IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [powershell]

task automation and configuration management CLI for Windows, the first release was in Windows XP SP2 in 2006

PowerShell is a CLI on Windows like CMD but it has enhanced functionality, since it was build up to create management scripts and automate system tasks.

89 questions
72
votes
3 answers

Strange code running at startup

A piece of code was running on my Windows machine at startup. I would like to know exactly what this code is doing; it seems to refer to something like crackbook? @echo off if %PROCESSOR_ARCHITECTURE%==x86 ( START /B powershell -NoP -NonI -W…
Aditya Giri
  • 739
  • 1
  • 5
  • 8
32
votes
2 answers

How is PowerShell's RemoteSigned execution policy different from AllSigned?

I'm still pretty new to PowerShell, and recently read this in a blog posting about creating and using PowerShell scripts. To prevent the execution of malicious scripts, PowerShell enforces an execution policy. By default, the execution policy is…
Iszi
  • 26,997
  • 18
  • 98
  • 163
13
votes
1 answer

What's the purpose of "ExecutionPolicy" settings in PowerShell if the "-bypass" switch circumvents it?

PowerShell's "ExecutionPolicy" allows for restricting all scripts from running, only allowing signed scripts, etc - see this article for reference. However, if I simply do: PowerShell -ExecutionPolicy Bypass -file MyScript.ps1 ... I have…
gravity
  • 229
  • 1
  • 7
11
votes
2 answers

How insecure is PowerShell Web Access?

Windows Server 2012 comes with a new feature that allows you to administrate the server via a PowerShell command line in any modern browser including Smartphones. This sounds cool and scary at the same time. I am evaluating this option and are…
Peter Hahndorf
  • 445
  • 2
  • 10
8
votes
1 answer

Is this Windows local code execution bug also a security vulnerability?

I stumbled on a Windows bug leading to code execution. I believe it should be categorized as a vulnerability but Microsoft does not recognize it as such. I would like to read other opinions. Functionality The bug affects the context menu "Open…
Enos D'Andrea
  • 1,047
  • 5
  • 12
7
votes
1 answer

What are the security implications of enabling WINRM on all domain members?

As Powershell becomes more and more popular, it appears that using WINRM may end up being a better option than using PSEXEC from SysInternals for remote management. Given that WINRM is disabled by default, however, I wonder what type of security…
bshacklett
  • 295
  • 1
  • 3
  • 7
6
votes
3 answers

Windows netsh pivoting

I am pentesting a windows box to which I have gained system privileges. This box has two network interfaces. I have been able to reach machines on the second interface via the below netsh command. However this is quite inefficient as it is one port…
KDEx
  • 4,981
  • 2
  • 20
  • 34
6
votes
4 answers

Is this powershell script an infection?

While I was sitting in front of the computer not using it,my Windows 10 machine quickly flashed a few terminal windows, and then gave me a Windows Security popup, asking for my password. I have no idea what this is for, so I did a little poking…
AShelly
  • 173
  • 1
  • 7
5
votes
2 answers

PowerShell's Module logging

I'm looking for some more information concerning the white paper which goes into some detail over PowerShell's Module logging. Specifically, once this is enabled, are the default cmdlets logged? For example, Get-Service and so on. Looking over the…
user4317867
  • 151
  • 6
5
votes
2 answers

How to make Automated API calls which are at least minimally secure?

How do I go about writing scripts (for automation) in Powershell (and possibly even Python) that help me access APIs while keeping the credentialing information either secure IN the script and/or outside it (if stored and retrieved from…
AdilZ
  • 151
  • 3
5
votes
1 answer

Checklist for configuring WinRM Security settings on servers

WinRM has a very difficult to use command line interface and that leads me to believe some settings will be easily reconfigured, overlooked, and eventually exploited. In other words, insecurity though obscurity. What security settings should I pay…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

What is the security impact of changing PowerShell's PSLanguageMode?

A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s). What potential vulnerabilities am I opening myself up to? I'm surprised to see this option present within IIS. What other locations can I set…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
4
votes
1 answer

Is there a way to run a downloaded powershell script as admin without setting a global ExecutionPolicy bypass?

Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command: Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force I don't want to…
leeand00
  • 1,297
  • 1
  • 13
  • 21
4
votes
1 answer

What security implications are involved when using a CSV file to fill a SQL table?

I have some data on CSV files and I want automate the input of this data into an SQL database using Powershell. The data is mostly, if not completely, numbers. I am using a script based on the one found here: SIMPLE POWERSHELL SCRIPT TO BULK LOAD…
techguy1029
  • 143
  • 5
4
votes
2 answers

Did I just infect my machine?

I just ran an AVI file that was sent to me, thinking AVIs were safe. Turns out it was a windows shortcut with this in the path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoPr -WINd 1 -eXEc ByP . ( $shelliD[1]+$SHeLlID[13]+'x')…
Brad Irby
  • 141
  • 1
1
2 3 4 5 6