PowerShell is a full Windows administration framework, and it's built into the OS. It can't be completely blocked. When we talk about post-exploitation in Windows environments, consideration of PowerShell is not a nice-to-have; it's a necessity. We'll examine the post phase in more detail in the last two chapters of the book, but for now let's introduce PowerShell's role in bringing our attack to the next stage and one step closer to total compromise.
So, you have your foothold on a Windows 7 box. Setting aside the possibility of uploading our own tools, can we use a plain off-the-shelf copy of Windows 7 to poke around for a potential next stepping stone? With PowerShell, there isn't much we can't do.
Recall from earlier that we can pipe a number range into ForEach
. So, if we're on a network with netmask 255.255.255.0
, our range could be 1 through 255 piped into a ping
command. Let's see it in action:
>...