使用WINRM在遠程主機上推送二進制文件

Question

可以使用WINRM推送遠程主機窗口上的二進制文件。 如果沒有，還有其他機制允許我在遠程主機上推送二進制文件。

Answer 1

我想我找到了解決方案。

#include <windows.h> 
#include <tchar.h>  

#define   SIZEOF_BUFFER  0x100 

// Remote Parameters 
LPCTSTR   lpszMachine = NULL; 
LPCTSTR   lpszPassword = NULL; 
LPCTSTR   lpszUser  = NULL; 
LPCTSTR   lpszDomain  = NULL; 
LPCTSTR   lpszCommandExe = NULL; 
LPCTSTR   lpszLocalIP = _T("\\\\127.0.0.1"); 

char  szThisMachine[SIZEOF_BUFFER] = ""; 
char  szPassword[SIZEOF_BUFFER] = ""; 

LPCTSTR GetParamValue(LPCTSTR lpszParam) 
{ 
    DWORD dwParamLength = _tcslen(lpszParam); 

    for (int i = 1; i < __argc; i++) 
     if (__targv[i][0] == _T('\\') || __targv[i][0] == _T('.')) 
      continue; 
     else 
      if (__targv[i][0] == _T('/') || __targv[i][0] == _T('-')) 
      { 
       if (_tcsnicmp(__targv[i] + 1, lpszParam, dwParamLength) == 0) 
         return __targv[i] + dwParamLength + 1; 
      } 
      else 
       return NULL;  
     return NULL; 
} 

LPCTSTR GetNthParameter(DWORD n, DWORD& argvIndex) 
{ 
     DWORD index = 0;  
     for(int i = 1; i < __argc; i++) 
     { 
      if (__targv[i][0] != _T('/') && __targv[i][0] != _T('-')) 
        index++; 

      if (index == n) 
      { 
        argvIndex = i; 
        return __targv[i]; 
      } 
     }  
     return NULL; 
} 

BOOL SetConnectionCredentials() 
{ 
     lpszPassword = GetParamValue(_T("pwd:")); 
     lpszUser  = GetParamValue(_T("user:")); 
     return TRUE; 
} 

LPCTSTR GetRemoteMachineName() 
{ 
     DWORD dwIndex = 0; 
     LPCTSTR lpszMachine = GetNthParameter(1, dwIndex);  
     if (lpszMachine == NULL) 
      // return NULL; 
      return lpszLocalIP;  
     if (_tcsnicmp(lpszMachine, _T(" "), 2) == 0) 
      return lpszLocalIP;  
     if (_tcsnicmp(lpszMachine, _T("\\\\"), 2) == 0) 
      return lpszMachine; 
     // If a dot is entered we take it as localhost 
     if (_tcsnicmp(lpszMachine, _T("."), 2) == 0) 
      return lpszLocalIP;  
     return NULL; 
}  

// Establish Connection to Remote Machine 
BOOL EstablishConnection(LPCTSTR lpszRemote, LPCTSTR lpszResource, BOOL bEstablish) 
{ 
     TCHAR szRemoteResource[_MAX_PATH]; 
     DWORD rc; 
     _stprintf(szRemoteResource, _T("%s\\%s"), lpszRemote, lpszResource); 
     NETRESOURCE nr; 
     nr.dwType = RESOURCETYPE_ANY; 
     nr.lpLocalName = NULL; 
     nr.lpRemoteName = (LPTSTR)&szRemoteResource; 
     nr.lpProvider = NULL; 

     //Establish connection (using username/pwd) 
     rc = WNetAddConnection2(&nr, lpszPassword, lpszUser, FALSE); 
     if (rc == NO_ERROR) 
      return TRUE; // indicate success 
     return FALSE; 
} 
BOOL CopyBinaryToRemoteSystem() 
{ 
     TCHAR drive[_MAX_DRIVE]; 
     TCHAR dir[_MAX_DIR]; 
     TCHAR fname[_MAX_FNAME]; 
     TCHAR ext[_MAX_EXT]; 
     TCHAR szRemoteResource[_MAX_PATH]; 

     // Gets the file name and extension 
     _tsplitpath(lpszCommandExe, drive, dir, fname, ext);  
     _stprintf(szRemoteResource, _T("%s\\ADMIN$\\System32\\%s%s"), lpszMachine, fname, ext);  
     // Copy the Command's exe file to \\remote\ADMIN$\System32 
     return CopyFile(lpszCommandExe, szRemoteResource, FALSE); 
} 

int _tmain(DWORD, TCHAR**, TCHAR**) 
{ 
     int rc = 0; 
     DWORD dwIndex = 0; 

     lpszMachine = GetRemoteMachineName(); 
     lpszCommandExe = GetNthParameter(2, dwIndex); 
     SetConnectionCredentials(); 

     if (!EstablishConnection(lpszMachine, _T("ADMIN$"), TRUE)) 
     { 
      rc = -2; 
     } 
     if (!CopyBinaryToRemoteSystem()) 
     { 
     } 
     return 0; 
}