tldr; This post will talk about ps-session in Powershell. This is a remote interaction tool. Powershell has PS-Sessions. (Yes, there is Invoke-Command which acts more like psexec). PS-Sessions should be…

tldr; This post will talk about ps-session in Powershell. This is a remote interaction tool.

Powershell has PS-Sessions. (Yes, there is Invoke-Command which acts more like psexec). PS-Sessions should be used to create a more persistent connection and interaction. Instead of connecting and disconnecting from the remote machine each time you run a command, you keep the session until you close it. The limitation is that you can only interact with one machine at a time. However, you can create multiple sessions and switch between them.

PS-Session does require that PS-Remoting be turned on and machine used for remoting is added to the TrustedHosts of the remote machine.

PS C:\> Enable-PSRemoting -force_

PS C:\> set-item wsman:\localhost\Clients\TrustedHosts -value IPADDRESS/COMPUTERNAME

To start an interactive session, you can use Enter-PSSession.

If you have not created any sessions, you would use the computer and credentials to enter.

PS C:\> Enter-PSSession -ComputerName COMPUTERNAME -Credential USERNAME

This will then prompt you for the password. If WinRM is enabled on the remote machine and the user you have specified is allowed to remote into that computer, a session should start and be shown. You can then run commands on that remote machine.

You can create sessions to make it easier to move back and forth between sessions.

PS C:\> $session = New-PSSession -ComputerName COMPUTERNAME -Credential USERNAME

PS C:\> Enter-PSSession -Session $session

Now, when you exit, you can just join sessions by the variable you created. In this instance, it’s $session. You can see all your sessions with Get-Session.

I have put together some quick scripts to make this a bit easier:

$hostname = read-host -prompt ‘Input the host machine of the remote computer.’
$user = read-host -prompt ‘Input the username you want to connect as’
$password = read-host -prompt ‘Input the password of the user’
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($user,$secpasswd)
Enter-PSSession -ComputerName $hostname -Credential $mycreds

And here is what the output would look like:

You can see that it asks you for the hostname of the remote machine, the username, and password of the user. This script will bypass having to use the interactive Get-Credential. You can see it in the $secpasswd and $mycreds.

And here is another script that tries credentials of a user against a file of computer names until it finds a valid session:

$user = read-host -prompt ‘Input the username you want to connect as’
$password = read-host -prompt ‘Input the password of the user’
foreach($line in Get-Content .\computers.txt) {
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($user,$secpasswd)
enter-pssession -computername $line -credential $creds
}

You can see here that it tried win8 which didn’t exist. Then it found a valid session for Win7.

This post is in no way a full list of the things you can do with PS-Session, but hopefully it gets you started with it.

You can download the scripts here:

https://gameofpwnz.com/scripts/Powershell/pssession.ps1

https://gameofpwnz.com/scripts/Powershell/pssession_computerlist.ps1

 

References:

Enter-PSSession

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-5.1

New-PSSession

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/new-pssession?view=powershell-5.1

 

 

 

Ashton-Drake, aka GameOfPWNZ, is an information security professional and enthusiast He is the owner of this blog.

Leave a Reply