Table of contents
- Introduction
- Commands to avoid In Windows Powershell which can erase important data
- Commands to avoid in Windows Powershell which can stop the important process
- Stopping Windows defender’s Real time protection
- Executing the files downloaded from the Internet in windows powershell
- Conclusion
Introduction
As system administrators and network engineers , we should be aware and avoid execution of some of the dangerous commands In powershell. These commands can cause significant impact to the system by producing irreparable damage or sometimes DOS attack. Since some of these commands are possible to execute accidentally , we should use caution while handling them
In this article we will cover in detail on some of them and how it can get accidentally executed on your system
Commands to avoid in windows powershell which can erase important data
Remove-item or rm
The following command deletes the files and folders under the C:\Windows , this includes the deleting of the system32 files and folder , which is present under the path “C:\Windows “. We should be careful when dealing with the files under the folder “C:\” as it can cause some irreparable damage to your system
rm -Path “C:\Windows” -Recurse -Forcerm or remove-item does the same job as rm is the alias of remove-item
-recurse deletes the directory , its sub-directories and the files
-force deletes the directory or files without confirmation prompt
This command can be accidentally executed if we are copy pasting the file path we were looking to clean up. But unfortunately we missed the full path while copying and executing the command without validating once
Is there a safe way ?
There is a safe way to test these commands live before executing , Windows powershell as a Built-in safety feature called -Whatif , which tells what would happen if a command is executed without actually deleting the files or directories
rm -Path “C:\Windows” -recurse -force -whatif
What if: Performing the operation "Remove Directory" on target "-Path “C:\Windows”.
Commands to avoid in Windows Powershell which can stop the important process
Stop-Process or spps
Stop-process can be dangerous when used along with the get-process , so we should execute these commands only when you are fully aware what these commands can do
For example , the following command , gets all the process running on the system and pipes it to the stop-process with the force option to stop them without prompting for confirmation
Get-process | stop-process -force or
gps | spps -force ( gps is the alias of get-process , spps is the alias of stop-process )
These commands can get accidentally executed if you intention was to delete one particular process , however you missed to mention that one particular process name explicitly
For example , your intention to execute
Get-process ssh | stop-process -force But what you have executed accidentally
Get-process | stop-process -force Is there a Safe way ?
There is a Safe way to test these as well , using the WIndows Powershell built in feature called -Whatif . WhatIf feature would tell us what would happen when you execute a command and won’t actually execute the command , this would help us test things live.
get-process | stop-process -whatif
What if: Performing the operation "Stop-Process" on target "ssh (5160)".
What if: Performing the operation "Stop-Process" on target "notepad (4660)".
.
.Stopping Windows defender’s Real time protection
We can use the following command to disable the Windows defender’s real time protection , this can let different malicious code to get undetected making your system vulnerable. we should not execute this command unless we are absolutely sure on what we are doing and its needed
Set-MpPreference -DisableRealtimeMonitoring $TrueExecuting the files downloaded from the Internet in Windows powershell
We can use the invoke-webrequest or wget command to download the files from the internet by specifying the path to the file , the problem is executing those files using the start-process right after that as a script can be dangerous , if we don’t know what does that downloaded executable file does
The following two line powershell script , downloads the file from the specified source path and saves it to the destination file path , then executes the destination file path using the start-process command
Invoke-WebRequest -Uri <source path> -OutFile <destination path>
Start-Process <destination path >or
wget -Uri <source path> -OutFile <destination path>
start <destination path >Note
- we can also use wget or Invoke-WebRequest as wget is the alias of it
- We can also use start or start-process as start is the alias of it
Conclusion
In this article we have covered some of the dangerous commands we should avoid executing on Windows powershell as some of them cause irreparable damage to the system. Knowing the consequences of these commands , helps us to express caution and mentor others on avoiding such a commands from getting executed
For more interesting articles like this visit our official website