Exploitationpowershellscriptingautomationshellcross-platformpwsh

PowerShell

PowerShell is an automation and configuration management platform consisting of a cross-platform command-line shell and associated scripting language.

Description

PowerShell provides a powerful environment for task automation and configuration management across platforms. It includes the pwsh command-line shell for executing scripts, commands, and interactive sessions. On Kali Linux, it is packaged for easy installation and use in cybersecurity tasks.

Common use cases include running PowerShell scripts for system administration, testing, and exploitation scenarios such as antivirus evasion or reflective loading. The tool supports various execution modes, from one-off commands to full interactive sessions, with options for login shells on Linux/macOS.

It integrates with .NET and offers extensive scripting capabilities, making it suitable for complex workflows in penetration testing and post-exploitation.

How It Works

PowerShell operates as a .NET-based runtime executing scripts and commands in a structured session. The pwsh binary launches the shell, parsing parameters to control execution context like input/output formats (Text/XML), threading (STA/MTA), profiles, and policies. Commands run in local scope when dot-sourced via -File, or as deserialized objects/strings via -Command. Base64-encoded commands via -EncodedCommand handle complex quoting. Exit codes reflect command success ($? true=0, false=1) or script termination.

Installation

bash

sudo apt install powershell

Flags

-File | -fRuns the specified script file in local scope (dot-sourced); reads from stdin if '-'.

-Command | -cExecutes commands as typed at prompt; supports script blocks, strings, or stdin ('-'); exits unless -NoExit.

-CommandWithArgs | -cwaExperimental: Executes command with $args populated from subsequent strings.

-ConfigurationName | -configSpecifies configuration endpoint like remoting endpoints or custom with role capabilities.

-ConfigurationFileApplies session configuration from .pssc file.

-CustomPipeNameSets IPC named pipe for debugging/cross-process communication.

-EncodedCommand | -e | -ecExecutes Base64-encoded UTF-16 command string.

-ExecutionPolicy | -ex | -epSets session execution policy (Windows only); saves to $env:PSExecutionPolicyPreference.

-InputFormat | -inp | -ifSets input data format: Text or XML.

-Interactive | -iPresents interactive prompt.

-Login | -lStarts login shell on Linux/macOS; must be first parameter.

-MTAUses multi-threaded apartment (Windows only).

-NoExit | -noeDoes not exit after startup commands.

-NoLogo | -nolHides startup banner.

-NonInteractive | -noniNon-interactive mode for scripts/CI; terminates interactive features with errors.

-NoProfile | -nopSkips loading PowerShell profiles.

-NoProfileLoadTimeHides profile load time if >500ms.

-OutputFormat | -o | -ofSets output format: Text or XML.

-SettingsFile | -settingsOverrides powershell.config.json for session.

-SSHServerMode | -sshsFor SSH subsystem in sshd_config.

-STAUses single-threaded apartment (default, Windows only).

-Version | -vDisplays PowerShell version.

-WindowStyle | -wSets window style: Normal, Minimized, Maximized, Hidden.

-WorkingDirectory | -wdSets initial working directory.

-Help | -? | /?Displays help.

Examples

Displays usage and help for pwsh.

pwsh -h

Runs script with All parameter; dot-sources in local scope.

pwsh -File -.\Get-Script.ps1 -All

Passes cmd.exe environment variable to script as literal string.

pwsh -File .\test.ps1 -TestParam %windir%

Executes script block from PowerShell host.

pwsh -Command {Get-WinEvent -LogName security}

Executes inline script block from cmd.exe using call operator.

pwsh -Command "& {Get-WinEvent -LogName security}"

Pipes multi-line script from stdin via -Command -.

@' "in" "hi" | % { "$_ there" } "out" '@ | pwsh -NoProfile -Command -

Executes experimental command populating $args with arg1 arg2.

pwsh -CommandWithArgs '$args | % { "arg: $_" }' arg1 arg2

Runs Get-Date and keeps session open.

pwsh -NoExit -Command Get-Date

Runs Get-Date with XML output format.

pwsh -o XML -c Get-Date

Starts login shell without profiles.

pwsh -Login -NoProfile

Updated 2025-Dec-09kali.org ↗