Jump to content

Using Powershell to ssh and SFTP


Recommended Posts

For a larger project, I am exploring the use of Powershell to automate network tasks.  In the enclosed script, I am assuming someone has a Raspberry Pi named PiM3.local with default username and password on my local network.  I use Posh-SSH  which can be installed within Powershell by Install-Module Posh-SSH . I then execute a command with SSH,  grab the .bash-history and put a new file in the Pi.

One could, of course, use nmap to find computers with port 22 and then proceed with something like this to see what happens.  One could of course use the wifi pineapple to ... and so on.  Are there loose pi's where you live?  


Link to comment
Share on other sites

I'm not a big powershell guy but I've been doing simliar tasks over ssh on Linux with sshpass and expect.
-AsPlainText -Force
allow you to do this without ssh-keyscan or is the pi already one of your trusted devices? It's funny I was thinking about trying to expect with regular expressions to automatically submit yes when logging in on a new machine but I came across ssh-keyscan and that helped quite a bit.
ssh-keyscan -H >> ~/.ssh/known_hosts

Helped out tremendously.

Link to comment
Share on other sites

The goal I'm exploring is windows based exploits.   One advantage of Powershell being layered on the object oriented .Net library is that regular expressions are not as needed.  Things are already set into properties within objects.  There are also great list processing capabilities.   I can think of few to none functions that are available in the windows GUI and not in Powershell.    .Net shims can also be created for anything else.  For Windows exploits, I think powershell is under utilized.  I hope to have some more interesting (and involved) bits to share soon.

Link to comment
Share on other sites

What he is doing with the asplaintext is when you convert a password to secure string when the pass is in plain text, you have to let it know that and force the conversion so to speak.

I notice you are using the modules to check for open ssh or sftp.  If you are looking at static ports you can do this in direct .NET but will need to clear and instantiate the socket class each time due to it being a disposable object.  Would be better to make it a function and loop the function.

function Invoke-Portscan

    $scanresult = $false
    $socket = new-object System.Net.Sockets.TcpClient
    if($socket.ConnectAsync($IP, $Port).Wait(1000))
        $scanresult = $true
    $socket.Close() | Out-Null
    rv socket
    return $scanresult

The above code will scan a single port and return true or false depending on if it is open or not.  It has a timeout of 1 sec.  You could use to scan a target port and react off of it.

Posh-SSH is cool but you use it you have to know what responses you expect back to react off of them..including prompt unless you are using regex to ignore the prompt part somehow.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...