.NET - Copying an executable across LAN to another computer, and executing it

Question

I\'m using .NET, and going crazy trying to find any helpful API that lets me transfer a file across a LAN network (trough admin credentials of course) and then execute it on

Answer 1

You can consider to use Scheduler service (AT command) to start an application (see http://msdn.microsoft.com/en-us/library/aa384006.aspx) after the application code are copied to the remote computer.

Answer 2

I don't think that this is easily achieved. You can however copy the exe with .net. And then (also from .net, with Process.Start) invoke psExec and make it execute the program remotely.

Answer 3

On machines that don't have PowerShell 2.0 remoting enabled, I find the PsExec commandline tool very useful. It requires administration permissions on the remote machine.

Answer 4

I know it's been years, but ran into this challenge and came accross this post (among others) so going to share the solution in case it helps anyone moving forward. It can be used to move any file you want over WMI.

Solution:

1: Convert EXE to Base64

byte[] bytes = File.ReadAllBytes(pathToExe);
String file = Convert.ToBase64String(bytes);

2: Echo Base64 to a file over WMI and decode with certutil

ConnectionOptions co = new ConnectionOptions();

// isLocal is a variable indicating whether machine name/IP is local    
if (!isLocal) {  
    co.Username = "domainOrMachine\accountName";
    co.Password = "password for account";
    co.EnablePrivileges = true; 
    co.Impersonation = ImpersonationLevel.Impersonate;
}

//ip is a vaiable holding the target endpoint
ManagementScope s = new ManagementScope(@"\\" + ip + @"\root\cimv2", co);
s.open();

ObjectGetOptions ogo = new ObjectGetOptions();
ManagementClass prog = new ManagementClass(s, new 
ManagementPath("Win32_Process"), ogo);
ManagementBaseObject mbo = prog.GetMethodParameters("Create");

mbo["CommandLine"] = @"cmd /c ""echo " + base64String + @" > c:\windows\temp\b64_exec.txt && certutil -decode c:\windows\temp\b64_exec.txt c:\windows\temp\b64_exec.exe && c:\windows\temp\b64_exec.exe""";

prog.InvokeMethod("Create", mbo, null);

Now, there are some gotcha's that need to be highlighted

• The entire command passed can't have a length greater than 8191 characters, the maximum length of a command
• You can break up the base64 file and send it in multiple chunks - just remember that > pipes to a new file or overwrites an existing file and >> appends or adds to an existing file.
• You will want to also issue a del command to clean up the base64 file - depending on the room available, you might have to make a second WMI call to invoke that.

In my case, I didn't want to send a full 2MB file 7000 characters at a time, so I created a simple .net downloader that compiled to less than 6KB and got it all into a single statement (as per above.) It downloads my executable and when complete (when I see the file I want, queried over WMI) I just delete it over WMI.