POWERshell (We Luv Castin Shells)

From the official Microsoft [page](https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4): _“PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework.”_ Powershell is object-oriented as it utilizes properties and methods. Properties (characteristics) and methods (actions). Example: the object "car" has the *properties* "color", "model", and "fuel_level" and has the *methods* such as "drive()", "HonkHorn()", and "refuel()". Powershell commands are called cmdlets (command-lets) and follow a consistent naming convention of "verb-noun" (action-object). Exmaple: Get-Content and Set-Location. `Get-Command`: Retrieves the list of available commands that can be used. If you wanted to list all the modules that start with "Remove" (remember thats a verb!) then we can do the following: `Get-Command -Name "Remove*"`. We add the asterisk AFTER remove since cmdlets naming convention is verb-noun, we have the verb and are looking for the noun. `Get-Help`: provides detailed information about cmdlets including usage, parameters, and examples. `Get-Alias`: Lists all available aliases. Additional cmdlets can be downloaded. The following is an example of how it can be done. `Find-Module -Name "PowerShell*"`: The `Find-Module` command is used to search for modules when we don't know the exact name. The `*`represents a wildcard. Once a module is identified it can be downloaded with `Install-Module`. Example: `Install-Module -Name "PowerShellGet"`. `Get-ChildItem`: Used to list the files and directories in a location specified with the `-Path` parameter. If no path is specified then this command will display the contents of the current working directory. `Set-Location`: Changes the current directory to the specified path similar to the `cd` command in Command Prompt (CMD.exe). To create an item in PowerShell we use the following command: `New-Item` and providing the path of the item and its type (is it a file or directory). `New-Item -Path ".\Desktop\Archive" -ItemType "Directory"` `Remove-Item` cmdlet removes both directories and files unlike in the Windows CLI which has two separate commands (`rmdir` and `del` ). Follows the same syntax as `New-Item`. `Get-Content`: Reads and displays the contents of a file (works similarly to `type` command in Command Prompt or `cat` in Unix). Example: `Get-Content -Path ".\text_file.txt"`. `Copy-Item`: Used to copy files. Example: `Copy-Item -Path .\Desktop\text_file.txt -Destination .\Desktop\text_file2.txt` `Move-Item`: Move items, follows the same syntax as `Copy-Item`. ### Varying Comparison Operators Useful for Filtering: `-eq`: equal to `-ne`: Not equal to `-gt`: Greater than `-ge`: greater than or equal to `-lt`: less than `-le`: less than or equal to `Sort-Object`: Sorts objects based on specified properties (such as Length). Example: `Get-ChildItem | Sort-Object Length`. `Where-Object`: Filters based on specified conditions returning only those that meet the criteria. Example: `Get-ChildItem | Where-Object -Property "Extension" -eq ".txt"`. Another example: `Get-ChildItem | Where-Object -Property "Name" -like "ship*"`. `Select-Object`: Used to select specific properties from objects or limit the number of object returned. Example: `Get-ChildItem | Select-Object Name,Length`. Example of how to sort items based on length: `Get-ChildItem | Sort-Object Length -Descending | Select-Object -First 1`. This will find the largest item and sort it in descending order from largest to smallest. `Get-ComputerInfo`: cmdlet that retrieves comprehensive system information, such as operating system, hardware specifications, BIOS details, and more. `systeminfo`: Retrieves a small set of the same details. `Get-LocalUser`: Lists all the local user accounts on the system. `Get-NetIPConfiguarion`: Provides detailed information about the network interfaces on the system including IP addresses, DNS servers, and gateway configurations. `Get-NetIPAddress`: shows details for all IP addresses configured on the system, including those that are not currently active. `Get-Process`: Provides detailed view of all currently running processes, including CPU and memory usage. `Get-Service`: Retrieves information in regard to the status of services on the machine such as which services are stopped, running, or paused. `Get-NetTCPConnection`: Displays the current TCP connections providing insight into remote and local endpoints. `Get-FileHash`: Generates file hashes. Say you are trying to identify a service based on the DisplayName property and the string you have at your disposal is something along the lines of "HelloWorld". You can use the following to search for a service with the string in the DisplayName. Example: `Get-Service | Where-Object {$_.DisplayName -like "*HelloWorld*"} | Select-Object Name,DisplayName`. `Invoke-Command`: Essential for executing commands on remote systems. Example of running a command (`Get-Help`) on a remote system: `Invoke-Command -ComputerName COMPUTER_NAME -Credential Domain01\User01 -ScriptBlock {Get-Help}` To get more information on `Invoke-Command` we can use the following: `Get-Help Invoke-Command -examples`.