API tools faq
paste
Advertisement
TDiff

Pass Powershell command to distant computers without WinRM

TDiff
Sep 15th, 2018
286
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.91 KB | None | 0 0
raw download clone embed print report
  1. # Author : TDiff
  2. # Pass commands to a distant computer inside a domain without needing WinRM + Kerberos
  3. # Usage : ExecuteDistantCommand ComputerName/IP "Commands"
  4. # You need to run this script as a domain user that has the required privilege
  5. # Returns True if the process started, False if not
  6.  
  7. function ExecuteDistantCommand ([string] $ComputerName, [string] $Cmd)
  8. {
  9.     # Encode the commands so double quotes etc aren't stripped out
  10.     $sEncodedCommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("&{$Cmd}"));
  11.  
  12.     # Execute the command
  13.     $oResult = Invoke-WmiMethod -ComputerName $ComputerName -EnableAllPrivileges -Path win32_process -Name create -ArgumentList "powershell -enc $sEncodedCommand"
  14.  
  15.     # Check if the process got started (positive int PID)
  16.     if ($oResult.ProcessId -gt 0) { return $true; } return $false;
  17. }
  18.  
  19. # Example of usage
  20. ExecuteDistantCommand "0.0.0.0" 'echo "example"'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!