PowerShell-Suite icon indicating copy to clipboard operation
PowerShell-Suite copied to clipboard
verified publisher icon FuzzySecurity

Will these scripts still run normally?

Open trolloos opened this issue 8 years ago • 5 comments

I can't seem to do anything to get them to work. Whenever I try to execute a script my powershell window just jumps to a new line no error nothing. It does nothing I am running powershell as admin and I have the right execution policy but none of the scripts seem to do anything for me?

trolloos avatar Aug 26 '17 23:08 trolloos

The scripts define functions. So when you run them, they create the function and then exit.

What you want to do is "dot source" the script, which will load the function into the current PowerShell session. For example:

. ".\Invoke-Runas.ps1"

After you've dot sourced the script file, you can then use the function it defined:

Invoke-Runas -User SomeAccount -Password SomePass -Domain SomeDomain -Binary C:\Windows\System32\cmd.exe -LogonType 0x2

elijahgagne avatar Aug 27 '17 00:08 elijahgagne

or simply add the line below at the end of the script (make sure you specify the cred details tho). Invoke-Runas -User SomeAccount -Password SomePass -Domain SomeDomain -Binary C:\Windows\System32\cmd.exe -LogonType 0x2

stock99 avatar Jan 29 '19 00:01 stock99

我在尝试了以上方法,和时无法运行 I'm trying the above method, and I can't run it at any time.

PS E:\> . ".\Get-TokenPrivs.ps1"
PS E:\> .".\Get-TokenPrivs.ps1"
PS E:\> .".\Get-TokenPrivs.ps1 -ProcID 3836"
. : 无法将“.\Get-TokenPrivs.ps1 -ProcID 3836”项识别为 cmdlet、函数、脚本文件或可运行程序的名称。请检查名称的拼写,如
果包括路径,请确保路径正确,然后再试一次。
所在位置 行:1 字符: 2
+ .".\Get-TokenPrivs.ps1 -ProcID 3836"
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (.\Get-TokenPrivs.ps1 -ProcID 3836:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS E:\>
PS E:\> .".\Get-TokenPrivs.ps1" -ProcID 3836
PS E:\>

sh1yan avatar Jul 05 '19 02:07 sh1yan

问题解决了,题主出现这个问题,是由于使用脚本的时候,没有进行导入模块,导致,导入模块后,将可以正常运行。 E:>powershell –ep bypass Windows PowerShell 版权所有 (C) Microsoft Corporation。保留所有权利。

PS E:> Import-Module ./Get-TokenPrivs.ps1 PS E:> Get-TokenPrivs -ProcID 15032

[?] PID 15032 --> WeChat [+] Process handle: 2480 [+] Token handle: 2116 [+] Token has 5 privileges:

LUID Privilege

19 SeShutdownPrivilege 23 SeChangeNotifyPrivilege 25 SeUndockPrivilege 33 SeIncreaseWorkingSetPrivilege 34 SeTimeZonePrivilege

PS E:>

sh1yan avatar Jul 10 '19 01:07 sh1yan

Hello,

i'm launching Outlook with this command, the process is created but no windows is showing, i can see outlook.exe in memory. Any idea? Thanks

$OutlookEXE=(Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE" -Name "Path").Path+"\Outlook.exe";
Invoke-CreateProcess -Binary "$OutlookEXE" -CreationFlags 0x1 -ShowWindow 0x1 -StartF 0x1;

It's look like launching with detached process show Outlook windows, anyway to launch it detached and in debug mode? -CreationFlags Process creation flags: 0x00000000 (NONE) 0x00000001 (DEBUG_PROCESS) 0x00000002 (DEBUG_ONLY_THIS_PROCESS) 0x00000004 (CREATE_SUSPENDED) 0x00000008 (DETACHED_PROCESS) Thank you

cedric-marcoux avatar Oct 27 '22 08:10 cedric-marcoux