InvokeCommand return output

Modify PowerShellRemoting.InvokeCommand to return a string.

SharpSploit.Tests/SharpSploit.Tests/LateralMovement/PowerShellRemotingTests.cs

@@ -2,7 +2,6 @@
 // Project: SharpSploit (https://github.com/cobbr/SharpSploit)
 // License: BSD 3-Clause
 
-using System.IO;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 using SharpSploit.LateralMovement;
@@ -15,13 +14,15 @@ public class PowerShellRemotingTests
         [TestMethod]
         public void TestInvokeCommand()
         {
-            string FileName = Path.GetTempFileName();
-            bool result = PowerShellRemoting.InvokeCommand("localhost", $@"'test' | Out-File '{FileName}'");
-            Assert.IsTrue(result);
-            System.Threading.Thread.Sleep(2000);
-            string text = File.ReadAllText(FileName);
-            Assert.AreEqual("test", text);
-            File.Delete(FileName);
+            var result = PowerShellRemoting.InvokeCommand("dc1", "whoami; hostname");
+            Assert.IsTrue(!string.IsNullOrEmpty(result));
+        }
+
+        [TestMethod]
+        public void TestInvokeCommandWCredentials()
+        {
+            var result = PowerShellRemoting.InvokeCommand("dc1", "whoami; hostname", "DEV", "rasta", "Passw0rd!");
+            Assert.IsTrue(!string.IsNullOrEmpty(result));
         }
     }
-}
+}

SharpSploit/LateralMovement/PowerShellRemoting.cs

@@ -15,19 +15,17 @@ public class PowerShellRemoting
         /// <param name="Domain">Domain for explicit credentials.</param>
         /// <param name="Username">Username for explicit credentials.</param>
         /// <param name="Password">Password for explicit credentials.</param>
-        /// <returns>Bool. True if execution succeeds, false otherwise.</returns>
+        /// <returns>String. Results of the PowerShell command.</returns>
         /// <author>Daniel Duggan (@_RastaMouse)</author>
         /// <remarks>
-        /// The return value is a little ambigious as the function won't return as long
-        /// as the command is still running on the remote target. Also, if execution fails
-        /// (e.g. because bad creds), it doesn't throw an error and it returns true regardless.
+        /// The function won't return as long as the command is still running on the remote target.
         /// </remarks>
-        public static bool InvokeCommand(string ComputerName, string Command, string Domain = "", string Username = "", string Password = "")
+        public static string InvokeCommand(string ComputerName, string Command, string Domain = "", string Username = "", string Password = "")
         {
             string command = string.Empty;
             bool useCredentials = Domain != "" && Username != "" && Password != "";
 
-            if(useCredentials)
+            if (useCredentials)
             {
                 command += $@"$Credential = New-Object System.Management.Automation.PSCredential(""{Domain}\{Username}"", (ConvertTo-SecureString ""{Password}"" -AsPlainText -Force)); ";
             }
@@ -36,9 +34,8 @@ public static bool InvokeCommand(string ComputerName, string Command, string Dom
             {
                 command += $" -Credential $Credential";
             }
-
-            Shell.PowerShellExecute(command, false);
-            return true;
+
+            return Shell.PowerShellExecute(command);
         }
     }
 }