From f70c63f9d53167299404db582bc0a8acc96a661b Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Tue, 15 Dec 2015 11:55:47 -0800
Subject: Invoke-WmiCommand is now PSv2 compatible

This bug fix addresses issue #96. As much as a hate dropping files to
disk, this was the easiest way to preserve objects in PSv2+. If someone
want to implement the [de]serialization themselves and keep everything
in memory, please submit a PR.
---
 CodeExecution/Invoke-WmiCommand.ps1 | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/CodeExecution/Invoke-WmiCommand.ps1 b/CodeExecution/Invoke-WmiCommand.ps1
index 7d2bb17..80bed86 100644
--- a/CodeExecution/Invoke-WmiCommand.ps1
+++ b/CodeExecution/Invoke-WmiCommand.ps1
@@ -265,7 +265,7 @@ the output of your payload back. :P
             }
 
             $PowerShellPath = $Result.sValue
-            Write-Verbose "Full PowerShell path: $PowerShellPath"
+            Write-Verbose "[$Computer] Full PowerShell path: $PowerShellPath"
 
             $EncodedPayload = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($Payload))
 
@@ -296,11 +296,18 @@ the output of your payload back. :P
                 if (($Result.ReturnValue -eq 0) -and ($Result.sValue)) {
                     $Payload = [Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Result.sValue))
 
-                    $SerilizedPayloadResult = Invoke-Expression ($Payload) | % {
-                        [Management.Automation.PSSerializer]::Serialize($_, 4)
-                    }
+                    $TempSerializedResultPath = [IO.Path]::GetTempFileName()
+
+                    $PayloadResult = Invoke-Expression ($Payload)
+
+                    Export-Clixml -InputObject $PayloadResult -Path $TempSerializedResultPath
+
+                    $SerilizedPayloadText = [IO.File]::ReadAllText($TempSerializedResultPath)
+
+                    $null = Invoke-WmiMethod @WmiMethodArgs -Name 'SetStringValue' -ArgumentList $Hive, $RegistryKeyPath, $SerilizedPayloadText, $RegistryResultValueName
+
+                    Remove-Item -Path $SerilizedPayloadResult -Force
 
-                    $null = Invoke-WmiMethod @WmiMethodArgs -Name 'SetStringValue' -ArgumentList $Hive, $RegistryKeyPath, $SerilizedPayloadResult, $RegistryResultValueName
                     $null = Invoke-WmiMethod @WmiMethodArgs -Name 'DeleteValue' -ArgumentList $Hive, $RegistryKeyPath, $RegistryPayloadValueName
                 }
             }
@@ -329,7 +336,13 @@ the output of your payload back. :P
             Write-Verbose "[$Computer] Payload results successfully retrieved from: $RegistryHive\$RegistryKeyPath\$RegistryResultValueName"
 
             $SerilizedPayloadResult = $Result.sValue
-            $PayloadResult = [Management.Automation.PSSerializer]::Deserialize($SerilizedPayloadResult)
+
+            $TempSerializedResultPath = [IO.Path]::GetTempFileName()
+
+            Out-File -InputObject $SerilizedPayloadResult -FilePath $TempSerializedResultPath
+            $PayloadResult = Import-Clixml -Path $TempSerializedResultPath
+
+            Remove-Item -Path $TempSerializedResultPath
 
             $FinalResult = New-Object PSObject -Property @{
                 PSComputerName = $Computer
-- 
cgit v1.2.3