-
Notifications
You must be signed in to change notification settings - Fork 14
/
Enable-EC2Remoting.ps1
129 lines (99 loc) · 9.37 KB
/
Enable-EC2Remoting.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
function Enable-EC2Remoting
{
<#
.Synopsis
Enables an EC2 instance for various remote access
.Description
Enables common services on an EC2 instance
.Example
Get-EC2 |
Enable-EC2Remoting -PowerShell
.Link
Open-EC2Port
#>
param(
# The EC2 Instance ID
[Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
[string]$InstanceId,
# If set, will open the port for PowerShell remote management and attempt to enable it on the box.
[switch]$PowerShell,
# If set, will open the port for PowerShell remote management with CredSSP and attempt to enable it on the box.
[Switch]$PowerShellCredSSP,
# If set, will open SSH
[Switch]$Ssh,
# If set, will open Echo (aka Ping)
[Alias('Ping')]
[Switch]$Echo,
# If set, will open HTTP
[Switch]$Http,
# If set, will open HTTPS
[Switch]$Https,
# If set, will open RemoteDesktop
[Switch]$RemoteDesktop
)
process {
$ec2Instance = Get-EC2 -InstanceId $InstanceId
if ($Ssh) {
$ec2Instance |
Open-EC2Port -Range 22 -ErrorAction SilentlyContinue
}
if ($echo) {
$ec2Instance |
Open-EC2Port -Range 7 -ErrorAction SilentlyContinue
}
if ($ftp) {
$ec2Instance |
Open-EC2Port -Range 21 -ErrorAction SilentlyContinue
}
if ($http) {
$ec2Instance |
Open-EC2Port -Range 80 -ErrorAction SilentlyContinue
}
if ($https) {
$ec2Instance |
Open-EC2Port -Range 443 -ErrorAction SilentlyContinue
}
if ($remoteDesktop -or $PowerShellCredSSP) {
$ec2Instance |
Open-EC2Port -Range 3389 -ErrorAction SilentlyContinue
}
if ($PowerShell -or $PowerShellCredSSP) {
$ec2Instance |
Open-EC2Port -Range 5985 -PassThru -ErrorAction SilentlyContinue |
Open-EC2Port -Range 5986 -ErrorAction SilentlyContinue
}
if ($PowerShellCredSSP) {
<#
$ec2Pwd = $ec2Instance |
Get-EC2InstancePassword |
Select-Object -ExpandProperty Password |
ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object Management.Automation.PSCredential 'Administrator', $ec2Pwd
# This is an incredibly useful yet dirty trick.
# Remoting can be enabled, but enabling CredSSP on a target box technically requires CredSSP itself.
# So does nearly anything else that requires a credential.
# I can register a task (but only thru the command line tool), but said task actually requires someone to be logged on
# in order to run
# And so...
$ec2Instance |
Connect-EC2
Invoke-Command -ComputerName $ec2Instance.PublicDnsName -Credential $cred -ScriptBlock {
$Soon= [DateTime]::Now.AddSeconds(45)
$Soon= "{0:00}:{1:00}:{2:00}" -f $Soon.Hour,$Soon.Minute, $soon.Second
$enableTaskNAme = "EnableTask$(Get-Random)"
$r = schtasks /create /s localhost /tn $enableTaskNAme /rl highest /st $Soon /SC Once /tr 'powershell.exe -command Enable-WSManCredSSP -Role Server -Force'
$Soon= [DateTime]::Now.AddSeconds(45)
$Soon= "{0:00}:{1:00}:{2:00}" -f $Soon.Hour,$Soon.Minute, $soon.Second
$enableTaskNAme = "EnableTask$(Get-Random)"
$r = schtasks /create /s localhost /tn $enableTaskNAme /rl highest /st $Soon /SC Once /tr 'powershell.exe -command Enable-WSManCredSSP -Role Client -DelegateComputer * -Force'
}
Start-Sleep -Seconds 60
$connectedWithCredSSP =
Invoke-Command -ComputerName $ec2Instance.PublicDnsName -Credential $cred -ScriptBlock { "Connected with CredSSP" } -Authentication CredSSP
New-Object PSObject |
Add-Member NoteProperty ComputerName $ec2Instance.PublicDnsName -PassThru |
Add-Member NoteProperty IsConnected ($connectedWithCredSSP -as [bool]) -PassThru
#>
}
}
}