Get-NetNeighbor | Scripting and security

PowerShell

9. Gestión de la red en PowerShell (nivel intermedio)

(4 votes, average: 4.00 out of 5)

Capa física Adaptadores de red Información sobre los adaptadores de red Información avanzada sobre los adaptadores de red Habilitar un […]

Network PowerShell

Convertir a binario las direcciones MAC de todos los dispositivos de red que hay en una red

(1 votes, average: 5.00 out of 5)

ForEach($val in ((Get-NetNeighbor).LinkLayerAddress).replace("-",""))
{
$val
0..($val.Length-1) | %{
Write-Host $val[$_],([Convert]::ToString([Byte]::Parse($val[$_],[System.Globalization.NumberStyles]::HexNumber),2))
}
}

ForEach($val in ((Get-NetNeighbor).LinkLayerAddress).replace("-",""))

{

$val

0..($val.Length-1) | %{

Write-Host $val[$_],([Convert]::ToString([Byte]::Parse($val[$_],[System.Globalization.NumberStyles]::HexNumber),2))

}

Network PowerShell

Gets information about the neighbor cache for IPv4 and IPv6

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor

1	Get-NetNeighbor

PowerShell

9. Gestión de la red en PowerShell para administradores de sistemas (nivel básico)

(1 votes, average: 5.00 out of 5)

Relación de las capas de red con cmdlets de PowerShell. Capa física Relación con el medio físico, información sobre las tarjetas […]

PowerShell Security

Windows Post Exploitation Cmdlets Execution (PowerShell)

(5 votes, average: 5.00 out of 5)

Presence This section focuses on information gathering about the victim host and the network that it’s attached to. System

#Shows all current environmental variables
$env:ALLUSERSPROFILE
$env:APPDATA
$env:CommonProgramFiles
${env:CommonProgramFiles(x86)}
$env:CommonProgramW6432
$env:COMPUTERNAME
$env:ComSpec
$env:FP_NO_HOST_CHECK
$env:HOMEDRIVE
$env:HOMEPATH
$env:LOCALAPPDATA
$env:LOGONSERVER
$env:NUMBER_OF_PROCESSORS
$env:OS
$env:Path
$env:PATHEXT
$env:PROCESSOR_ARCHITECTURE
$env:PROCESSOR_IDENTIFIER
$env:PROCESSOR_LEVEL
$env:PROCESSOR_REVISION
$env:ProgramData
$env:ProgramFiles
${env:ProgramFiles(x86)}
$env:ProgramW6432
$env:PSModulePath
$env:PUBLIC
$env:SESSIONNAME
$env:SystemRoot
$env:TEMP
$env:TMP
$env:USERDOMAIN
$env:USERDOMAIN_ROAMINGPROFILE
$env:USERNAME
$env:USERPROFILE
$env:SystemDrive
$env:windir

#Shows all current environmental variables (macOS)
$env:_ 
$env:LOGNAME
$env:SHLVL
$env:TERM_SESSION_ID
$env:PATHEXT
$env:__CF_USER_TEXT_ENCODING
$env:PATH
$env:SSH_AUTH_SOCK
$env:TMPDIR
$env:Apple_PubSub_Socket_Render
$env:PSMODULEPATH
$env:TERM
$env:USER
$env:HOME
$env:PWD
$env:TERM_PROGRAM
$env:XPC_FLAGS
$env:LC_CTYPE
$env:SHELL
$env:TERM_PROGRAM_VERSION
$env:XPC_SERVICE_NAME

#Information about disk
Get-Disk

#Retrieving Process Information
Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Lists running threads for a specified process
(Get-Process chrome | Select-Object Threads).Threads
Get-Process | select -expand Threads

#Last Boot Uptime
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

#Lists the current drivers on the system
Get-Process -Module

#Events and event logs on the local and remote
Get-EventLog -LogName System -EntryType Error, Warning
Get-EventLog -LogName System -EntryType Error, Warning -ComputerName $computer

#Shows all current environmental variables

$env:ALLUSERSPROFILE

$env:APPDATA

$env:CommonProgramFiles

${env:CommonProgramFiles(x86)}

$env:CommonProgramW6432

$env:COMPUTERNAME

$env:ComSpec

$env:FP_NO_HOST_CHECK

$env:HOMEDRIVE

$env:HOMEPATH

$env:LOCALAPPDATA

$env:LOGONSERVER

$env:NUMBER_OF_PROCESSORS

$env:OS

$env:Path

$env:PATHEXT

$env:PROCESSOR_ARCHITECTURE

$env:PROCESSOR_IDENTIFIER

$env:PROCESSOR_LEVEL

$env:PROCESSOR_REVISION

$env:ProgramData

$env:ProgramFiles

${env:ProgramFiles(x86)}

$env:ProgramW6432

$env:PSModulePath

$env:PUBLIC

$env:SESSIONNAME

$env:SystemRoot

$env:TEMP

$env:TMP

$env:USERDOMAIN

$env:USERDOMAIN_ROAMINGPROFILE

$env:USERNAME

$env:USERPROFILE

$env:SystemDrive

$env:windir

#Shows all current environmental variables (macOS)

$env:_

$env:LOGNAME

$env:SHLVL

$env:TERM_SESSION_ID

$env:PATHEXT

$env:__CF_USER_TEXT_ENCODING

$env:PATH

$env:SSH_AUTH_SOCK

$env:TMPDIR

$env:Apple_PubSub_Socket_Render

$env:PSMODULEPATH

$env:TERM

$env:USER

$env:HOME

$env:PWD

$env:TERM_PROGRAM

$env:XPC_FLAGS

$env:LC_CTYPE

$env:SHELL

$env:TERM_PROGRAM_VERSION

$env:XPC_SERVICE_NAME

#Information about disk

Get-Disk

#Retrieving Process Information

Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Lists running threads for a specified process

(Get-Process chrome | Select-Object Threads).Threads

Get-Process | select -expand Threads

#Last Boot Uptime

Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

#Lists the current drivers on the system

Get-Process -Module

#Events and event logs on the local and remote

Get-EventLog -LogName System -EntryType Error, Warning

Get-EventLog -LogName System -EntryType Error, Warning -ComputerName $computer

[…]

Network PowerShell

Buscar direcciones IP en la red local y realizar una consulta DNS

(1 votes, average: 5.00 out of 5)

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {
Resolve-DnsName $_
}

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {

Resolve-DnsName $_

}

Network PowerShell

Buscar direcciones IP en la red local y realizar una consulta WMI

(1 votes, average: 5.00 out of 5)

$credencial=Get-Credential
(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {
Get-WmiObject -Class Win32_BIOS -ComputerName ($_) -Credential $credencial
}

$credencial=Get-Credential

(Get-NetNeighbor).IPAddress | Select-String "192.168.1." | % {

Get-WmiObject -Class Win32_BIOS -ComputerName ($_) -Credential $credencial

}

Network PowerShell

Get entries from the IPv6 neighbor cache

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor | Where-Object AddressFamily -EQ IPv6

1	Get-NetNeighbor \| Where-Object AddressFamily -EQ IPv6

Network PowerShell

Get entries from the IPv4 neighbor cache

(1 votes, average: 5.00 out of 5)

Get-NetNeighbor | Where-Object AddressFamily -EQ IPv4

1	Get-NetNeighbor \| Where-Object AddressFamily -EQ IPv4

PHP PowerShell Security

Seguridad informática con PowerShell

(2 votes, average: 5.00 out of 5)

Introducción Confidencialidad

#Habilitar BitLocker
Enable-BitLocker -MountPoint "f:" -RecoveryPasswordProtector -UsedSpaceOnly -Verbose

#Deshabilitar BitLocker
Disable-BitLocker -MountPoint "f:"

#Habilitar BitLocker

Enable-BitLocker -MountPoint "f:" -RecoveryPasswordProtector -UsedSpaceOnly -Verbose

#Deshabilitar BitLocker

Disable-BitLocker -MountPoint "f:"

Integridad

#Calcular hash para un archivo
Get-FileHash D:\power\fichero.txt -Algorithm MD5
Get-FileHash D:\power\fichero.txt -Algorithm SHA1
Get-FileHash D:\power\fichero.txt -Algorithm SHA256
Get-FileHash D:\power\fichero.txt -Algorithm SHA384
Get-FileHash D:\power\fichero.txt -Algorithm SHA512
Get-FileHash D:\power\fichero.txt -Algorithm RIPEMD160

#Calcular hash para un archivo

Get-FileHash D:\power\fichero.txt -Algorithm MD5

Get-FileHash D:\power\fichero.txt -Algorithm SHA1

Get-FileHash D:\power\fichero.txt -Algorithm SHA256

Get-FileHash D:\power\fichero.txt -Algorithm SHA384

Get-FileHash D:\power\fichero.txt -Algorithm SHA512

Get-FileHash D:\power\fichero.txt -Algorithm RIPEMD160

Seguridad física Analizar el hardware de los equipos de la empresa

$credenciales=Get-Credential
1..254 | %{
    (Get-WmiObject Win32_AutochkSetting -ComputerName ('192.168.1.'+$_) -Credential $credenciales).SettingID
    (Get-WmiObject Win32_BaseBoard -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Manufacturer
    (Get-WmiObject Win32_BIOS -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Version
    (Get-WmiObject Win32_Bus -ComputerName ('192.168.1.'+$_) -Credential $credenciales).DeviceID
    Get-WmiObject Win32_Processor -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_SystemEnclosure -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_Battery -ComputerName ('192.168.1.'+$_) -Credential $credenciales
    Get-WmiObject Win32_Printer -ComputerName ('192.168.1.'+$_) -Credential $credenciales
}

$credenciales=Get-Credential

1..254 | %{

(Get-WmiObject Win32_AutochkSetting -ComputerName ('192.168.1.'+$_) -Credential $credenciales).SettingID

(Get-WmiObject Win32_BaseBoard -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Manufacturer

(Get-WmiObject Win32_BIOS -ComputerName ('192.168.1.'+$_) -Credential $credenciales).Version

(Get-WmiObject Win32_Bus -ComputerName ('192.168.1.'+$_) -Credential $credenciales).DeviceID

Get-WmiObject Win32_Processor -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_SystemEnclosure -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_Battery -ComputerName ('192.168.1.'+$_) -Credential $credenciales

Get-WmiObject Win32_Printer -ComputerName ('192.168.1.'+$_) -Credential $credenciales

}

Ver dispositivos conectados […]

Forensic analysis Network PowerShell

Adquisición de datos volátiles

(1 votes, average: 5.00 out of 5)

#Información sobre procesos
Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Información sobre hilos
(Get-Process chrome | Select-Object Threads).Threads
Get-Process | select -expand Threads

#Información sobre conexiones
#https://www.jesusninoc.com/2015/11/13/cmdlets-for-tcpip-model-layers/
Get-NetAdapterHardwareInfo
Get-NetAdapter -Physical
Get-NetNeighbor
Get-NetAdapterStatistics
Get-NetAdapter | Select-Object Name,MacAddress
Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
((Get-NetAdapterBinding).DisplayName) -match 'Protocolo de Internet'
(Get-NetIPInterface) | Select-Object InterfaceAlias,AddressFamily
Get-NetIPv4Protocol
Get-NetIPv6Protocol
Get-NetRoute
Get-NetNat
Get-NetNatExternalAddress
Get-NetNatGlobal
Get-NetNatSession
Get-NetNatStaticMapping
Get-NetNatTransitionConfiguration
Get-NetNatTransitionMonitoring
Get-NetFirewallAddressFilter
Get-NetFirewallApplicationFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetFirewallRule
Get-NetFirewallSecurityFilter
Get-NetFirewallServiceFilter
Get-NetFirewallSetting
Get-NetTCPSetting
Get-NetTCPConnection
Get-NetTCPConnection | Select-Object LocalPort,Remoteport
Get-NetUDPSetting
Get-NetUDPEndpoint
(Get-NetUDPEndpoint).LocalPort
Get-DnsClient
Get-DnsClientCache
Get-DnsClientGlobalSetting
Get-DnsClientNrptGlobal
Get-DnsClientNrptPolicy
Get-DnsClientNrptRule
Get-DnsClientServerAddress

#Fecha y hora del sistema
Get-Date

#Última hora de arranque del sistema
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

#DLL
Get-Process | select -expand MainModule
Get-Process | select -expand Modules

#Información sobre procesos

Get-Process | Select-Object Name,Path,Company,CPU,Product,TotalProcessorTime,StartTime

#Información sobre hilos

(Get-Process chrome | Select-Object Threads).Threads

Get-Process | select -expand Threads

#Información sobre conexiones

#https://www.jesusninoc.com/2015/11/13/cmdlets-for-tcpip-model-layers/

Get-NetAdapterHardwareInfo

Get-NetAdapter -Physical

Get-NetNeighbor

Get-NetAdapterStatistics

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

((Get-NetAdapterBinding).DisplayName) -match 'Protocolo de Internet'

(Get-NetIPInterface) | Select-Object InterfaceAlias,AddressFamily

Get-NetIPv4Protocol

Get-NetIPv6Protocol

Get-NetRoute

Get-NetNat

Get-NetNatExternalAddress

Get-NetNatGlobal

Get-NetNatSession

Get-NetNatStaticMapping

Get-NetNatTransitionConfiguration

Get-NetNatTransitionMonitoring

Get-NetFirewallAddressFilter

Get-NetFirewallApplicationFilter

Get-NetFirewallInterfaceFilter

Get-NetFirewallInterfaceTypeFilter

Get-NetFirewallPortFilter

Get-NetFirewallProfile

Get-NetFirewallRule

Get-NetFirewallSecurityFilter

Get-NetFirewallServiceFilter

Get-NetFirewallSetting

Get-NetTCPSetting

Get-NetTCPConnection

Get-NetTCPConnection | Select-Object LocalPort,Remoteport

Get-NetUDPSetting

Get-NetUDPEndpoint

(Get-NetUDPEndpoint).LocalPort

Get-DnsClient

Get-DnsClientCache

Get-DnsClientGlobalSetting

Get-DnsClientNrptGlobal

Get-DnsClientNrptPolicy

Get-DnsClientNrptRule

Get-DnsClientServerAddress

#Fecha y hora del sistema

Get-Date

#Última hora de arranque del sistema

Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

#DLL

Get-Process | select -expand MainModule

Get-Process | select -expand Modules

Network PowerShell

Equivalencias entre comandos de red de Windows y Cmdlets de PowerShell

(1 votes, average: 5.00 out of 5)

ARP

Get-NetAdapter | Select-Object Name,MacAddress
Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress
Get-NetNeighbor

Get-NetAdapter | Select-Object Name,MacAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Select-Object Description,MACAddress

Get-NetNeighbor

IPCONFIG

Get-NetIPAddress
Get-NetIPConfiguration
Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize
Get-NetIPAddress | ? AddressFamily -eq IPv4 | FT –AutoSize
Get-NetAdapter Wi-Fi | Get-NetIPAddress | FT -AutoSize

Get-NetIPAddress

Get-NetIPConfiguration

Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize

Get-NetIPAddress | ? AddressFamily -eq IPv4 | FT –AutoSize

Get-NetAdapter Wi-Fi | Get-NetIPAddress | FT -AutoSize

NETSH

New-NetIPAddress -InterfaceAlias Wi-Fi -IPAddress 192.168.1.56 -PrefixLength 24 -DefaultGateway 192.168.1.1
Set-NetIPAddress –InterfaceIndex 12 –IPAddress 192.168.0.16
Remove-NetIPAddress –IPAddress 192.168.0.16 -DefaultGateway 192.168.0.1

New-NetIPAddress -InterfaceAlias Wi-Fi -IPAddress 192.168.1.56 -PrefixLength 24 -DefaultGateway 192.168.1.1

Set-NetIPAddress –InterfaceIndex 12 –IPAddress 192.168.0.16

Remove-NetIPAddress –IPAddress 192.168.0.16 -DefaultGateway 192.168.0.1

NETSTAT

Get-NetTCPConnection
Get-NetTCPConnection | Group State, RemotePort | Sort Count | FT Count, Name –Autosize
Get-NetTCPConnection | ? State -eq Established | FT –Autosize
Get-NetTCPConnection | ? State -eq Established | ? RemoteAddress -notlike 127* | % { $_; Resolve-DnsName $_.RemoteAddress -type PTR -ErrorAction SilentlyContinue}
Get-NetUDPEndpoint

Get-NetTCPConnection

Get-NetTCPConnection | Group State, RemotePort | Sort Count | FT Count, Name –Autosize

Get-NetTCPConnection | ? State -eq Established | FT –Autosize

Get-NetTCPConnection | ? State -eq Established | ? RemoteAddress -notlike 127* | % { $_; Resolve-DnsName $_.RemoteAddress -type PTR -ErrorAction SilentlyContinue}

Get-NetUDPEndpoint

NSLOOKUP

Resolve-DnsName

1	Resolve-DnsName

PING

Test-NetConnection
Test-NetConnection www.jesusninoc.com
Test-NetConnection -ComputerName www.jesusninoc.com -InformationLevel Detailed
Test-NetConnection -ComputerName www.jesusninoc.com | Select -ExpandProperty PingReplyDetails | FT Address, Status, RoundTripTime
1..100 | % { Test-NetConnection -ComputerName www.jesusninoc.com -RemotePort 80 } | FT -AutoSize

Test-NetConnection

Test-NetConnection www.jesusninoc.com

Test-NetConnection -ComputerName www.jesusninoc.com -InformationLevel Detailed

Test-NetConnection -ComputerName www.jesusninoc.com | Select -ExpandProperty PingReplyDetails | FT Address, Status, RoundTripTime

1..100 | % { Test-NetConnection -ComputerName www.jesusninoc.com -RemotePort 80 } | FT -AutoSize

ROUTE

Get-NetRoute
Get-NetAdapter Wi-Fi | Get-NetRoute
New-NetRoute
Remove-NetRoute

Get-NetRoute

Get-NetAdapter Wi-Fi | Get-NetRoute

New-NetRoute

Remove-NetRoute

TRACERT

Test-NetConnection –TraceRoute

1	Test-NetConnection –TraceRoute

Network PowerShell

Cmdlets for TCP/IP Model Layers

(2 votes, average: 4.50 out of 5)

Layer 1. Network Interface Layer The Network Interface layer (also called the Network Access layer) sends TCP/IP packets on […]

Filesystem Hardware Memory Network Operating Systems Permissions PowerShell Processes Schedule tasks Services Software Threads Updates Users

Cmdlets relacionados con tareas básicas y de administración en el sistema operativo Windows

(1 votes, average: 5.00 out of 5)

Gestión del hardware Gestión de archivos Agregar/Eliminar software Actualizar Gestión de procesos Programación de tareas Gestión de usuarios Gestión del […]

Network PowerShell

Find IP Address by MAC Address

(No Ratings Yet)

#MAC file
$macs = get-content .\mac.txt
foreach($mac in $macs){
#Use arp -a
$ip = arp -a | select-string "$mac" |% { $_.ToString().Trim().Split(" ")[0] }
"$mac has an ip of $ip"
}

#MAC file

$macs = get-content .\mac.txt

foreach($mac in $macs){

#Use arp -a

$ip = arp -a | select-string "$mac" |% { $_.ToString().Trim().Split(" ")[0] }

"$mac has an ip of $ip"

}

PowerShell 5.0

Get-NetNeighbor | Select-Object IPAddress,LinkLayerAddress

1	Get-NetNeighbor \| Select-Object IPAddress,LinkLayerAddress