我可以使用WINRM在远程主机窗口上推送二进制文件。 如果没有,是否有任何其他机制允许我在远程主机上推送二进制文件。
答案 0 :(得分:0)
我想我找到了解决方案。
#include <windows.h>
#include <tchar.h>
#define SIZEOF_BUFFER 0x100
// Remote Parameters
LPCTSTR lpszMachine = NULL;
LPCTSTR lpszPassword = NULL;
LPCTSTR lpszUser = NULL;
LPCTSTR lpszDomain = NULL;
LPCTSTR lpszCommandExe = NULL;
LPCTSTR lpszLocalIP = _T("\\\\127.0.0.1");
char szThisMachine[SIZEOF_BUFFER] = "";
char szPassword[SIZEOF_BUFFER] = "";
LPCTSTR GetParamValue( LPCTSTR lpszParam )
{
DWORD dwParamLength = _tcslen( lpszParam );
for ( int i = 1; i < __argc; i++ )
if ( __targv[i][0] == _T('\\') || __targv[i][0] == _T('.'))
continue;
else
if ( __targv[i][0] == _T('/') || __targv[i][0] == _T('-') )
{
if ( _tcsnicmp( __targv[i] + 1, lpszParam, dwParamLength ) == 0 )
return __targv[i] + dwParamLength + 1;
}
else
return NULL;
return NULL;
}
LPCTSTR GetNthParameter( DWORD n, DWORD& argvIndex )
{
DWORD index = 0;
for( int i = 1; i < __argc; i++ )
{
if ( __targv[i][0] != _T('/') && __targv[i][0] != _T('-') )
index++;
if ( index == n )
{
argvIndex = i;
return __targv[i];
}
}
return NULL;
}
BOOL SetConnectionCredentials()
{
lpszPassword = GetParamValue( _T("pwd:") );
lpszUser = GetParamValue( _T("user:") );
return TRUE;
}
LPCTSTR GetRemoteMachineName()
{
DWORD dwIndex = 0;
LPCTSTR lpszMachine = GetNthParameter( 1, dwIndex );
if ( lpszMachine == NULL )
// return NULL;
return lpszLocalIP;
if ( _tcsnicmp( lpszMachine, _T(" "), 2 ) == 0 )
return lpszLocalIP;
if ( _tcsnicmp( lpszMachine, _T("\\\\"), 2 ) == 0 )
return lpszMachine;
// If a dot is entered we take it as localhost
if ( _tcsnicmp( lpszMachine, _T("."), 2 ) == 0 )
return lpszLocalIP;
return NULL;
}
// Establish Connection to Remote Machine
BOOL EstablishConnection( LPCTSTR lpszRemote, LPCTSTR lpszResource, BOOL bEstablish )
{
TCHAR szRemoteResource[_MAX_PATH];
DWORD rc;
_stprintf( szRemoteResource, _T("%s\\%s"), lpszRemote, lpszResource );
NETRESOURCE nr;
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpRemoteName = (LPTSTR)&szRemoteResource;
nr.lpProvider = NULL;
//Establish connection (using username/pwd)
rc = WNetAddConnection2( &nr, lpszPassword, lpszUser, FALSE );
if ( rc == NO_ERROR )
return TRUE; // indicate success
return FALSE;
}
BOOL CopyBinaryToRemoteSystem()
{
TCHAR drive[_MAX_DRIVE];
TCHAR dir[_MAX_DIR];
TCHAR fname[_MAX_FNAME];
TCHAR ext[_MAX_EXT];
TCHAR szRemoteResource[_MAX_PATH];
// Gets the file name and extension
_tsplitpath( lpszCommandExe, drive, dir, fname, ext );
_stprintf( szRemoteResource, _T("%s\\ADMIN$\\System32\\%s%s"), lpszMachine, fname, ext );
// Copy the Command's exe file to \\remote\ADMIN$\System32
return CopyFile( lpszCommandExe, szRemoteResource, FALSE );
}
int _tmain( DWORD, TCHAR**, TCHAR** )
{
int rc = 0;
DWORD dwIndex = 0;
lpszMachine = GetRemoteMachineName();
lpszCommandExe = GetNthParameter( 2, dwIndex );
SetConnectionCredentials();
if ( !EstablishConnection( lpszMachine, _T("ADMIN$"), TRUE ) )
{
rc = -2;
}
if ( !CopyBinaryToRemoteSystem())
{
}
return 0;
}