Conducting a PowerShell Ping Sweep

In this post we will look to see how we can conduct a PowerShell Ping Sweep. So you are on a pentest engagment and have just owned a box and can see an alternative subnet or have just pivoted into a new subnet. You know want to know what else is in that new subnet but can’t access it from your attack machine. You will want to see what is alive and so a quick ping sweep of the subnet is in order to see how many targets are in the range. Why not use PowerShell. This is pretty straightforward, we can use the following syntax to perform a ping sweep of a /24 subnet:

1..255 | % {echo "10.0.2.$_"; ping -n 1 -w 100 10.0.2.$_ | Select-String ttl }

This should look like this in action:

PowerShell Ping Sweep