1

最近我试图更深入地研究从 Windows 到 Windows 运行远程命令。使用 ssh、ftp 可以很容易 - 但我希望它在不知道密码的情况下运行命令,无论是用户名、本地 ip 和计算机名,还可能是一些打开的防火墙端口。

我使用了一些人建议我使用的几个命令:

  • wmic
  • PowerShell远程命令
  • 赢家
  • psexec

但是出现了一些错误,现在我无法继续我的工作。


WMIC

尝试运行 node wmic 命令时,经常出现此错误

ERROR: 
Description = RPC server is unavailable

每次我尝试运行此命令时都会发生这种情况。我什至在几台电脑上测试过这个。让我知道我是否必须在远程计算机上使用一些设置命令才能使其正常工作


电源外壳

我已经做了微软文档所说的一切。尽管我没有工作。我试过获取 ps 会话,输入它等。

这是我用来调用命令的命令:

调用命令 -ComputerName DHEB -ScriptBlock {Get-UICulture}

它执行了这个错误:

[DHEB] Connecting to remote server DHEB failed with the following error message : WinRM cannot process the request.
The following error with errorcode 0x8009030e occurred while using Negotiate authentication: A specified logon session
does not exist. It may already have been terminated.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (DHEB:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : 1312,PSSessionStateBroken

温RS

Winrs 命令的结果也不是很好。Desktop-VAPJUPI 在线,电脑上安装了winrs。然而它仍然没有工作

命令:

winrs -r:"DESKTOP-VAPJUPI" cmd.exe

输出:

Winrs error:
C:\Users\matis>The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

执行程序

我使用的最后一个命令是 psexec。它非常稳定且非常有用,但是它对我不起作用。

命令:

PsExec.exe \DESKTOP-VAPJUPI -e -i -nobanner cmd.exe

输出:

Couldn't access DESKTOP-VAPJUPI:
The network path was not found.

Make sure that the default admin$ share is enabled on DESKTOP-VAPJUPI.

我尝试在 Desktop-VAPJUPI 上共享整个 C:\ 磁盘,但它仍然不起作用。让我知道如何共享defaultfor admin$


如您所见,没有任何命令有效。我不知道我是否做错了一切,要么我的电脑重新启动,要么我想做的整个事情都是不可能的。

是的,我知道我可以为 ftp 或 ssh 密钥设置匿名登录以进行无密码登录,但是出于某种原因我不想这样做。

感谢任何答案,谢谢

4

1 回答 1

0

选项1:

     Invoke-Command -ComputerName DESKTOP-VAPJUPI -ScriptBlock {cmd.exe /c ipconfig /all}

选项 2:

     Enter-PSSession DESKTOP-VAPJUPIA
     cmd.exe /c ipconfig /all
     Exit-PSSession

但是,您必须在同一个域/网络上,并且运行脚本的用户必须在远程计算机上具有正确的权限。但是这样你就不必在运行远程脚本时输入凭证。

于 2022-01-03T14:12:58.040 回答