False?

How many local groups exist?

What command did you use to get the IP address info?

How many ports are listed as listening?What is the remote address of the local port listening on port 445?

How many patches have been applied?

When was the patch with ID KB4023834 installed?

Find the contents of a backup file.

Search for all files containing API_KEY

What command do you do to list all the running processes?

What is the path of the scheduled task called new-sched-task?

Who is the owner of the C:\

Basic Scripting Challenge

What file contains the password?What is the password?

What files contains an HTTPS link?

How many open ports did you find between 130 and 140(inclusive of those two)?

Conclusion

This can be a great room to start learning PowerShell, and although it lightly touches on some of the more useful commands, it shows just how powerful it can be for enumerating Windows systems.