Get-NetNeighbor

9. Gestión de la red en PowerShell (nivel intermedio)

(4 votes, average: 4.00 out of 5)

Relación de las capas del modelo TCP/IP con PowerShell: Capa física La capa de red física especifica las características del […]

Convertir a binario las direcciones MAC de todos los dispositivos de red que hay en una red

(1 votes, average: 5.00 out of 5)

ForEach($val in ((Get-NetNeighbor).LinkLayerAddress).replace("-",""))
{
$val
0..($val.Length-1) | %{
Write-Host $val[$_],([Convert]::ToString([Byte]::Parse($val[$_],[System.Globalization.NumberStyles]::HexNumber),2))
}
}

ForEach($val in ((Get-NetNeighbor).LinkLayerAddress).replace("-",""))

{

$val

0..($val.Length-1) | %{

Write-Host $val[$_],([Convert]::ToString([Byte]::Parse($val[$_],[System.Globalization.NumberStyles]::HexNumber),2))

}

Gets information about the neighbor cache for IPv4 and IPv6

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor

1	Get-NetNeighbor

9. Gestión de la red en PowerShell para administradores de sistemas (nivel básico)

(1 votes, average: 5.00 out of 5)

Relación de las capas de red con cmdlets de PowerShell. Capa física Relación con el medio físico, información sobre las tarjetas […]

Windows Post Exploitation Cmdlets Execution (PowerShell)

(5 votes, average: 5.00 out of 5)

Presence This section focuses on information gathering about the victim host and the network that it’s attached to. System

#Shows all current environmental variables
$env:ALLUSERSPROFILE
$env:APPDATA
$env:CommonProgramFiles
${env:CommonProgramFiles(x86)}
$env:CommonProgramW6432
$env:COMPUTERNAME
$env:ComSpec
$env:FP_NO_HOST_CHECK
$env:HOMEDRIVE
$env:HOMEPATH
$env:LOCALAPPDATA
$env:LOGONSERVER
$env:NUMBER_OF_PROCESSORS
$env:OS
$env:Path
$env:PATHEXT
$env:PROCESSOR_ARCHITECTURE
$env:PROCESSOR_IDENTIFIER
$env:PROCESSOR_LEVEL
$env:PROCESSOR_REVISION
$env:ProgramData
$env:ProgramFiles
${env:ProgramFiles(x86)}
$env:ProgramW6432
$env:PSModulePath
$env:PUBLIC
$env:SESSIONNAME
$env:SystemRoot
$env:TEMP
$env:TMP
$env:USERDOMAIN
$env:USERDOMAIN_ROAMINGPROFILE
$env:USERNAME
$env:USERPROFILE
$env:SystemDrive
$env:windir

#Shows all current environmental variables (macOS)
$env:_ 
$env:LOGNAME
$env:SHLVL
$env:TERM_SESSION_ID
$env:PATHEXT
$env:__CF_USER_TEXT_ENCODING
$env:PATH
$env:SSH_AUTH_SOCK
$env:TMPDIR
$env:Apple_PubSub_Socket_Render
$env:PSMODULEPATH
$env:TERM
$env:USER
$env:HOME
$env:PWD
$env:TERM_PROGRAM
$env:XPC_FLAGS
$env:LC_CTYPE
$env:SHELL
$env:TERM_PROGRAM_VERSION
$env:XPC_SERVICE_NAME

#Information about disk
Get-Disk

#Retrieving Process Information
Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Lists running threads for a specified process
(Get-Process chrome | Select-Object Threads).Threads
Get-Process | select -expand Threads

#Last Boot Uptime
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

#Lists the current drivers on the system
Get-Process -Module

#Events and event logs on the local and remote
Get-EventLog -LogName System -EntryType Error, Warning
Get-EventLog -LogName System -EntryType Error, Warning -ComputerName $computer

#Shows all current environmental variables

$env:ALLUSERSPROFILE

$env:APPDATA

$env:CommonProgramFiles

${env:CommonProgramFiles(x86)}

$env:CommonProgramW6432

$env:COMPUTERNAME

$env:ComSpec

$env:FP_NO_HOST_CHECK

$env:HOMEDRIVE

$env:HOMEPATH

$env:LOCALAPPDATA

$env:LOGONSERVER

$env:NUMBER_OF_PROCESSORS

$env:OS

$env:Path

$env:PATHEXT

$env:PROCESSOR_ARCHITECTURE

$env:PROCESSOR_IDENTIFIER

$env:PROCESSOR_LEVEL

$env:PROCESSOR_REVISION

$env:ProgramData

$env:ProgramFiles

${env:ProgramFiles(x86)}

$env:ProgramW6432

$env:PSModulePath

$env:PUBLIC

$env:SESSIONNAME

$env:SystemRoot

$env:TEMP

$env:TMP

$env:USERDOMAIN

$env:USERDOMAIN_ROAMINGPROFILE

$env:USERNAME

$env:USERPROFILE

$env:SystemDrive

$env:windir

#Shows all current environmental variables (macOS)

$env:_

$env:LOGNAME

$env:SHLVL

$env:TERM_SESSION_ID

$env:PATHEXT

$env:__CF_USER_TEXT_ENCODING

$env:PATH

$env:SSH_AUTH_SOCK

$env:TMPDIR

$env:Apple_PubSub_Socket_Render

$env:PSMODULEPATH

$env:TERM

$env:USER

$env:HOME

$env:PWD

$env:TERM_PROGRAM

$env:XPC_FLAGS

$env:LC_CTYPE

$env:SHELL

$env:TERM_PROGRAM_VERSION

$env:XPC_SERVICE_NAME

#Information about disk

Get-Disk

#Retrieving Process Information

Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Lists running threads for a specified process

(Get-Process chrome | Select-Object Threads).Threads

Get-Process | select -expand Threads

#Last Boot Uptime

Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

#Lists the current drivers on the system

Get-Process -Module

#Events and event logs on the local and remote

Get-EventLog -LogName System -EntryType Error, Warning

Get-EventLog -LogName System -EntryType Error, Warning -ComputerName $computer

[…]

Buscar direcciones IP en la red local y realizar una consulta DNS

(1 votes, average: 5.00 out of 5)

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {
Resolve-DnsName $_
}

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {

Resolve-DnsName $_

}

Buscar direcciones IP en la red local y realizar una consulta WMI

(1 votes, average: 5.00 out of 5)

$credencial=Get-Credential
(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {
Get-WmiObject -Class Win32_BIOS -ComputerName ($_) -Credential $credencial
}

$credencial=Get-Credential

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {

Get-WmiObject -Class Win32_BIOS -ComputerName ($_) -Credential $credencial

}

Get entries from the IPv6 neighbor cache

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor | Where-Object AddressFamily -EQ IPv6

1	Get-NetNeighbor \| Where-Object AddressFamily -EQ IPv6

Get entries from the IPv4 neighbor cache

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor | Where-Object AddressFamily -EQ IPv4

1	Get-NetNeighbor \| Where-Object AddressFamily -EQ IPv4

Seguridad informática con PowerShell

(2 votes, average: 5.00 out of 5)

Introducción Confidencialidad

#Habilitar BitLocker
Enable-BitLocker -MountPoint "f:" -RecoveryPasswordProtector -UsedSpaceOnly -Verbose

#Deshabilitar BitLocker
Disable-BitLocker -MountPoint "f:"

#Habilitar BitLocker

Enable-BitLocker -MountPoint "f:" -RecoveryPasswordProtector -UsedSpaceOnly -Verbose

#Deshabilitar BitLocker

Disable-BitLocker -MountPoint "f:"

Integridad

#Calcular hash para un archivo
Get-FileHash D:\power\fichero.txt -Algorithm MD5
Get-FileHash D:\power\fichero.txt -Algorithm SHA1
Get-FileHash D:\power\fichero.txt -Algorithm SHA256
Get-FileHash D:\power\fichero.txt -Algorithm SHA384
Get-FileHash D:\power\fichero.txt -Algorithm SHA512
Get-FileHash D:\power\fichero.txt -Algorithm RIPEMD160

#Calcular hash para un archivo

Get-FileHash D:\power\fichero.txt -Algorithm MD5

Get-FileHash D:\power\fichero.txt -Algorithm SHA1

Get-FileHash D:\power\fichero.txt -Algorithm SHA256

Get-FileHash D:\power\fichero.txt -Algorithm SHA384

Get-FileHash D:\power\fichero.txt -Algorithm SHA512

Get-FileHash D:\power\fichero.txt -Algorithm RIPEMD160

Seguridad física Analizar el hardware de los equipos de la empresa

$credenciales=Get-Credential
1..254 | %{
    (Get-WmiObject Win32_AutochkSetting -ComputerName ('192.168.1.'+$_) -Credential $credenciales).SettingID
    (Get-WmiObject Win32_BaseBoard -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Manufacturer
    (Get-WmiObject Win32_BIOS -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Version
    (Get-WmiObject Win32_Bus -ComputerName ('192.168.1.'+$_) -Credential $credenciales).DeviceID
    Get-WmiObject Win32_Processor -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_SystemEnclosure -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_Battery -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_Printer -ComputerName ('192.168.1.'+$_) -Credential $credenciales
}

$credenciales=Get-Credential

1..254 | %{

(Get-WmiObject Win32_AutochkSetting -ComputerName ('192.168.1.'+$_) -Credential $credenciales).SettingID

(Get-WmiObject Win32_BaseBoard -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Manufacturer

(Get-WmiObject Win32_BIOS -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Version

(Get-WmiObject Win32_Bus -ComputerName ('192.168.1.'+$_) -Credential $credenciales).DeviceID

Get-WmiObject Win32_Processor -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_SystemEnclosure -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_Battery -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_Printer -ComputerName ('192.168.1.'+$_) -Credential $credenciales

}

Ver dispositivos conectados […]

Adquisición de datos volátiles

(1 votes, average: 5.00 out of 5)

#Información sobre procesos
Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Información sobre hilos
(Get-Process chrome | Select-Object Threads).Threads
Get-Process | select -expand Threads

#Información sobre conexiones
#https://www.jesusninoc.com/2015/11/13/cmdlets-for-tcpip-model-layers/
Get-NetAdapterHardwareInfo
Get-NetAdapter -Physical
Get-NetNeighbor
Get-NetAdapterStatistics
Get-NetAdapter | Select-Object Name,MacAddress
Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
((Get-NetAdapterBinding).DisplayName) -match 'Protocolo de Internet'
(Get-NetIPInterface) | Select-Object InterfaceAlias,AddressFamily
Get-NetIPv4Protocol
Get-NetIPv6Protocol
Get-NetRoute
Get-NetNat
Get-NetNatExternalAddress
Get-NetNatGlobal
Get-NetNatSession
Get-NetNatStaticMapping
Get-NetNatTransitionConfiguration
Get-NetNatTransitionMonitoring
Get-NetFirewallAddressFilter
Get-NetFirewallApplicationFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetFirewallRule
Get-NetFirewallSecurityFilter
Get-NetFirewallServiceFilter
Get-NetFirewallSetting
Get-NetTCPSetting
Get-NetTCPConnection
Get-NetTCPConnection | Select-Object LocalPort,Remoteport
Get-NetUDPSetting
Get-NetUDPEndpoint
(Get-NetUDPEndpoint).LocalPort
Get-DnsClient
Get-DnsClientCache
Get-DnsClientGlobalSetting
Get-DnsClientNrptGlobal
Get-DnsClientNrptPolicy
Get-DnsClientNrptRule
Get-DnsClientServerAddress

#Fecha y hora del sistema
Get-Date

#Última hora de arranque del sistema
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

#DLL
Get-Process | select -expand MainModule
Get-Process | select -expand Modules

#Información sobre procesos

Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Información sobre hilos

(Get-Process chrome | Select-Object Threads).Threads

Get-Process | select -expand Threads

#Información sobre conexiones

#https://www.jesusninoc.com/2015/11/13/cmdlets-for-tcpip-model-layers/

Get-NetAdapterHardwareInfo

Get-NetAdapter -Physical

Get-NetNeighbor

Get-NetAdapterStatistics

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

((Get-NetAdapterBinding).DisplayName) -match 'Protocolo de Internet'

(Get-NetIPInterface) | Select-Object InterfaceAlias,AddressFamily

Get-NetIPv4Protocol

Get-NetIPv6Protocol

Get-NetRoute

Get-NetNat

Get-NetNatExternalAddress

Get-NetNatGlobal

Get-NetNatSession

Get-NetNatStaticMapping

Get-NetNatTransitionConfiguration

Get-NetNatTransitionMonitoring

Get-NetFirewallAddressFilter

Get-NetFirewallApplicationFilter

Get-NetFirewallInterfaceFilter

Get-NetFirewallInterfaceTypeFilter

Get-NetFirewallPortFilter

Get-NetFirewallProfile

Get-NetFirewallRule

Get-NetFirewallSecurityFilter

Get-NetFirewallServiceFilter

Get-NetFirewallSetting

Get-NetTCPSetting

Get-NetTCPConnection

Get-NetTCPConnection | Select-Object LocalPort,Remoteport

Get-NetUDPSetting

Get-NetUDPEndpoint

(Get-NetUDPEndpoint).LocalPort

Get-DnsClient

Get-DnsClientCache

Get-DnsClientGlobalSetting

Get-DnsClientNrptGlobal

Get-DnsClientNrptPolicy

Get-DnsClientNrptRule

Get-DnsClientServerAddress

#Fecha y hora del sistema

Get-Date

#Última hora de arranque del sistema

Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

#DLL

Get-Process | select -expand MainModule

Get-Process | select -expand Modules

Equivalencias entre comandos de red de Windows y Cmdlets de PowerShell

(1 votes, average: 5.00 out of 5)

ARP

Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
Get-NetNeighbor

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

Get-NetNeighbor

IPCONFIG

Get-NetIPAddress
Get-NetIPConfiguration
Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize
Get-NetIPAddress | ? AddressFamily -eq IPv4 | FT –AutoSize
Get-NetAdapter Wi-Fi | Get-NetIPAddress | FT -AutoSize

Get-NetIPAddress

Get-NetIPConfiguration

Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize

Get-NetIPAddress | ? AddressFamily -eq IPv4 | FT –AutoSize

Get-NetAdapter Wi-Fi | Get-NetIPAddress | FT -AutoSize

NETSH

New-NetIPAddress -InterfaceAlias Wi-Fi -IPAddress 192.168.1.56 -PrefixLength 24 -DefaultGateway 192.168.1.1
Set-NetIPAddress –InterfaceIndex 12 –IPAddress 192.168.0.16
Remove-NetIPAddress –IPAddress 192.168.0.16 -DefaultGateway 192.168.0.1

New-NetIPAddress -InterfaceAlias Wi-Fi -IPAddress 192.168.1.56 -PrefixLength 24 -DefaultGateway 192.168.1.1

Set-NetIPAddress –InterfaceIndex 12 –IPAddress 192.168.0.16

Remove-NetIPAddress –IPAddress 192.168.0.16 -DefaultGateway 192.168.0.1

NETSTAT

Get-NetTCPConnection
Get-NetTCPConnection | Group State, RemotePort | Sort Count | FT Count, Name –Autosize
Get-NetTCPConnection | ? State -eq Established | FT –Autosize
Get-NetTCPConnection | ? State -eq Established | ? RemoteAddress -notlike 127* | % { $_; Resolve-DnsName $_.RemoteAddress -type PTR -ErrorAction SilentlyContinue}
Get-NetUDPEndpoint

Get-NetTCPConnection

Get-NetTCPConnection | Group State, RemotePort | Sort Count | FT Count, Name –Autosize

Get-NetTCPConnection | ? State -eq Established | FT –Autosize

Get-NetTCPConnection | ? State -eq Established | ? RemoteAddress -notlike 127* | % { $_; Resolve-DnsName $_.RemoteAddress -type PTR -ErrorAction SilentlyContinue}

Get-NetUDPEndpoint

NSLOOKUP

Resolve-DnsName

1	Resolve-DnsName

PING

Test-NetConnection
Test-NetConnection www.jesusninoc.com
Test-NetConnection -ComputerName www.jesusninoc.com -InformationLevel Detailed
Test-NetConnection -ComputerName www.jesusninoc.com | Select -ExpandProperty PingReplyDetails | FT Address, Status, RoundTripTime
1..100 | % { Test-NetConnection -ComputerName www.jesusninoc.com -RemotePort 80 } | FT -AutoSize

Test-NetConnection

Test-NetConnection www.jesusninoc.com

Test-NetConnection -ComputerName www.jesusninoc.com -InformationLevel Detailed

Test-NetConnection -ComputerName www.jesusninoc.com | Select -ExpandProperty PingReplyDetails | FT Address, Status, RoundTripTime

1..100 | % { Test-NetConnection -ComputerName www.jesusninoc.com -RemotePort 80 } | FT -AutoSize

ROUTE

Get-NetRoute
Get-NetAdapter Wi-Fi | Get-NetRoute
New-NetRoute
Remove-NetRoute

Get-NetRoute

Get-NetAdapter Wi-Fi | Get-NetRoute

New-NetRoute

Remove-NetRoute

TRACERT

Test-NetConnection –TraceRoute

1	Test-NetConnection –TraceRoute

#MAC file
$macs = get-content .\mac.txt
foreach($mac in $macs){
#Use arp -a
$ip = arp -a | select-string "$mac" |% { $_.ToString().Trim().Split(" ")[0] }
"$mac has an ip of $ip"
}

#MAC file

$macs = get-content .\mac.txt

foreach($mac in $macs){

#Use arp -a

$ip = arp -a | select-string "$mac" |% { $_.ToString().Trim().Split(" ")[0] }

"$mac has an ip of $ip"

}

PowerShell 5.0

Get-NetNeighbor | Select-Object IPAddress,LinkLayerAddress

1	Get-NetNeighbor \| Select-Object IPAddress,LinkLayerAddress

9. Gestión de la red en PowerShell (nivel intermedio)

Convertir a binario las direcciones MAC de todos los dispositivos de red que hay en una red

Gets information about the neighbor cache for IPv4 and IPv6

9. Gestión de la red en PowerShell para administradores de sistemas (nivel básico)

Windows Post Exploitation Cmdlets Execution (PowerShell)

Buscar direcciones IP en la red local y realizar una consulta DNS

Buscar direcciones IP en la red local y realizar una consulta WMI

Get entries from the IPv6 neighbor cache

Get entries from the IPv4 neighbor cache

Seguridad informática con PowerShell

Adquisición de datos volátiles

Equivalencias entre comandos de red de Windows y Cmdlets de PowerShell

Cmdlets for TCP/IP Model Layers

Find IP Address by MAC Address