1
00:00:00,000 --> 00:00:01,000
[No audio]

2
00:00:01,026 --> 00:00:03,391
The next scripting environment we're going to explore

3
00:00:03,415 --> 00:00:06,090
is called PowerShell. It used to be

4
00:00:06,090 --> 00:00:09,090
Windows PowerShell, and up until 2016, it was

5
00:00:09,090 --> 00:00:12,570
actually a Windows only product. But as of 2016,

6
00:00:12,725 --> 00:00:15,965
Microsoft re-released it as open source cross

7
00:00:15,990 --> 00:00:18,780
platform. So now it's just PowerShell, and you can

8
00:00:18,780 --> 00:00:22,410
actually get it in MacOS and Linux. You'll likely

9
00:00:22,410 --> 00:00:24,960
see it most of the time still just in Windows,

10
00:00:24,960 --> 00:00:27,330
but it is available for any environment. We're

11
00:00:27,330 --> 00:00:29,970
going to focus on the Windows implementation of

12
00:00:29,970 --> 00:00:32,369
PowerShell. There's just a very few things that

13
00:00:32,369 --> 00:00:34,890
you need to be aware of to set it up and to run

14
00:00:34,890 --> 00:00:38,100
PowerShell scripts, but the rest of the contents

15
00:00:38,100 --> 00:00:40,860
and the concepts are really the same as any other

16
00:00:40,860 --> 00:00:43,560
scripting environment. So let's take a look at how

17
00:00:43,560 --> 00:00:46,590
to launch PowerShell and how to edit a PowerShell

18
00:00:46,590 --> 00:00:49,440
script. So the first thing you'll do on a new

19
00:00:49,440 --> 00:00:52,320
installation of Windows is allow PowerShell

20
00:00:52,320 --> 00:00:54,930
scripts to execute. By default, they're not

21
00:00:54,930 --> 00:00:58,260
allowed, they're actually restricted. So let's

22
00:00:58,290 --> 00:01:01,290
search for PowerShell. There it is. I need to go

23
00:01:01,290 --> 00:01:07,289
in as administrator this once, and from there, I'm going to Set

24
00:01:07,313 --> 00:01:10,144
[No audio]

25
00:01:10,169 --> 00:01:11,793
ExecutionPolicy

26
00:01:11,817 --> 00:01:17,338
[No audio]

27
00:01:17,375 --> 00:01:21,522
Unrestricted. Says, 'Are you sure you want to do this?' Yes, I'm sure.

28
00:01:21,810 --> 00:01:25,500
And that allows me to run PowerShell scripts on

29
00:01:25,500 --> 00:01:28,980
this entire machine. All right. So now let's go

30
00:01:28,980 --> 00:01:31,290
find our favorite PowerShell script. This is a

31
00:01:31,290 --> 00:01:34,950
port scanner, and I'm going to Edit it. So if I

32
00:01:34,950 --> 00:01:37,590
right mouse click and Edit, it takes me into the

33
00:01:37,590 --> 00:01:41,070
Windows PowerShell ISE. It's a really nice

34
00:01:41,070 --> 00:01:43,440
environment where I do get more than just a simple

35
00:01:43,440 --> 00:01:45,900
text editor. But the cool thing about it is all I

36
00:01:45,900 --> 00:01:49,230
have to do is click Run, and it runs the script.

37
00:01:50,280 --> 00:01:53,520
So it tells me that I have some assignments here,

38
00:01:53,520 --> 00:01:57,510
port is 80, subnet is 10.10.1, and the range is

39
00:01:57,510 --> 00:02:03,180
1..254. So my loop says foreach r in range. So

40
00:02:03,180 --> 00:02:05,970
basically r is 1, then 2, then 3, and so

41
00:02:05,970 --> 00:02:09,810
on so forth. We build an IP using concatenation

42
00:02:09,835 --> 00:02:15,145
within PowerShell of 0.1, which basically means

43
00:02:15,420 --> 00:02:19,200
I'm going to replace the subnet and the r, so it'd

44
00:02:19,200 --> 00:02:25,567
be 10.1, I'm sorry, 10.10.1.1, then 10.10.1.2,

45
00:02:26,158 --> 00:02:28,530
and so on and so forth, and notice

46
00:02:28,530 --> 00:02:30,270
we're getting an error here because he's unable to

47
00:02:30,270 --> 00:02:33,210
make a connection with a specific target, because

48
00:02:33,210 --> 00:02:36,720
my machine 12, my Kali Linux machine is

49
00:02:36,720 --> 00:02:39,840
actively refusing port 80. This particular script

50
00:02:39,840 --> 00:02:42,180
doesn't handle errors very well, it's very simple.

51
00:02:42,210 --> 00:02:45,390
So it gives me a little error, and then once I go

52
00:02:45,390 --> 00:02:48,090
into my loop, I set up my socket, I just try to

53
00:02:48,120 --> 00:02:50,670
create a new socket based on the IP address and

54
00:02:50,670 --> 00:02:53,040
the port. If it's connected, I say it's open.

55
00:02:53,040 --> 00:02:56,280
Otherwise, I move on. Simple, very simple script.

56
00:02:56,490 --> 00:02:58,860
But this is how it operates, and we can see the

57
00:02:58,860 --> 00:03:03,420
port 80 is open on 10.10.1.1, 10, 11, and then

58
00:03:03,510 --> 00:03:06,720
the machine number 12 actively refused it and so

59
00:03:06,720 --> 00:03:10,020
it errored out. So that's what a simple, very

60
00:03:10,020 --> 00:03:13,200
simple Windows PowerShell script looks like.

61
00:03:13,740 --> 00:03:17,640
So this script is the same functionality somewhat.

62
00:03:17,760 --> 00:03:20,340
It's what we just saw in bash. It's a port

63
00:03:20,340 --> 00:03:23,250
scanner. Yes, it hard coded some values, we can

64
00:03:23,250 --> 00:03:25,260
bring those in from the outside, but it

65
00:03:25,260 --> 00:03:28,860
effectively grabs an IP and a port range and then

66
00:03:28,860 --> 00:03:31,320
loops through trying to determine if the port is

67
00:03:31,320 --> 00:03:34,080
open or closed. So it looks totally different

68
00:03:34,080 --> 00:03:36,360
because it's a different scripting language, but

69
00:03:36,360 --> 00:03:39,150
it's doing the same thing. Now we're going to look

70
00:03:39,150 --> 00:03:41,160
at some other languages and come back and then

71
00:03:41,160 --> 00:03:44,070
compare all the different languages, so you can be

72
00:03:44,070 --> 00:03:47,010
able to recognize the aspect or the particular

73
00:03:47,040 --> 00:03:50,580
commands of any of the languages you'll have to

74
00:03:50,580 --> 00:03:51,930
recognize for the exam.

75
00:03:51,954 --> 00:04:02,760
[No audio]