diff --git a/SharpSploit.Tests/SharpSploit.Tests/LateralMovement/PowerShellRemotingTests.cs b/SharpSploit.Tests/SharpSploit.Tests/LateralMovement/PowerShellRemotingTests.cs
index c4b16f4..c980441 100644
--- a/SharpSploit.Tests/SharpSploit.Tests/LateralMovement/PowerShellRemotingTests.cs
+++ b/SharpSploit.Tests/SharpSploit.Tests/LateralMovement/PowerShellRemotingTests.cs
@@ -2,7 +2,6 @@
// Project: SharpSploit (https://github.com/cobbr/SharpSploit)
// License: BSD 3-Clause
-using System.IO;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using SharpSploit.LateralMovement;
@@ -15,13 +14,15 @@ public class PowerShellRemotingTests
[TestMethod]
public void TestInvokeCommand()
{
- string FileName = Path.GetTempFileName();
- bool result = PowerShellRemoting.InvokeCommand("localhost", $@"'test' | Out-File '{FileName}'");
- Assert.IsTrue(result);
- System.Threading.Thread.Sleep(2000);
- string text = File.ReadAllText(FileName);
- Assert.AreEqual("test", text);
- File.Delete(FileName);
+ var result = PowerShellRemoting.InvokeCommand("dc1", "whoami; hostname");
+ Assert.IsTrue(!string.IsNullOrEmpty(result));
+ }
+
+ [TestMethod]
+ public void TestInvokeCommandWCredentials()
+ {
+ var result = PowerShellRemoting.InvokeCommand("dc1", "whoami; hostname", "DEV", "rasta", "Passw0rd!");
+ Assert.IsTrue(!string.IsNullOrEmpty(result));
}
}
-}
+}
\ No newline at end of file
diff --git a/SharpSploit/LateralMovement/PowerShellRemoting.cs b/SharpSploit/LateralMovement/PowerShellRemoting.cs
index 8491957..2615efb 100644
--- a/SharpSploit/LateralMovement/PowerShellRemoting.cs
+++ b/SharpSploit/LateralMovement/PowerShellRemoting.cs
@@ -15,19 +15,17 @@ public class PowerShellRemoting
/// Domain for explicit credentials.
/// Username for explicit credentials.
/// Password for explicit credentials.
- /// Bool. True if execution succeeds, false otherwise.
+ /// String. Results of the PowerShell command.
/// Daniel Duggan (@_RastaMouse)
///
- /// The return value is a little ambigious as the function won't return as long
- /// as the command is still running on the remote target. Also, if execution fails
- /// (e.g. because bad creds), it doesn't throw an error and it returns true regardless.
+ /// The function won't return as long as the command is still running on the remote target.
///
- public static bool InvokeCommand(string ComputerName, string Command, string Domain = "", string Username = "", string Password = "")
+ public static string InvokeCommand(string ComputerName, string Command, string Domain = "", string Username = "", string Password = "")
{
string command = string.Empty;
bool useCredentials = Domain != "" && Username != "" && Password != "";
- if(useCredentials)
+ if (useCredentials)
{
command += $@"$Credential = New-Object System.Management.Automation.PSCredential(""{Domain}\{Username}"", (ConvertTo-SecureString ""{Password}"" -AsPlainText -Force)); ";
}
@@ -36,9 +34,8 @@ public static bool InvokeCommand(string ComputerName, string Command, string Dom
{
command += $" -Credential $Credential";
}
-
- Shell.PowerShellExecute(command, false);
- return true;
+
+ return Shell.PowerShellExecute(command);
}
}
}
\ No newline at end of file
diff --git a/SharpSploit/SharpSploit.xml b/SharpSploit/SharpSploit.xml
index 09dd908..8600ce3 100644
--- a/SharpSploit/SharpSploit.xml
+++ b/SharpSploit/SharpSploit.xml
@@ -1620,12 +1620,10 @@
Domain for explicit credentials.
Username for explicit credentials.
Password for explicit credentials.
- Bool. True if execution succeeds, false otherwise.
+ String. Results of the PowerShell command.
Daniel Duggan (@_RastaMouse)
- The return value is a little ambigious as the function won't return as long
- as the command is still running on the remote target. Also, if execution fails
- (e.g. because bad creds), it doesn't throw an error and it returns true regardless.
+ The function won't return as long as the command is still running on the remote target.