This repository has been archived by the owner on May 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 44
/
PoshExec.ps1
97 lines (79 loc) · 3.16 KB
/
PoshExec.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
function Start-RemoteProcess
{
[CmdletBinding()]
param(
[Parameter()]
$ComputerName,
[Parameter(Mandatory)]
[System.Management.Automation.Credential()]
$Credential=[System.Management.Automation.PSCredential]::Empty,
[Parameter()]
$FilePath,
[Parameter()]
[Switch]$Interact,
[Parameter()]
[Switch]$Cleanup
)
$Service = Get-Service -ComputerName $ComputerName -Name "PoshExecSvr" -ErrorAction SilentlyContinue
$drive = Get-PSDrive -Name "$ComputerName Admin" -ErrorAction SilentlyContinue
if ($drive -eq $null)
{
Write-Verbose "Mapping admin share drive."
New-PSDrive -Name "$ComputerName Admin" -Root "\\$ComputerName\Admin`$" -Credential $Credential -PSProvider FileSystem | Out-Null
}
if ($Service -eq $null)
{
$Binary = Join-Path ([io.path]::GetTempPath()) "PoshExecSvr.exe"
$ScriptDirectory = $MyInvocation.MyCommand.Module.ModuleBase
Write-Verbose "Compiling PoshExecSvr service."
Add-Type -OutputType ConsoleApplication -OutputAssembly $Binary -ReferencedAssemblies "System.Data","System.ServiceProcess","System.Xml" -Path (Join-Path $ScriptDirectory "PoshExec.cs")
Write-Verbose "Copying service to remote machine [$ComputerName]."
Copy-Item $Binary "$ComputerName Admin:\PoshExecSvr.exe"
Write-Verbose "Creating service using service control manager."
$SCArgs = @("\\$ComputerName","create","PoshExecSvr","binpath= C:\windows\PoshExecSvr.exe")
Start-Process -FilePath "C:\windows\system32\sc.exe" -ArgumentList $SCArgs -Credential $Credential -Wait -WindowStyle Hidden
}
Write-Verbose "Validating service is running."
$Service = Get-Service -ComputerName $ComputerName -Name "PoshExecSvr" -ErrorAction SilentlyContinue
#Sometimes the service isn't quite installed, even if we wait for sc.exe to exit
if ($Service -eq $null -and $Services.Status -ne 'Running')
{
Start-Sleep -Milliseconds 500
Get-Service -ComputerName $ComputerName -Name "PoshExecSvr" | Start-Service
}
elseif ($Services.Status -ne 'Running')
{
Write-Verbose "Starting service."
$service | Start-Service
}
Add-Type "
namespace PoshExecSvr
{
[System.Serializable]
public class StartInfo
{
public string CommandLine;
public bool Interact;
}
}
"
$StartInfo = New-Object PoshExecSvr.StartInfo
$StartInfo.CommandLine = $FilePath
$StartInfo.Interact = $Interact
$Stream = New-Object System.IO.MemoryStream
$Serializer = New-Object System.Xml.Serialization.XmlSerializer -ArgumentList ([PoshExecSvr.StartInfo])
$Serializer.Serialize($stream, $startInfo)
$stream.position = 0
$sr = New-Object -TypeName System.IO.StreamReader -ArgumentList $stream
$xml = $sr.ReadToEnd()
Write-Verbose "Sending start up info to service."
Send-NamedPipeMessage -PipeName "PoshExecSvrPipe" -ComputerName $ComputerName -Message $XML
if ($Cleanup)
{
Write-Verbose "Cleaning up service."
$Service | Stop-Service
Start-Process -FilePath "C:\windows\system32\sc.exe" -ArgumentList "\\$ComputerName","delete","PoshExecSvr" -Credential $Credential -Wait
Remove-Item "$ComputerName Admin:\PoshExecSvr.exe"
Remove-PSDrive -Name "$ComputerName Admin"
}
}