National Cyber Warfare Foundation (NCWF)

PowerShell: Moving from Bash to PowerShell
0 user ratings		2025-10-20 16:06:02
milo
Red Team (CNA)

Map familiar Bash commands to their PowerShell equivalents and learn practical one-liners for file, text, network, and system tasks.


The post PowerShell: Moving from Bash to PowerShell first appeared on Hackers Arise.



Welcome back, hackers!





When moving from Bash to PowerShell, people often run into difficulties simply because they do not know which tools in PowerShell serve as equivalents and how to use them. For example, I personally like Bash for its straightforward logic. If you need to grab only certain lines from a text file, you know you can call on cat and grep. But when you try to type something similar in PowerShell, it often feels like hitting a wall. You know the logic, you know it should be just a one-liner, yet you get stuck on how to actually do it. That is exactly what we are going to sort out today. 





This article serves as an addition to PowerShell for Hackers: Basics and aims to show more of PowerShell’s capabilities by mapping familiar Bash commands to their PowerShell equivalents. If you haven’t read PowerShell for Hackers: Basics, we highly recommend starting there. This guide is written for people who know the Linux command line and want practical examples for their workflows in PowerShell.





General Rules of the Game





Let’s start with the most basic thing, which is still very important, it is working with variables. In Bash, declaring a variable is as simple as writing foo=1. In PowerShell, you need to add a dollar sign: $foo=1. To print the value of a variable to the screen, you can use the universal echo or the PowerShell-specific cmdlet Write-Host. Is it longer? Definitely. But the benefit is that with Write-Host you can control the output in interesting ways:





PS > Write-Host (2,4,6,8,10,12) -Separator "->" -ForegroundColor DarkMagenta -BackgroundColor White





working with flags in powershell




This snippet will print the sequence of numbers inside the parentheses, place a -> between them, and also change both the text and the background colors. For a quick throwaway script this isn’t necessary, but for a daily report it might be quite useful.





If you need to compare something PowerShell has a full set of operators, familiar to anyone coming from Linux.





working with powershell operators




If comparison operators and logical conditions are more or less clear, let’s look at a very simple but practical example with data types. Suppose we want to measure the average response time from a website like google.com. To do this we need to send several pings and calculate the average. Here’s a short script:





Write-Host `n "Waiting for test ..."
$Avg = 0
$Site = "www.google.com"
$PingSite = Test-Connection -Count 5 $Site
$Avg = ($PingSite | Measure-Object ResponseTime -Average)
$Calc = ($Avg.Average) -as [int]
Clear-Host
Write-Host "Average response time to $Site is $Calc ms"





working with powershell variables




If we don’t cast the value to an integer, we get a floating-point number, which isn’t very convenient for this purpose.
This is one of the instances where a PowerShell command is actually stronger than the classic Linux ping. The Test-Connection cmdlet outputs structured objects that already contain response times, status, and other useful properties. That means you can pipe the results directly into tools like Measure-Object and do math on them without needing to parse text with awk or grep. In Linux, ping is text-based, so you often need extra commands to extract the numbers. PowerShell skips that step





Aliases





To make PowerShell easier to use, you can create aliases. It’s worth checking the aliases already available on your system with:





PS > Get-Alias





listing aliases




Aliases can even point to programs. For example, let’s make an alias for launching the calculator:





PS > Set-Alias -Name calc -Value calc.exe





setting a new alias in powershell




Now typing calc will start the calculator. If you want your alias to represent a command with parameters, you need to wrap it in a function:





function AL01 { Test-Connection -Count 2 google.com }
Set-Alias ping AL01





Now when you type ping, it will perform two pings to google.com. To remove an alias, use:





PS > Remove-Item alias:ping





Note, once you close PowerShell, all aliases you created this way disappear. To keep them permanently, you need to save them in your profile. PowerShell actually has four possible profiles. You can see them with:





PS > $profile | Format-List -Force





listing powershell proiflees




To check if they exist on your system:





PS > $profile | Format-List -Force | ForEach-Object { Test-Path $_ }





If the result is False, the file simply doesn’t exist. You can create it, for example, at this path:





PS > notepad.exe C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1





And add your aliases inside it:





function AL01 { Test-Connection -Count 2 google.com }
Set-Alias ping AL01





creating a powershell profile




After saving and restarting PowerShell, your aliases will load automatically.





One important note. By default, Windows blocks the execution of external scripts. This means your profile file might be ignored. To check the current policy, run:





PS > Get-ExecutionPolicy





Most likely it will return Restricted, which means all scripts are blocked. To allow your profile script to run, you need to open PowerShell as Administrator and set:





PS > Set-ExecutionPolicy Unrestricted





setting execution policy to unrestricted




After confirmation, scripts will run normally, including your profile file.





using aliases in powershell




Going Deeper





Now let’s move on to the most popular Linux tools and their PowerShell equivalents, from simple to more advanced.





cd





Navigation between directories. You can use the familiar cd alias or the cmdlet Set-Location:





PS > Set-Location Windows





This moves you to the Windows folder in the current directory. PowerShell even lets you navigate the registry the same way:





PS > Set-Location -Path "HKLM:"





PS > Set-Location -Path "HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\CTF"





using cd in powershell




ls





To view the contents of a directory, use ls, dir, or the cmdlet Get-ChildItem:





PS > Get-ChildItem C:\





listing files in powershell




This shows everything on the C: drive. To sort results by modification time (like ls -ltr in Linux):





PS > Get-ChildItem $env:USERPROFILE\Documents | Sort-Object -Property LastWriteTime





using sort in powershell




For recursive searches:





PS > Get-ChildItem -Path C:\ -Force -Recurse





mkdir





To create directories, use New-Item:





PS > New-Item -ItemType Directory -Name intel





Or to create a subfolder:





PS > New-Item -ItemType "directory" -Path "c:\intel\papers"





creating directories with powershell




You can even create a text file with content in one command:





PS > New-Item -Path . -Name "key.txt" -ItemType "file" -Value "HSDAF8KL"





creating files with ontent in powershell




touch





Creating files also uses New-Item:





PS > New-Item -ItemType "file" -Path "c:\temp\file.txt", "C:\intel\papers\classified.txt"





This makes two files in different folders.





cp





Copying files is done with Copy-Item:





PS > Copy-Item -Path C:\intel\classified.txt -Destination C:\important\





It also works over the network:





PS > Copy-Item -Path C:\key.txt -Destination '\\file-srv\f$\key.txt'





rm





Deleting files is Remove-Item. The dangerous rm -rf equivalent is:





PS > Remove-Item -Recurse -Force





Like in Linux, it’s one of the most dangerous commands. A single mistake can wipe entire directories. It’s a good practice to first preview what will be deleted with Get-ChildItem, or even rename files instead of deleting them to make recovery easier.





You can also delete by masks:





PS > Remove-Item *.txt





Or specific files:





PS > Remove-Item C:\dir1ecords, C:\dir1\photos, C:\dir2\interrogations





find





To search for files, use Get-ChildItem with filters. For example:





PS > Get-ChildItem C:\ -Include *.exe -Recurse









This found all .exe files on C:\ but you can also limit depth:





PS > Get-ChildItem -Path "C:\Files\*.exe" -Filter "*software*" -Depth 2 -Exclude "*server*" -Recurse





Notice how flexible the filtering is. Often you don’t need regular expressions.





cat





To read files use Get-Content or gc:





PS > Get-Content -Path C:\case\script.txt





tail





To see the last ten lines of a file:





PS > Get-Content c:\logs\log.txt -TotalCount 10





To monitor in real time:





PS > Get-Content "C:\logs\log.txt" -Wait | Where { $_ -Match "Error" }





This shows new lines containing “Error” as they appear.





grep





PowerShell doesn’t have a perfect grep equivalent, but there are alternatives. To filter objects, use Where-Object.





List processes using more than 100 MB of memory:





PS > Get-Process | Where-Object { $_.WorkingSet -gt 104857600 }





using grep in powershell




For text searches, use Select-String to find the string that mentions your keyword:





PS > Select-String -Path C:\logs\*.log -Pattern "error"





Or combine with Get-Content:





PS > Get-Content -Path C:\scripts\script.txt | Select-String -Pattern "alias"





uname





To display system information:





PS > $Properties = 'Caption', 'CSName', 'Version', 'BuildType', 'OSArchitecture'; Get-CimInstance Win32_OperatingSystem | Select-Object $Properties | Format-Table -AutoSize









Longer than uname -a, but you can alias it if needed. At the end of the day, you don’t really use it much.





mkfs





To create filesystems, PowerShell has New-Volume and Format-Volume:





PS > New-Volume -StoragePoolName "CompanyData" -FriendlyName "TestVolume" -Size 10GB -ResiliencySettingName "Mirror" -FileSystem NTFS -AccessPath "M:" -ProvisioningType Fixed





Be careful, as misuse can destroy your data. Always test on a safe machine first.





ping





The classic ping equivalent is Test-Connection:





PS > Test-Connection google.com





cut





To extract only certain fields, use Select-Object. For example, to list text files in your user folder but only show names and sizes:





PS > Get-ChildItem $env:USERPROFILE -Filter "*.txt" | Select-Object -Property 'Name', 'Length'





man





The man equivalent is Get-Help:





PS > Get-Help Get-ChildItem





You can also use wildcards:





PS > Get-Help Get-*





Conclusion





As you can see, almost every Linux command has a worthy PowerShell counterpart. Some of them are less elegant or more verbose, but in return they often give you more power through structured objects and richer filtering. Bash and PowerShell approach the same problems from different angles. Bash is all about short, sharp one-liners, a language of quick hacks and piping small tools together. PowerShell takes more words to get going, but it pays you back with depth. Its cmdlets work with objects instead of plain text, which means more precision and flexibility. A job that takes three or four utilities strung together in Bash can sometimes be handled by a single cmdlet.





The transition isn’t painless. The syntax can feel verbose and the patterns unfamiliar. It looks like you’re doing more typing for the same result. In the end, it all comes down to habit and practice. PowerShell is essentially a full toolbox, while Bash is a handy pocket knife. The more you experiment and analyze, the more natural it will feel.

The post PowerShell: Moving from Bash to PowerShell first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/powershell-moving-from-bash-to-powershell/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.