Blog - Post List
  • Power Tips: Creating NT4 Password Hashes

    Internally, Active Directory stores all passwords as so-called NTLM Hashes. There are a number of security-analysis tools that can read and dump these hashes.

    While there fortunately is no feasible way of decrypting these hashes and retrieving the original passwords, you can take a (known) password and turn it into an NTLM hash yourself. This is the fundamental procedure of dictionary attacks: they take long lists of…

    • 11 Oct 2019
  • Power Tips: Simple PowerShell Chat

    Here’s a fun PowerShell script that you can use to create a simple multi-channel chat room. All you need is a network share where everyone has read and write permissions.

    The chat is file-based and makes use of PowerShell’s ability to monitor files for changes. So essentially, each chat channel is a text file, and whenever someone wants to “say” something, a text line is added to the file. Anyone connected to the…

    • 9 Oct 2019
  • Power Tips: Testing Password Strength

    In previous tips, we already talked about services such as haveIbeenpwned.com. They harvest leaked passwords from previous hacker attacks so you can check whether your password has been compromised and is likely to be included in future dictionary attacks.

    Below, you find two useful functions: Test-Password asks for a SecureString so when you get prompted, your input is masked. Convert-SecureStringToText then converts…

    • 7 Oct 2019
  • Power Tips: Converting SecureString to Text

    It can be very useful to be able to convert an encrypted SecureString back to a plain text. This way, for example, you can use PowerShell’s “masked input” features. Simply ask for a SecureString, and PowerShell takes care of masking the user input. Next, take the SecureString and turn it into a plain text so you can use it internally for whatever you like:

    function Convert-SecureStringToText
    {
      par…
    • 3 Oct 2019
  • Power Tips: Embedding Binaries (Pictures, DLLs) in PowerShell Scripts

    If your script requires external binary resources such as picture files or DLLs, you can of course ship them together with your script. You could, however, also embed these binaries as text in your script files:

    • Read the binary files as bytes
    • Save the bytes as Base64-encoded strings

    This way, your script can then read the Base64-encoded binaries from a text variable, turn the data back into bytes, and write them back…

    • 1 Oct 2019
  • Power Tips: Built-In SSH support in Windows 10

    In October 2018, a Windows 10 update added built-in SSH support to Windows 10. From now on, Windows 10 ships with a command-line tool called “ssh”. You can use it from within PowerShell to connect to other devices (including IoT, Raspberry Pi, etc) without the need for 3rd party tools:

     
    PS> ssh
    usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
               [-b bind_address] [-c cipher_spec] [-D [bind_address…
    • 27 Sep 2019
  • Power Tips: Playing with Latest PowerShell Core Version

    In the previous tip we illustrated how you can download a PowerShell script which automatically downloads the latest version of PowerShell Core.

    This script supports a number of parameters. By default, it fetches the latest (stable) production version. If you’d like to play with the latest version including preview versions, use the -Preview parameter. And, if you’d like to install it using an MSI package, add -MSI.…

    • 25 Sep 2019
  • Power Tips: Installing PowerShell Core

    As you probably know, Windows PowerShell (the one shipping in Windows) is done, and all efforts go into development of the new cross-platform PowerShell Core. This new PowerShell version is not (yet) shipping out-of-the-box in Windows, so in order to play with it, you need to download it manually.

    Fortunately, there is a script that does the heavy-lifting for you. This is how you can download the script source code:

    • 23 Sep 2019
  • Power Tips: Finding Public IP Address

    Here is a one-liner that retrieves your current public IP address:

     
    PS> Invoke-RestMethod -Uri http://ipinfo.io
    
    
    ip       : 87.153.224.209
    hostname : p5799e0d1.dip0.t-ipconnect.de
    city     : Hannover
    region   : Lower Saxony
    country  : DE
    loc      : 52.3705,9.7332
    org      : AS3320 Deutsche Telekom AG
    postal   : 30159
    timezone : Europe/Berlin
    readme   : https://ipinfo.io/missingauth
     

    Twitter This Tip! ReTweet this Tip!

    • 19 Sep 2019
  • Power Tips: Real-Time Log Processing

    PowerShell comes with a powerful yet simple way of monitoring file changes. Let’s assume you have a log file that changes every now and then. This would be a PowerShell script that monitors the log file for changes, and whenever a change occurs, executes some code:

    # make sure this points to a log file
    $Path = '\\myserver\report2.txt'
    
    Get-Content -Path $Path -Tail 0 -Wait |
    ForEach-Object {
        "Detected…
    • 17 Sep 2019
  • Power Tips: Detecting Key Press

    Typically, key press detection is supported only in true console windows, so this approach won’t work for the PowerShell ISE and other PowerShell hosts.

    However, PowerShell can borrow a type from the Windows Presentation Foundation that can check the state of any key. This way, it becomes trivial to implement an “abort” key that works in any PowerShell script, whether it runs in the console, Visual Studio Code,…

    • 13 Sep 2019
  • Power Tips: Detecting Storage Issues

    In Windows 10 and Windows Server 2016, PowerShell can access storage reliability data so you can find out whether there is something wrong with one of the attached storage drives. This requires Administrator privileges to execute:

     
    PS> Get-PhysicalDisk | Get-StorageReliabilityCounter
    
    DeviceId Temperature ReadErrorsUncorrected Wear PowerOnHours
    -------- ----------- --------------------- ---- ------------
    0          …
    • 11 Sep 2019
  • Power Tips: Resetting Winsock

    PowerShell can execute internal PowerShell commands and also regular console commands, so it’s not a bad thing to continue to use console commands for proven tasks.

    For example, if you’d like to reset your winsocks, this would be a reliable solution:

    #requires -RunAsAdministrator
    
    netsh winsock reset
    netsh int ip reset
    

    Note that this code requires Administrator privileges, and may require a system restart…

    • 9 Sep 2019
  • Power Tips: Using Awesome Export-Excel Cmdlet (Part 5)

    This is part 5 of our mini-series about the awesome and free “ImportExcel” PowerShell module by Doug Finke. Make sure you install the module before you play with this tip:

     
    PS> Install-Module -Name ImportExcel -Scope CurrentUser -Force
     

    In part 4, we looked at misinterpreted data due to arrays found in the input data. As you have seen, you simply need to convert arrays to strings using the -join operator…

    • 5 Sep 2019
  • Power Tips: Using Awesome Export-Excel Cmdlet (Part 4)

    This is part 4 of our mini-series about the awesome and free “ImportExcel” PowerShell module by Doug Finke. Make sure you install the module before you play with this tip:

     
    PS> Install-Module -Name ImportExcel -Scope CurrentUser -Force
     

    In part 3, we looked at misinterpreted data due to automatic formula conversion, and examined your options to post-process individual cell formats. Let’s examine issues…

    • 3 Sep 2019
  • Power Tips: Using Awesome Export-Excel Cmdlet (Part 3)

    This is part 3 of our mini-series about the awesome and free “ImportExcel” PowerShell module by Doug Finke. Make sure you install the module before you play with this tip:

     
    PS> Install-Module -Name ImportExcel -Scope CurrentUser -Force 
     

    In part 2, we looked at misinterpreted data due to automatic number conversion. Another issue can occur when raw data “looks like” Excel formulas in which case they are…

    • 30 Aug 2019
  • Power Tips: Using Awesome Export-Excel Cmdlet (Part 2)

    This is part 2 of our mini-series about the awesome and free “ImportExcel” PowerShell module by Doug Finke. Make sure you install the module before you play with this tip:

     
    PS> Install-Module -Name ImportExcel -Scope CurrentUser -Force 
     

    When you export data to Excel files, you may sometimes encounter data that is misinterpreted by Excel. For example, often phone numbers are misinterpreted as numeric…

    • 28 Aug 2019
  • Power Tips: Using Awesome Export-Excel Cmdlet (Part 1)

    Doug Finke has created an awesome PowerShell module called ImportExcel which comes with all the commands you need to import and export data from and to Microsoft Excel. It does not require Office to be installed.

    We can’t cover all the richness this module delivers, but in this tip, we’d like to provide you with the basics to get it up and running, and in follow-up tips we’ll deal about some formatting tricks.…

    • 26 Aug 2019
  • Power Tips: Auto-Creating a List of HTTP Response Codes

    In the previous example we looked at how numeric HTTP response codes can automatically be converted to descriptive text, simply by converting them to the type System.Net.HttpStatusCode.

     
    PS> [System.Net.HttpStatusCode]500
    InternalServerError
     

    This works because System.Net.HttpStatusCode is a so-called “enumeration” and acts like a “lookup table”. You can easily dump all members of an enumeration, and for example…

    • 22 Aug 2019
  • Power Tips: Converting HTTP Response Codes

    In the previous example we created a small PowerShell function that checks web site availability, and as part of the test results, a HTTP response code was returned. Let’s check out how this numeric code can be easily converted into a meaningful text message.

    Here is the function again that tests web sites:

    function Test-Url
    {
      param
      (
        [Parameter(Mandatory,ValueFromPipeline)]
        [string]
        $Url
      )
      …
    • 20 Aug 2019
  • Power Tips: Test Web Site Availability

    When a web site is unavailable, often the question is whether it’s you, or whether the web site is generally down for everyone else, too. PowerShell can ask a web service to check web site availability for you. Here is a simple wrapper function:

    function Test-Url
    {
      param
      (
        [Parameter(Mandatory,ValueFromPipeline)]
        [string]
        $Url
      )
      
      Add-Type -AssemblyName System.Web
      
      $check = "https://isitdown…
    • 16 Aug 2019
  • Power Tips: Unit Conversion via Web Service

    Accessing RESTful web services is trivial for PowerShell: simply send your input data to a public web service, and receive the results.

    Here are three PowerShell functions designed to each do a numeric conversion:

    function Convert-InchToCentimeter
    {
      param
      (
        [Parameter(Mandatory)]
        [Double]
        $Inch
      )
      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
      $url = 'https://ucum…
    • 14 Aug 2019
  • Power Tips: Validating Active Directory Credentials

    PowerShell can validate AD username and passwords against the Active Directory:

    Add-Type -AssemblyName System.DirectoryServices.AccountManagement
    $account = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([DirectoryServices.AccountManagement.ContextType]::Domain, $env:userdomain)
    
    $account.ValidateCredentials('user12', 'topSecret')
    

    Note that this approach is for diagnostic purposes…

    • 12 Aug 2019
  • Power Tips: Numbering Output (Part 1)

    If you’d like to add an incrementing number to your output, here is a simple way:

    Get-Process |
      Select-Object -Property '#', ProcessName, CPU -First 10 |
      ForEach-Object -begin { $i = 0} -process {
        $i++
        $_.'#' = $i
        $_
      } -end {}
    

    Select-Object adds a new property called “#”, and ForEach-Object adds an auto-incrementing number to it. The result looks similar to this:

     
    • 8 Aug 2019
  • Power Tips: Accepting Masked Passwords

    If you ever write PowerShell functions that need to accept sensitive input such as passwords, make sure you allow users to submit SecureString input. If you accept passwords via clear text, there is a substantial risk that others may see the password while being entered, or (even worse) that the password is logged and later can be found in dump files.

    Here is a simple framework that illustrates how you can achieve safe…

    • 6 Aug 2019