Get a directory listing: > Get-ChildItem

Copy a file: > Copy-Item source.html destination.html

Move a file: > Move-Item source.html destination.hml

Find text within a file: > Select-String -path C:\temp\*.txt -pattern passwd

Display file contents: > Get-Content file.txt

Get present directory: > Get-Location

Get a process listing: > Get-Process

Get a service listing:  > Get-Service

Formatting output of a command: > ls | Format-List -property name

Paginating output: > ls -r | Out-Host -paging

Get the SHA1 hash of a file: > Get-FileHash -Algorithm SHA1 file.txt

Exporting output to CSV: > Get-Process | Export-Csv processes.csv

Helpful PowerShell CMDlets for Pentesting

Find all files with a particular name:

> Get-ChildItem "C:\temp\" - recurse -include *passwd*.txt

Get a listing of all installed Microsoft Hotfixes:

> Get-HotFix

Navigate the Windows registry:

> cd HKLM:\

List programs set to start automatically in the registry:

> Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\run

List and modify the Windows firewall rules:

> Get-NetFirewallRule -all

> New-NetFirewallRule -Action Allow -DisplayName RDP -RemoteAddress 192.168.2.222

Conduct a ping sweep:

> 1..255 | % {echo "192.168.2.$_"; ping -n 1 -w 100 192.168.2.$_ | Select-String ttl}

Conduct a port scan:

> 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.168.2.1",$_)) "Port $_ is open!"} 2>$null