14-12-2018, 07:50 PM
This was taken from https://cyber-defense.sans.org/blog/2016...nt-page-1/
7-Zip PowerShell Module
7-Zip can be "wrapped" by PowerShell for very convenient command-line access and scripting use. A popular PowerShell module for this is 7Zip4PowerShell, which can be installed for free from the PowerShell Gallery, or, if you have an older version of PowerShell, downloaded from GitHub. (You must have at least PowerShell version 2.0.)
If you have PowerShell 5.0 or later, install 7Zip4PowerShell from the PSGallery over the Internet like this:
Install-Module -Name 7Zip4PowerShell -Verbose
To see the new commands provided by the module:
Get-Command -Module 7Zip4PowerShell
To copy all the *.log files in the present directory into a 7z-compressed archive:
dir *.log | Compress-7Zip -ArchiveFileName logbackup.7z
To copy the F:\Temp folder and all its subdirectories and files into a traditional Zip archive that is compatible with Windows, Mac and Linux:
Compress-7Zip -Path F:\Temp -ArchiveFileName backup.zip -Format Zip
To open an archive in the graphical 7-Zip application for viewing, just invoke or "execute" the archive's file name at the command line:
.\logbackup.7z
(Note: You can associate other archive file name extensions with 7-Zip by pulling down the Tools menu in 7-Zip and selecting Options.)
To see details about the files inside an archive without actually extracting them:
Get-7Zip -ArchiveFileName logbackup.7z
Get-7Zip -ArchiveFileName archive.zip | Format-Table FileName,Size
To extract everything from an archive into the present directory ("."):
Expand-7Zip -ArchiveFileName archive.zip -TargetPath .
(If you want to go beyond the above basic operations, see this command reference and the -CustomInitialization parameter. You have access to all the features of 7-Zip through the PowerShell wrapper, it's just that not all of them are exposed as separate parameter names — there would be far too many, it would be clutter for 99% of users.)
To archive and encrypt a folder and everything underneath it with a passphrase:
Compress-7Zip -Path .\DataFolder -ArchiveFileName backup.7z -Format SevenZip -Password "SomeLONG&randuumP@ssf8zzaize" -EncryptFilenames
Notice in the above that the archive format is SevenZip (creates a *.7z file) and the -EncryptFilenames switch is used. As discussed above, this combination should be considered mandatory. If you do not encrypt file names, and you attempt to extract files from the encrypted 7z archive using the wrong password (perhaps accidentally) then you risk overwriting any existing files with the same names with empty files, thus deleting the contents of those files! This does not happen when the -EncryptFilenames switch is always used.
To decrypt and extract the files from a 7z archive to the C:\Data folder:
Expand-7Zip -ArchiveFileName backup.7z -Password "SomeLONG&randuumP@ssf8zzaize" -TargetPath C:\Data
In a PowerShell script, the passphrase and other arguments could be stored as variables:
$Key = "iLFH&s9a>P=e9AcaCh_TaGIni$>+e#^s=%#PZ2Vc1&~sM-PXT)Km{(REM?<LR^p~!"
Expand-7Zip -ArchiveFileName backup.7z -Password $Key -TargetPath C:\Data
But we don't want to hard-code decryption keys into scripts, so how could we safely get the key string into the variable? And if the key string is 50+ random characters, it's just too long to enter by hand each time.
7-Zip PowerShell Module
7-Zip can be "wrapped" by PowerShell for very convenient command-line access and scripting use. A popular PowerShell module for this is 7Zip4PowerShell, which can be installed for free from the PowerShell Gallery, or, if you have an older version of PowerShell, downloaded from GitHub. (You must have at least PowerShell version 2.0.)
If you have PowerShell 5.0 or later, install 7Zip4PowerShell from the PSGallery over the Internet like this:
Install-Module -Name 7Zip4PowerShell -Verbose
To see the new commands provided by the module:
Get-Command -Module 7Zip4PowerShell
To copy all the *.log files in the present directory into a 7z-compressed archive:
dir *.log | Compress-7Zip -ArchiveFileName logbackup.7z
To copy the F:\Temp folder and all its subdirectories and files into a traditional Zip archive that is compatible with Windows, Mac and Linux:
Compress-7Zip -Path F:\Temp -ArchiveFileName backup.zip -Format Zip
To open an archive in the graphical 7-Zip application for viewing, just invoke or "execute" the archive's file name at the command line:
.\logbackup.7z
(Note: You can associate other archive file name extensions with 7-Zip by pulling down the Tools menu in 7-Zip and selecting Options.)
To see details about the files inside an archive without actually extracting them:
Get-7Zip -ArchiveFileName logbackup.7z
Get-7Zip -ArchiveFileName archive.zip | Format-Table FileName,Size
To extract everything from an archive into the present directory ("."):
Expand-7Zip -ArchiveFileName archive.zip -TargetPath .
(If you want to go beyond the above basic operations, see this command reference and the -CustomInitialization parameter. You have access to all the features of 7-Zip through the PowerShell wrapper, it's just that not all of them are exposed as separate parameter names — there would be far too many, it would be clutter for 99% of users.)
To archive and encrypt a folder and everything underneath it with a passphrase:
Compress-7Zip -Path .\DataFolder -ArchiveFileName backup.7z -Format SevenZip -Password "SomeLONG&randuumP@ssf8zzaize" -EncryptFilenames
Notice in the above that the archive format is SevenZip (creates a *.7z file) and the -EncryptFilenames switch is used. As discussed above, this combination should be considered mandatory. If you do not encrypt file names, and you attempt to extract files from the encrypted 7z archive using the wrong password (perhaps accidentally) then you risk overwriting any existing files with the same names with empty files, thus deleting the contents of those files! This does not happen when the -EncryptFilenames switch is always used.
To decrypt and extract the files from a 7z archive to the C:\Data folder:
Expand-7Zip -ArchiveFileName backup.7z -Password "SomeLONG&randuumP@ssf8zzaize" -TargetPath C:\Data
In a PowerShell script, the passphrase and other arguments could be stored as variables:
$Key = "iLFH&s9a>P=e9AcaCh_TaGIni$>+e#^s=%#PZ2Vc1&~sM-PXT)Km{(REM?<LR^p~!"
Expand-7Zip -ArchiveFileName backup.7z -Password $Key -TargetPath C:\Data
But we don't want to hard-code decryption keys into scripts, so how could we safely get the key string into the variable? And if the key string is 50+ random characters, it's just too long to enter by hand each time.