Struthian Posted January 6, 2018 Share Posted January 6, 2018 For a larger project, I am exploring the use of Powershell to automate network tasks. In the enclosed script, I am assuming someone has a Raspberry Pi named PiM3.local with default username and password on my local network. I use Posh-SSH which can be installed within Powershell by Install-Module Posh-SSH . I then execute a command with SSH, grab the .bash-history and put a new file in the Pi. One could, of course, use nmap to find computers with port 22 and then proceed with something like this to see what happens. One could of course use the wifi pineapple to ... and so on. Are there loose pi's where you live? RaspberySFTP.ps1 Quote Link to comment Share on other sites More sharing options...
vailixi Posted January 9, 2018 Share Posted January 9, 2018 I'm not a big powershell guy but I've been doing simliar tasks over ssh on Linux with sshpass and expect. Does -AsPlainText -Force allow you to do this without ssh-keyscan or is the pi already one of your trusted devices? It's funny I was thinking about trying to expect with regular expressions to automatically submit yes when logging in on a new machine but I came across ssh-keyscan and that helped quite a bit. ssh-keyscan -H 192.168.0.39 >> ~/.ssh/known_hosts Helped out tremendously. Quote Link to comment Share on other sites More sharing options...
Struthian Posted January 9, 2018 Author Share Posted January 9, 2018 The goal I'm exploring is windows based exploits. One advantage of Powershell being layered on the object oriented .Net library is that regular expressions are not as needed. Things are already set into properties within objects. There are also great list processing capabilities. I can think of few to none functions that are available in the windows GUI and not in Powershell. .Net shims can also be created for anything else. For Windows exploits, I think powershell is under utilized. I hope to have some more interesting (and involved) bits to share soon. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted January 9, 2018 Share Posted January 9, 2018 What he is doing with the asplaintext is when you convert a password to secure string when the pass is in plain text, you have to let it know that and force the conversion so to speak. I notice you are using the modules to check for open ssh or sftp. If you are looking at static ports you can do this in direct .NET but will need to clear and instantiate the socket class each time due to it being a disposable object. Would be better to make it a function and loop the function. function Invoke-Portscan { [Cmdletbinding()] Param( [Parameter(Mandatory=$true)] [string]$IP, [Parameter(Mandatory=$true)] [int]$Port ) $scanresult = $false $socket = new-object System.Net.Sockets.TcpClient if($socket.ConnectAsync($IP, $Port).Wait(1000)) { $scanresult = $true } $socket.Close() | Out-Null rv socket return $scanresult } The above code will scan a single port and return true or false depending on if it is open or not. It has a timeout of 1 sec. You could use to scan a target port and react off of it. Posh-SSH is cool but you use it you have to know what responses you expect back to react off of them..including prompt unless you are using regex to ignore the prompt part somehow. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.