Need a way to remot...
 
Notifications
Clear all

Need a way to remotely install an app on Windows?  

  RSS
infosecwriter
(@infosecwriter)
New Member

Here is yet another method to use PsExec to remotely transfer and run an app. It runs through a subnet, tests the connection before attempting to push, and dumps the results into a report. This time it is with PowerShell. I use this method a lot in enterprise networks when deploying the EnCase servlet. Any suggestions on improving the PowerShell script? The code is included in the video and description.

Here is the link https://youtu.be/NhZPixwlVFQ
[video width=250 height=200]https://youtu.be/NhZPixwlVFQ[/video]

code

# Written by Jeremy Martin, Information Warfare Center
# More tips and episodes of Cyber Secrets at
# YouTube.com/IWCCyberSec
# InformationWarfareCEnter.com
# IntelligentHacking.com

clear
[email protected]()
$Subnet = Read-Host -Prompt "Please Enter the Subnet the you want to search in (Example 192.168.0)"
$IPStart = Read-Host -Prompt "Please Enter the First IP in that range (Example1)"
$IPEnd = Read-Host -Prompt "Please Enter the Last IP in that range (Example255)"
$User = Read-Host -Prompt "Please Enter the Admin User"
$Pass = Read-Host -Prompt "Please Enter the Admin Pass"
$Domain = Read-Host -Prompt "Please Enter the Domain (NA for None)"
$ScriptPath = Read-Host -Prompt "Please Enter the destination path (Example c\)"
$Prog = Read-Host -Prompt "Please Enter the program to push"
echo "Starting the push now…"
if (Test-Path $Subnet-"results.csv")
{
$results += Import-Csv -Path $Subnet-"results.csv"
}
$IPStart..$IPEnd | %{
$IP = "$Subnet.$_"
If (Test-Connection -count 1 -comp $IP -quiet) {
$HostName = [System.Net.Dns]GetHostByAddress($IP).HostName
$HostName = $HostName.trimend(".domain")
if ($Domain -eq "NA"){
$Domain=$HostName
}
$cmdkeyParams = @('/add$HostName /user$Domain\$User /pass$Pass')
Start-Process -FilePath cmdkey.exe -ArgumentList "$cmdkeyParams" -wait
echo "$IP - $HostName"
$props = @{
HostName = $HostName
IPAddress = $ip
Path = $ScriptPath
Program = $Prog
}
$Target = "\\$HostName"
$PUser = "-u $Domain\$User"
$PPass = "-p $Pass"
$Args = @('-i -f -c', $Prog)
$Exec = "./PsExec.exe"
$Params = "$Target $PUser $PPass $Args"
echo "$Exec $Params"
$process = Start-Process -FilePath "$Exec" -ArgumentList "$Params" -PassThru
Wait-Process -InputObject $process
if ($process.ExitCode -eq 0) {
$results+= "$Prog was pushed to $IP - $HostName using PsExec."
echo "$Prog was pushed to $IP - $HostName"
New-Object -TypeName psobject -Property $props
} elseif ($process.ExitCode -eq 2){
$results+= "$Prog was pushed to $IP - $HostName"
echo "$Prog was pushed to $IP - $HostName"
} else {
$results+= "$Prog FAILED to push to $IP - $HostName"
echo "$Prog FAILED to push to $IP - $HostName"
}

$cmdkeydParams = @('/delete$HostName')

} else {
Write-Host "the $IP is not reachable"
}
}

$results >> $Subnet-"results.csv"
Invoke-Item $Subnet-"results.csv" -force

Quote
Posted : 16/09/2017 8:31 pm
Share: