Sign in to follow this  
Followers 0
RogFleming

Remote Execution without Runas or Psexec

9 posts in this topic

#1 ·  Posted (edited)

Here is a a code snip it to allow you to run a program on a remote system as yourself. I'm working on a version which will allow you to set a scheduled task so it will work interactively with the desktop. Currently it is hidden from the desktop. You will have to look in task manager to see the process.

Dim $objWMIService, $objProcess
Dim $strShell, $objProgram, $strComputer, $strExe, $strInput
$strComputer = InputBox("ComputerName to Run Script","Computer Name")
$strExe = "notepad.exe"
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$objProcess = $objWMIService.Get("Win32_Process")
$objProgram = $objProcess.Methods_("Create").InParameters.SpawnInstance_
                                        $objProgram.CommandLine = $strExe

;Execute the program now at the command line.
$strShell = $objWMIService.ExecMethod( "Win32_Process", "Create", $objProgram)
MsgBox(1,"","Created: " & $strExe & " on " & $strComputer)
Edited by RogFleming

Share this post


Link to post
Share on other sites



Well - haven't tried it yet but I will. It looks very promising.

It will make a very nice UDF.

Thank you for sharing this ;)


SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Share this post


Link to post
Share on other sites

Thanks for sharing. I can make good use of that WMI technique to do the same in VBScript or .NET.

Share this post


Link to post
Share on other sites

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

This line fails for me. Do i need to be logged on the remote computer?

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

This line fails for me. Do i need to be logged on the remote computer?

You shouldn't need to be logged into the remote pc.

It could fail if you don't have admin rights to the remote machine or if WMI is disabled on it.

Also be sure you can ping/reach the machine specified in the $strComputer variable.

edit:

just some additional info

http://www.autoitscript.com/forum/index.php?showtopic=44913&view=findpost&p=672678

Edited by spudw2k

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I'm working on a version which will allow you to set a scheduled task...

As far as I can remember you can use SCHTASKS.exe to create scheduled tasks also on remote machines.

Br,

UEZ

PS: reached 1000 ;)

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites

You shouldn't need to be logged into the remote pc.

It could fail if you don't have admin rights to the remote machine or if WMI is disabled on it.

Also be sure you can ping/reach the machine specified in the $strComputer variable.

edit:

just some additional info

http://www.autoitscript.com/forum/index.php?showtopic=44913&view=findpost&p=672678

I checked it all. Still doesnt work.Checked firewalls and everything. Win XP domain environment.

Share this post


Link to post
Share on other sites

I checked it all. Still doesnt work.Checked firewalls and everything. Win XP domain environment.

Just for troubleshooting purposes, does it fail if you run the script locally on the box?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Updated option if the previous solution did not work for you: I found an issue if I want to execute a program on another system which needs to pass credentials to a network resource would fail. I needed to run the remote program Explicitly.

Using PsExe.exe to launch wmic.exe on a remote system to start a process on that workstation,the network credentials are preserved. FYI the "c:\DTESCAN\" directory in the command is on the remote system, You could use PsExec to copy a file to execute instead.

Also if you do not need to have credentials instead of the previous code you could do the following in you run command:

run("wmic.exe /node:"&$targethost&" "&/node:"&$strComputer&" "&"PROCESS CALL Create"&" "&"'"&$Program&"'")

Func RemoteExecutePsExec($ScanName, $strComputer,$sComputerName,$proc)
Sleep(30)
ShellExecute("c:\SysinternalsSuite\PsExec.exe","-d \\"&$strComputer&" "&"-u domain\username -p password wmic /node:"&$strComputer&" "&"PROCESS CALL Create"&" "&"'"&"c:\DTESCAN\"&$ScanName&" "&$sComputerName&" "&$Proc&"'","","Open",@SW_HIDE)
Sleep(30)
EndFunc
Edited by RogFleming

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0