Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Author : TDiff
- # Pass commands to a distant computer inside a domain without needing WinRM + Kerberos
- # Usage : ExecuteDistantCommand ComputerName/IP "Commands"
- # You need to run this script as a domain user that has the required privilege
- # Returns True if the process started, False if not
- function ExecuteDistantCommand ([string] $ComputerName, [string] $Cmd)
- {
- # Encode the commands so double quotes etc aren't stripped out
- $sEncodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("&{$Cmd}"));
- # Execute the command
- $oResult = Invoke-WmiMethod -ComputerName $ComputerName -EnableAllPrivileges -Path win32_process -Name create -ArgumentList "powershell -enc $sEncodedCommand"
- # Check if the process got started (positive int PID)
- if ($oResult.ProcessId -gt 0) { return $true; } return $false;
- }
- # Example of usage
- ExecuteDistantCommand "0.0.0.0" 'echo "example"'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement