powershelldump
Table of Contents
PowerShell Playground
Version de powershell
PS C:\Users\Stephane Devaux> $PSVersionTable.PSVersion Major Minor Build Revision ----- ----- ----- -------- 5 1 17134 590 PS C:\Users\Stephane Devaux> Write-Host $PSVersionTable.PSVersion 5.1.17134.590
- Piper dans Get-Member pour connaitres les proprietes de l'objet
- Start-Transcript et Stop-Transcript pour sauvegarder l'historique d'une session
PsSession
Sur le serveur / machine destination
#Il faut configurer winrm
winrm quickconfig
Pour plus d'infos https://docs.microsoft.com/en-us/windows/desktop/winrm/installation-and-configuration-for-windows-remote-management
Sur le client
PS C:\WINDOWS\system32> New-PSSession -ComputerName isti-dc-ulb -Credential adminLTC@isti.be Id Name ComputerName ComputerType State ConfigurationName Availability -- ---- ------------ ------------ ----- ----------------- ------------ 7 WinRM7 isti-dc-ulb RemoteMachine Opened Microsoft.PowerShell Available PS C:\WINDOWS\system32> $s = New-PSSession -ComputerName isti-dc-ulb -Credential adminLTC@isti.be PS C:\WINDOWS\system32> Invoke-Command -Session $s -ScriptBlock { Get-Process } Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName PSComputerName ------- ------ ----- ----- ------ -- -- ----------- -------------- 36 5 1804 4208 0,00 2332 conhost isti-dc-ulb 563 13 1968 1336 3,66 340 csrss isti-dc-ulb 212 12 1924 2360 4,97 392 csrss isti-dc-ulb 310 30 25116 8844 65,08 1428 dfsrs isti-dc-ulb 127 13 2772 2584 7,73 1664 dfssvc isti-dc-ulb 2679 1159 59348 31612 107,17 1484 dns isti-dc-ulb 67 7 1380 200 0,02 2452 dwm isti-dc-ulb 530 37 19792 13624 29,27 2940 explorer isti-dc-ulb 0 0 0 24 0 Idle isti-dc-ulb 111 13 3280 1432 1,09 1528 ismserv isti-dc-ulb 1231 93 30344 16392 1.436,05 500 lsass isti-dc-ulb 193 10 3040 2080 1,31 508 lsm isti-dc-ulb 291 40 43576 9712 34,95 1360 Microsoft.ActiveDirectory.WebServices isti-dc-ulb 493 38 57084 54164 2,78 2864 mmc isti-dc-ulb 142 17 3228 44 0,03 2972 msdtc isti-dc-ulb 318 22 44632 49228 0,31 1552 powershell isti-dc-ulb 280 14 5912 3864 108,55 492 services isti-dc-ulb 29 1 372 44 0,06 260 smss isti-dc-ulb 363 26 9988 1676 5,27 1196 spoolsv isti-dc-ulb 163 8 2668 8620 0,66 2304 sppsvc isti-dc-ulb 305 32 8884 4180 13,25 360 svchost isti-dc-ulb 362 14 4036 3152 48,80 652 svchost isti-dc-ulb 276 18 3732 3388 13,06 740 svchost isti-dc-ulb 329 16 12116 8396 27,41 828 svchost isti-dc-ulb 1359 258 103764 32480 2.258,42 872 svchost isti-dc-ulb 316 24 6120 2480 30,88 912 svchost isti-dc-ulb 197 15 3460 3964 1,42 956 svchost isti-dc-ulb 580 54 16940 10604 32,75 996 svchost isti-dc-ulb 256 261 24464 5408 15,73 1464 svchost isti-dc-ulb 50 4 844 44 0,02 1588 svchost isti-dc-ulb 236 12 2480 1932 1,14 1992 svchost isti-dc-ulb 101 13 2272 1896 2,77 2032 svchost isti-dc-ulb 555 0 112 52 4 System isti-dc-ulb 86 8 1564 4684 0,02 3016 taskeng isti-dc-ulb 161 14 3376 524 0,41 2140 taskhost isti-dc-ulb 122 14 11864 16704 37,30 2752 TrustedInstaller isti-dc-ulb 134 15 2328 48 0,14 2132 vds isti-dc-ulb 120 12 3060 292 65,64 1224 vmicsvc isti-dc-ulb 137 11 5256 44 0,78 1244 vmicsvc isti-dc-ulb 77 8 1324 44 0,00 1264 vmicsvc isti-dc-ulb 89 8 1368 308 43,03 1284 vmicsvc isti-dc-ulb 92 8 1412 44 0,03 1304 vmicsvc isti-dc-ulb 78 10 1316 40 0,05 400 wininit isti-dc-ulb 99 7 1396 1204 0,05 428 winlogon isti-dc-ulb 211 34 46988 51228 1,17 484 wsmprovhost isti-dc-ulb 197 33 45988 50108 0,36 2520 wsmprovhost isti-dc-ulb 195 33 45512 50088 0,42 2812 wsmprovhost isti-dc-ulb 91 9 1680 284 0,13 2804 wuauclt isti-dc-ulb
Enter-PsSession
PS C:\WINDOWS\system32> Enter-PSSession $s [isti-dc-ulb]: PS C:\Users\adminLTC\Documents>
powershelldump.txt · Last modified: 2024/04/04 10:19 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
