Writing a Powershell Script

I'm not even going to try and re-write any of the wonderful articles out on the web, but I will make suggestions on where you can find great practice materials to practice reading PowerShell. 




I believe that reading scripts and code is the best way to find the really cool stuff about a language. Scripting /coding is an art form more than a science because there is no one way to skin a cat. By reading code written by other people, you start to learn techniques and develop questions about how something works. More often than not you will spend a lot of time asking, why the idiot did it that way. That is until you finish the entire script and realize how genius the code actually is. 

One final thing before you hop on over to this article to find your first PowerShell script exercise. To make the most out of this exercise you will need to first learn how to start a service as another user. follow the steps laid out below. 

The following steps were performed on Powershell 5.1.

There are 3 different ways to accomplish the same goal here, but all of them first require that you are running PowerShell as an administrator. 



Method 1

Identify the position of the "startname" and "startpassword" parameters for a service. Just a short explanation of these parameters. Every service is run by a user/account. Windows allows for an administrator to change the account that is responsible for starting the service. Hence we have the parameters "startname" and "startpassword". Now that you know what these parameters represent let's grab them. Execute the following command:


((Get-CimInstance -class win32_service -filter "name='tapisrv'").CimClass.CimClassMethods | Where-Object {$_.name -eq "Change"}).parameters


A breakdown of the command:

Get-CimInstance -class win32_service -filter "name='tapisrv'" - This part of the command simply grabs the service named "tapisrv" which is the Telephony service. 

Note: adding parentheses around a command-lets kind encapsulates it so that you combine it with other relevant command-let classes which makes more granular attributes retrievable.

.CimClass - is a class that contains the class that we really want which is ".CimClassMethods". We are focused on the CimClassMethods because we are interested in finding the method responsible for manipulating the service object itself. 

Note: Methods are pieces of the program that makes something happen. 

Next, we pipe "|" the output of the first command-let in the "Where-object" command-let so that we can specify which method we need more information on

Lastly, we wrap all of this in another set of parentheses so that we can request only the parameters of the change method inside of the service object.

At the end of it is all, we count down the list and find that the two parameters desired are in the following positions: "startname" position number 10, and "startpassword" position number 11. 

Note: We count down from the top, and it is super important that we get these positions to correctly change who is running the service. 

If using WMI command, the following accomplishes that same thing. Just have to start counting after the entries with the leading double underscore marks:

(Get-WmiObject win32_service -Filter "name='tapisrv'").GetMethodParameters("change")

Note: Even though WMI command-lets still work, CIMInstance is the preferred tool to get the job done. It is more work, but only because the admin has a lot more control in some situations. 

Now that we have what we need, Let's make the change. Execute the following command:

(Get-WmiObject win32_service -Filter "name='tapisrv'").change($null, $null,$null,$null,$null,$null,$null,$null,$null,$null,".\tester","password1")



Note: We provide the command "$null" null values so that no other parameters are changed. It is also important to get a returnvalue of "0" zero. If the retunvlaue is anything else please check out this artlce to find out what may have gone wrong: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/startservice-method-in-class-win32-service


Before the change




After the change

Method 2

This method is pretty straightforward, and it demonstrates the power of CIMInstance over WMIObject.

Get-CimInstance win32_service -filter “name=’tapisrv'” | Invoke-CimMethod -Name Change -Arguments 
@{StartName=”.\tester”; StartPassword="password1"}

Method 3

This method will only work in PowerShell version 6+. 

Set-Service -Name tapisrv -Credential $credential

Note: The $credential is a variable that represents a user's log-in information. Something like the image below:

Everything is encrypted and saved in the variable once the password is captured


Leave a comment below if you find even better scripts for beginner exercises. 


Your Exercise

https://www.networkadm.in/use-powershell-to-find-windows-svcs-configured-to-run-as-another-user/



If you are looking for more advanced scripts try out the link below. Here you will find entire modules built to increase Powershell functionality. Yes, Powershell is modular and can be expanded to handle myriad situations. Best of all, anyone can write a new module and provide it to the entire community. Even YOU!

https://www.powershellgallery.com/

Comments

Post a Comment

Popular posts from this blog

PowerShell Starter

Image
 PowerShell is seriously for Everyone I'll be honest with you all, I know enough PowerShell to get out of trouble. On the other hand, writing these blogs have really gotten me excited about how useful PowerShell can be. I have even installed PowerShell onto my Linux machine. Yes! you heard that right, PowerShell runs on more than just Windows. In fact, Microsoft has articles on how to install PowerShell on Linux and Mac OS.  The Power... in Powershell I have learned that the most beautiful part about Powershell is its structure. PowerShell is comprised of commands called command-let(s), and every command-let follows the same structure Verb - Noun. This makes it easier for people to remember or even guess at a new command-let. The other winning attribute of PowerShell is that it is built around objects.  Object-oriented languages are really cool in that coding because focused on targets of interest, and each target has attributes that make it similar to another object of t...
Read more

Working with Windows Passwords

Image
Don't you just hate it when you create the world's most complicated password for your admin account, and then "Bing!, Bang!, Boom!" it is gone from your memory like a thief in the night? Yeah, that has never happened to me either 😉 To be honest with you, what this post is going to show you is not even close to the proper methods a real admin would use to establish a password recovery methodology. This blog posting is purely for the fun factor. If you are looking to sharpen your Windows admin skills needed for work, check out this article on 3 ways to actually recover an admin password ( https://www.makeuseof.com/tag/3-ways-to-reset-the-forgotten-windows-administrator-password/ ).  Note : Just in case you were wondering, the only password worth learning to recover is the admin password because all other passwords can be reset by an admin.  Ok so if you are still here and reading, you are just looking to learn how mischievous little children can ransack a computer by s...
Read more