Advertisement
TDiff

Pass Powershell command to distant computers without WinRM

Sep 15th, 2018
286
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Author : TDiff
  2. # Pass commands to a distant computer inside a domain without needing WinRM + Kerberos
  3. # Usage : ExecuteDistantCommand ComputerName/IP "Commands"
  4. # You need to run this script as a domain user that has the required privilege
  5. # Returns True if the process started, False if not
  6.  
  7. function ExecuteDistantCommand ([string] $ComputerName, [string] $Cmd)
  8. {
  9.     # Encode the commands so double quotes etc aren't stripped out
  10.     $sEncodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("&{$Cmd}"));
  11.  
  12.     # Execute the command
  13.     $oResult = Invoke-WmiMethod -ComputerName $ComputerName -EnableAllPrivileges -Path win32_process -Name create -ArgumentList "powershell -enc $sEncodedCommand"
  14.  
  15.     # Check if the process got started (positive int PID)
  16.     if ($oResult.ProcessId -gt 0) { return $true; } return $false;
  17. }
  18.  
  19. # Example of usage
  20. ExecuteDistantCommand "0.0.0.0" 'echo "example"'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement