Insert Passwords for Powershell Script


I’m fairly new to Jupyter and have had been creating various Python playbooks which have worked very well. However, for Incident Response, I need to call PowerShell as well to access remote computers. To do this, I installed PowerShell on CentOS and started getting some basic commands working within Jupyter. Below is working code.

pwsh -c '$computer_name = "";
new-item -ItemType Directory -Force -path /home/centos/Investigations/$computer_name/; 
$credentials = Import-Clixml -Path "/home/centos/cred.xml"; 
Invoke-Command -ComputerName $computer_name -Authentication Negotiate -Credential $credentials -ScriptBlock {Get-Service} | Where-Object {$_.status -eq "running"} | select-object Name, DisplayName, Status | out-file /home/centos/Investigations/$computer_name/Services.csv;
Invoke-Command -ComputerName $computer_name -Authentication Negotiate -Credential $credentials -ScriptBlock {schtasks /query /fo list /v} | out-file /home/centos/Investigations/$computer_name/ScheduledTasks.txt;
Invoke-Command -ComputerName $computer_name -Authentication Negotiate -Credential $credentials -ScriptBlock {tasklist /v} | out-file /home/centos/Investigations/$computer_name/TaskList.txt;
Invoke-Command -ComputerName $computer_name -Authentication Negotiate -Credential $credentials -ScriptBlock {netstat -naob} | out-file /home/centos/Investigations/$computer_name/Netstat.txt;
Invoke-Command -ComputerName $computer_name -Authentication Negotiate -Credential $credentials -ScriptBlock {Get-WmiObject Win32_NetworkConnection} | out-file /home/centos/Investigations/$computer_name/OutboundSessions.txt'

The issue I have with this is keeping the cred.xml file stored on the computer. I would like to make it where I interactively put in the username/password, but I"m not sure how to do that. I looked at using Python’s getpass module and moving these bash commands into os.system or subprocess, but I’m having some issues with that since I need to put in the username, password, and computer name variable and have them inserted into one long Powershell command.

Any help would be greatly appreciated.

1 Like

I actually found a decent way to do this that works but please let me know if this is the best method.

computername = input('Enter the computername including domain: ')
username = input('Enter your username: ')
password = getpass.getpass('Enter your password: ')

os.system("pwsh -c '$computer_name = \"" + computername + "\"; new-item -ItemType Directory -Force -path /home/centos/Investigations/$computer_name/;'")

os.system("pwsh -c '$username = \"" + username + "\"; $password = \"" + password + "\"; $userPassword = ConvertTo-SecureString -String \"" + password + "\" -AsPlainText -Force; $credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$userpassword; Invoke-Command -ComputerName " + computername + " -Authentication Negotiate -Credential $credentials -ScriptBlock {netstat -naob} | out-file \"/home/centos/Investigations/" + computername + "/Netstat.txt\"'")