Finding PowerShell Named Pipes

Each PowerShell host running PowerShell 5 or better opens a “named pipe” that you can detect. The code below identifies these named pipes and returns the processes exposing the pipes:

Get-ChildItem -Path "\.pipe" -Filter '*pshost*' |
ForEach-Object {
    Get-Process -Id $_.Name.Split('.')[2]
}

The result may look similar to this:

 
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                                                                                                    
-------  ------    -----      -----     ------     --  -- -----------                                                                                                    
   1204      98   306220      66620      63,30  28644   1 powershell_ise                                                                                                 
    525      29    72604      12708       5,64  12188   1 powershell                                                                                                     
    741      41   125728     142656      11,52  27144   1 powershell                                                                                                     
    835      61    40836      82624       1,44  22412   1 pwsh                                                                                                           
    820      49   199680     230632       2,86  26500   1 powershell_ise 
 

Any process listed here is hosting a PowerShell runspace, and you can use Enter-PSHostProcess -Id XXX to connect to the PowerShell process (provided you have local Administrator privileges).


psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

Finding the Latest PowerShell 6 Download URL

PowerShell 6 is open-source and maintained in a public repository on GitHub. There are frequent releases. Here is a way how you can find out the download URL for the latest available PowerShell 6 release:

$AllProtocols = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[Net.ServicePointManager]::SecurityProtocol = $AllProtocols 


# get the URL for the latest PowerShell 6 release
$url = "https://github.com/PowerShell/PowerShell/releases/latest?dummy=$(Get-Random)"
$request = [System.Net.WebRequest]::Create($url)
$request.AllowAutoRedirect=$false
$response = $request.GetResponse()
$realURL = $response.GetResponseHeader("Location")
$response.Close()
$response.Dispose()

# get the current version from that URL
$v = ($realURL -split '/v')[-1]

# create the download URL for the release of choice
# (adjust the end part to target the desired platform, architecture, and package format)
$platform = "win-x64.zip"
$static = "https://github.com/PowerShell/PowerShell/releases/download"
$url = "$static/v$version/PowerShell-$version-$platform"

This chunk of code generates the download URL for the Windows 64-bit release in ZIP format. If you’d like to download a different release, simply adjust the platform part defined in $platform.

Once you have the download URL, you can automate the rest accordingly: download the ZIP file, unblock and unpack it, then launch PowerShell 6:

# define the place to download to
$destinationFile = "$env:tempPS6powershell6.zip"
$destinationFolder = Split-Path -Path $destinationFile

# create destination folder if it is not present
$existsDestination = Test-Path -Path $destinationFolder
if ($existsDestination -eq $false)
{
    $null = New-Item -Path $destinationFolder -Force -ItemType Directory
}

# download file
Invoke-WebRequest -Uri $url -OutFile $destinationFile
# unblock downloaded file
Unblock-File -Path $destinationFile
# extract file
Expand-Archive -Path $destinationFile -DestinationPath $destinationFolder -Force

Finally, let’s create a shortcut on your desktop that points to PowerShell6 and lets you easily launch the shell:

# place a shortcut on your desktop
$path = "$HomeDesktoppowershell6.lnk"
$obj = New-Object -ComObject WScript.Shell
$scut = $obj.CreateShortcut($path)
$scut.TargetPath = "$destinationFolderpwsh.exe"
$scut.IconLocation = "$destinationFolderpwsh.exe,0"
$scut.WorkingDirectory = "$homeDocuments"
$scut.Save() 

# run PowerShell 6
Invoke-Item -Path $path

psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

Finding Latest PowerShell 6 Release (and Download URLs)

PowerShell 6 is open-source and maintained in a public repository on GitHub. There are frequent releases.

If you don’t want to dig your way through the GitHub front-end to find the download location for the latest PowerShell 6 release, here is a PowerShell way:

$AllProtocols = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[Net.ServicePointManager]::SecurityProtocol = $AllProtocols 

# get all releases
Invoke-RestMethod -Uri https://github.com/PowerShell/PowerShell/releases.atom -UseBasicParsing |
  # sort in descending order
  Sort-Object -Property Updated -Descending |
  # pick the first (newest) release and get a link
  Select-Object -ExpandProperty Link -First 1 |
  # pick a URL
  Select-Object -ExpandProperty HRef

(Note that explicitly enabling SSL is required only up until Windows 10 1803.)

This gets you the URL for the latest PowerShell 6 release page. On it, you find the downloads for the different supported platforms.

Then again, there is an easier way, too: navigate to https://github.com/PowerShell/PowerShell/releases/latest

However, this won’t provide you with the URL and tag information. Instead, you are simply redirected to the appropriate URL.

Here is a hybrid of both: use the shortcut to the latest release, but do not allow redirects. This way, PowerShell is reporting the complete URL back to you:

$AllProtocols = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[Net.ServicePointManager]::SecurityProtocol = $AllProtocols 


# add a random number to the URL to trick proxies
$url = "https://github.com/PowerShell/PowerShell/releases/latest?dummy=$(Get-Random)"

$request = [System.Net.WebRequest]::Create($url)
# do not allow to redirect. The result is a "MovedPermanently"
$request.AllowAutoRedirect=$false
# send the request
$response = $request.GetResponse()
# get back the URL of the true destination page, and split off the version
$realURL = $response.GetResponseHeader("Location")
# make sure to clean up
$response.Close()
$response.Dispose()

$realURL

psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

Finding Latest PowerShell 6 Release

PowerShell 6 is open-source, and there are frequently new releases available. You can always visit https://github.com/PowerShell/PowerShell/releases to learn more about these releases.

From a PowerShell perspective, to automate this step, here is a small script that reads the GitHub release RSS feed, converts the data appropriately, and then dumps the releases with their respective download URLs in descending order:

$AllProtocols = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[Net.ServicePointManager]::SecurityProtocol = $AllProtocols 


$Updated = @{
    Name = 'Updated'
    Expression = { $_.Updated -as [DateTime] }
}

$Link = @{
    Name = 'URL'
    Expression = { $_.Link.href }
}

Invoke-RestMethod -Uri https://github.com/PowerShell/PowerShell/releases.atom -UseBasicParsing |
  Sort-Object -Property Updated -Descending |
  Select-Object -Property Title, $Updated, $Link

This is what a result could look like:

 
title                                       Updated             URL                                                                   
-----                                       -------             ---                                                                   
v6.2.0 Release of PowerShell Core           28.03.2019 19:52:27 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0          
v6.2.0-rc.1 Release of PowerShell Core      05.03.2019 23:47:46 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0-rc.1     
v6.1.3 Release of PowerShell Core           19.02.2019 19:32:01 https://github.com/PowerShell/PowerShell/releases/tag/v6.1.3          
v6.2.0-preview.4 Release of PowerShell Core 28.01.2019 22:28:01 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0-preview.4
v6.1.2 Release of PowerShell Core           15.01.2019 21:02:39 https://github.com/PowerShell/PowerShell/releases/tag/v6.1.2          
v6.2.0-preview.3 Release of PowerShell Core 11.12.2018 01:29:33 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0-preview.3
v6.2.0-preview.2 Release of PowerShell Core 16.11.2018 02:52:53 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0-preview.2
v6.1.1 Release of PowerShell Core           13.11.2018 20:55:45 https://github.com/PowerShell/PowerShell/releases/tag/v6.1.1          
v6.0.5 Release of PowerShell Core           13.11.2018 19:00:56 https://github.com/PowerShell/PowerShell/releases/tag/v6.0.5          
v6.2.0-preview.1 Release of PowerShell Core 18.10.2018 02:07:32 https://github.com/PowerShell/PowerShell/releases/tag/v6.2.0-preview.1
 

Note that explicitly enabling SSL is required only up until Windows 10 1803.


psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

PowerShell ISE Module Browser

If you are using the built-in PowerShell ISE, you might find the “Module Browser Add-on” useful. It is fairly old and was published in 2015, however you can easily download and install it from the PowerShell Gallery:

 
PS C:> Install-Module ISEModuleBrowserAddOn -Repository PSGallery -Scope CurrentUser 
 

Once the module is installed, you can load it into PowerShell ISE like this:

 
PS C:> Import-Module -Name ISEModuleBrowserAddon -Verbose 
 

This opens a new Add-on pane on the right side of PowerShell ISE with three categories: Gallery, Favorites, and My Collection.

“Gallery” connects you to the online PowerShell Gallery and was originally created to help make online content in the PowerShell Gallery more discoverable. However this part does not seem to work anymore.

When you click “My Collection”, though, you get a list of all of your modules, and when you double-click a module in this list, you can list the module content such as the contained commands. You can also mark a module as “Favorite” (and place it on the “Favorites” list), uninstall a module, or open it via buttons at the bottom of the module list.

With the “New Module” button at the top, you can create a new and empty PowerShell module: a wizard guides you through the steps to collect the metadata and create the appropriate files.


psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

Converting SecureString to String

Sometimes it can make sense to convert a SecureString back to a regular string, for example because you have used the shielded input provided by Read-Host:

$secret = Read-Host -Prompt 'Enter Keypass' -AsSecureString

This prompts the user to enter secret and now the input is a SecureString:

 
PS> $secret
System.Security.SecureString  
 

To make it plain text again, use the SecureString to create a PSCredential object, which comes with a method to decrypt the password:

$secret = Read-Host -Prompt 'Enter Keypass' -AsSecureString
[System.Management.Automation.PSCredential]::new('hehe',$secret).GetNetworkCredential().Password

psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!