Jump to content
Hak5 Forums
Sign in to follow this  
Struthian

Using Powershell to ssh and SFTP

Recommended Posts

For a larger project, I am exploring the use of Powershell to automate network tasks.  In the enclosed script, I am assuming someone has a Raspberry Pi named PiM3.local with default username and password on my local network.  I use Posh-SSH  which can be installed within Powershell by Install-Module Posh-SSH . I then execute a command with SSH,  grab the .bash-history and put a new file in the Pi.

One could, of course, use nmap to find computers with port 22 and then proceed with something like this to see what happens.  One could of course use the wifi pineapple to ... and so on.  Are there loose pi's where you live?  

RaspberySFTP.ps1

Share this post


Link to post
Share on other sites
I'm not a big powershell guy but I've been doing simliar tasks over ssh on Linux with sshpass and expect.
 
Does
-AsPlainText -Force
allow you to do this without ssh-keyscan or is the pi already one of your trusted devices? It's funny I was thinking about trying to expect with regular expressions to automatically submit yes when logging in on a new machine but I came across ssh-keyscan and that helped quite a bit.
ssh-keyscan -H 192.168.0.39 >> ~/.ssh/known_hosts

Helped out tremendously.

Share this post


Link to post
Share on other sites

The goal I'm exploring is windows based exploits.   One advantage of Powershell being layered on the object oriented .Net library is that regular expressions are not as needed.  Things are already set into properties within objects.  There are also great list processing capabilities.   I can think of few to none functions that are available in the windows GUI and not in Powershell.    .Net shims can also be created for anything else.  For Windows exploits, I think powershell is under utilized.  I hope to have some more interesting (and involved) bits to share soon.

Share this post


Link to post
Share on other sites

What he is doing with the asplaintext is when you convert a password to secure string when the pass is in plain text, you have to let it know that and force the conversion so to speak.

I notice you are using the modules to check for open ssh or sftp.  If you are looking at static ports you can do this in direct .NET but will need to clear and instantiate the socket class each time due to it being a disposable object.  Would be better to make it a function and loop the function.

function Invoke-Portscan
{
    [Cmdletbinding()]
    Param(
        [Parameter(Mandatory=$true)]
        [string]$IP,

        [Parameter(Mandatory=$true)]
        [int]$Port
    )
    $scanresult = $false
    $socket = new-object System.Net.Sockets.TcpClient
    if($socket.ConnectAsync($IP, $Port).Wait(1000))
    {
        $scanresult = $true
    }
    $socket.Close() | Out-Null
    rv socket
    return $scanresult
}

The above code will scan a single port and return true or false depending on if it is open or not.  It has a timeout of 1 sec.  You could use to scan a target port and react off of it.

Posh-SSH is cool but you use it you have to know what responses you expect back to react off of them..including prompt unless you are using regex to ignore the prompt part somehow.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×