-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathWSManWinRM.ps1
58 lines (53 loc) · 2.25 KB
/
WSManWinRM.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
function Invoke-WSManWinRM
{
<#
.SYNOPSIS
Purpose: A simple POC for leveraging a WMI class to execute a remote command over the WinRM (WSMan) protocol using the WSMan.Automation COM object (wsmauto.dll)
Inspiration: Invoke-WSManAction
Author: @bohops
License: BSD 3-Clause
.PARAMETER hostname
The hostname (or FQDN) of the remote WinRM host. Required.
.PARAMETER command
The command to execute remotely. Required.
.PARAMETER user
Domain\Username (credential). Optional.
.PARAMETER password
Password (credential). Optional.
.EXAMPLE
PS C:\> Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe
Returns XML Blog with PID if successful
.EXAMPLE
PS C:\> Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe -user domain\joe.user -password P@ssw0rd
Returns XML Blog with PID if successful
.LINK
https://docs.microsoft.com/en-us/windows/win32/winrm/wsman
#>
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string] $hostname,
[Parameter(Mandatory=$true, Position=1)]
[string] $command,
[Parameter(Mandatory=$false, Position=2)]
[string] $user,
[Parameter(Mandatory=$false, Position=3)]
[string] $password
)
$protocol = "http"
$port = "5985"
$wsman = new-object -com WSMan.Automation
$options = $wsman.CreateConnectionOptions()
$sessionUrl = $protocol + "://" + $hostname + ":" + $port + "/wsman"
$session = $wsman.CreateSession($sessionUrl, 0, $options)
if (($user.Length -gt 0) -and ($password.Length -gt 0))
{
$options.Username = $user
$options.Password = $password
$session = $wsman.CreateSession($sessionUrl, $wsman.SessionFlagCredUsernamePassword(), $options)
}
$resource = "http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Process"
$parameters = "<p:Create_INPUT xmlns:p=`"http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Process`"><p:CommandLine>" + $command + "</p:CommandLine></p:Create_INPUT>"
$response = $session.Invoke("Create", $resource, $parameters)
write-host $response
}