Get-Content
Read file contents. Equivalent to cat on Linux. Used to read sensitive files, credentials, and configuration data.
Binary Paths
PowerShell cmdlet
Glob Patterns
| Pattern | Notes |
|---|---|
& (gcm G*-C*t) C:\Windows\System32\drivers\etc\hosts
|
Wildcards in both verb and noun |
& (gcm Get-Con*) ...
|
Star matches 'tent' |
& (gcm G?t-Content) ...
|
Single char wildcard replaces 'e' |
& (gcm G[d-f]t-Content) ...
|
Character range matches 'e' in Get |
gc C:\sensitive\file.txt
|
Built-in alias 'gc' for Get-Content |
cat C:\sensitive\file.txt
|
Alias 'cat' also works in PowerShell |
type C:\sensitive\file.txt
|
Alias 'type' also resolves to Get-Content |
& (gcm *Content) ...
|
Prefix wildcard |
& (DIR Alias:/g?) C:\sensitive\file.txt
|
Resolves gc alias via PowerShell's Alias: PSDrive glob — g? matches gc (Get-Content) |
& (gcm ('{0}et-{1}' -f 'G','Content')) C:\sensitive\file.txt
|
-f format operator constructs 'Get-Content' from string fragments before gcm resolves it |
Pattern Tester
$
Try typing Get-Content or a full path like PowerShell cmdlet
YARA Rule
Auto-generated detection rule for Get-Content