search

FuzzySecurity / PowerShell-Suite

My musings with PowerShell
BSD 3-Clause "New" or "Revised" License
2.61k stars 766 forks source link

Will these scripts still run normally? #4

Open trolloos opened 7 years ago

trolloos commented 7 years ago

I can't seem to do anything to get them to work. Whenever I try to execute a script my powershell window just jumps to a new line no error nothing. It does nothing I am running powershell as admin and I have the right execution policy but none of the scripts seem to do anything for me?

elijahgagne commented 7 years ago

The scripts define functions. So when you run them, they create the function and then exit.

What you want to do is "dot source" the script, which will load the function into the current PowerShell session. For example:

. ".\Invoke-Runas.ps1"

After you've dot sourced the script file, you can then use the function it defined:

Invoke-Runas -User SomeAccount -Password SomePass -Domain SomeDomain -Binary C:\Windows\System32\cmd.exe -LogonType 0x2
stock99 commented 5 years ago

or simply add the line below at the end of the script (make sure you specify the cred details tho). Invoke-Runas -User SomeAccount -Password SomePass -Domain SomeDomain -Binary C:\Windows\System32\cmd.exe -LogonType 0x2

sh1yan commented 5 years ago

我在尝试了以上方法,和时无法运行 I'm trying the above method, and I can't run it at any time.

PS E:\> . ".\Get-TokenPrivs.ps1"
PS E:\> .".\Get-TokenPrivs.ps1"
PS E:\> .".\Get-TokenPrivs.ps1 -ProcID 3836"
. : 无法将“.\Get-TokenPrivs.ps1 -ProcID 3836”项识别为 cmdlet、函数、脚本文件或可运行程序的名称。请检查名称的拼写,如
果包括路径,请确保路径正确,然后再试一次。
所在位置 行:1 字符: 2
+ .".\Get-TokenPrivs.ps1 -ProcID 3836"
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (.\Get-TokenPrivs.ps1 -ProcID 3836:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS E:\>
PS E:\> .".\Get-TokenPrivs.ps1" -ProcID 3836
PS E:\>
sh1yan commented 5 years ago

问题解决了,题主出现这个问题,是由于使用脚本的时候,没有进行导入模块,导致,导入模块后,将可以正常运行。 E:>powershell –ep bypass Windows PowerShell 版权所有 (C) Microsoft Corporation。保留所有权利。

PS E:> Import-Module ./Get-TokenPrivs.ps1 PS E:> Get-TokenPrivs -ProcID 15032

[?] PID 15032 --> WeChat [+] Process handle: 2480 [+] Token handle: 2116 [+] Token has 5 privileges:

LUID Privilege

19 SeShutdownPrivilege 23 SeChangeNotifyPrivilege 25 SeUndockPrivilege 33 SeIncreaseWorkingSetPrivilege 34 SeTimeZonePrivilege

PS E:>

cmbcbe commented 2 years ago

Hello,

i'm launching Outlook with this command, the process is created but no windows is showing, i can see outlook.exe in memory. Any idea? Thanks

$OutlookEXE=(Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE" -Name "Path").Path+"\Outlook.exe";
Invoke-CreateProcess -Binary "$OutlookEXE" -CreationFlags 0x1 -ShowWindow 0x1 -StartF 0x1;

It's look like launching with detached process show Outlook windows, anyway to launch it detached and in debug mode? -CreationFlags Process creation flags: 0x00000000 (NONE) 0x00000001 (DEBUG_PROCESS) 0x00000002 (DEBUG_ONLY_THIS_PROCESS) 0x00000004 (CREATE_SUSPENDED) 0x00000008 (DETACHED_PROCESS) Thank you