How to locate and edit Windows Powershell History
How to locate and edit Windows Powershell History
Do you use the popular Windows OS Powershell (PS)? If you do, you already know that, unlike Command Prompt (CMD), Windows Powershell, like Terminal on Unix-like Operating Systems saves the commands entered previously. These saved commands are what is called History.
The history in both Powershell and Terminal, can be accessed by using the Up arrow key on your keyboard, to browse the previous commands, from the most recent to the least recent or oldest.
This article is the first of the “Windows OS Revealed” Series of articles. Follow the Series to learn more about the Windows Operating System. It’s a Next-Level Analysis of the internal working of Microsoft Windows OS.
In this article we will expound on how you can access the Windows Powershell History on the Windows PC directory structure. This means that even if you have dual booted Windows and probably a Linux-Based OS, you can still access, modify and save the Powershell History.
Therefore, to access or modify the Powershell History you don’t necessarily have to be on Windows OS, but must have Windows OS installed on your machine. But, note that, you can only see what is actually happening as you play around with the file, only if you are on Windows. This is because the only way to view what has changed on the file, practically, is by opening Powershell and browsing through the History manually by using the Up arrow key.
Enjoy playing around with the Powershell History file!
Windows stores the Powershell History file under the User’s AppData directory. Here is the actual location:
C:\Users\thetqweb\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
To play around with the History file, open it on your editor of choice. Let’s say that the commands entered previously are as follows:
logout
logoff
poweroff
shutdown
diskpar
diskpart
In the example above, it seems that the user first tried to use the “logout” command, to log out of a logged in user, but the command doesn’t exist. Similar to the “poweroff” command. The “shutdown” command on its own only displays a help manual for shutdown options, and therefore requires something like “-h” to hibernate a PC, and so on. The 2nd last command “diskpar” was not complete and its complete form is the last command “diskpart”.
Now say you want to correct the file to only have history of only correct commands. The corrected file would look like:
logoff
shutdown -h
diskpart
shutdown -p
Make sure to save the file!
Note that I added a line that did not exist, “shutdown -p”, a command to instantly shutdown a PC. Now, for proof of concept, close the Powershell window (if open) and reopen it. Browse Powershell History using the Up arrow key. The commands should now appear as you modified them.
Note that if you add a command manually, you should add a new line using the Enter or Return key to avoid merging the last command and the next command that you will enter on the Powershell window. To prove this, you could intentionally not put a new empty line and try to enter a new command on the Powershell window.
How to locate and edit Windows Powershell History
Hacking | thetqweb