This PHP script provides a lightweight client for executing commands on Windows machines using the Windows Remote Management (WinRM) protocol. It allows you to run commands remotely on Windows systems from a PHP application, which can be useful for various system administration and automation tasks.
- PHP 8.0+ (might work with older versions, haven't tested)
- php-curl
- no need for SoapClient or any other fancy HTTP libs
- Execute commands on remote Windows machines
- Lightweight and easy to integrate into PHP applications
- Uses Basic authentication for simplicity
This script is provided as-is, without any warranties or guarantees. Use at your own risk and ensure you comply with all relevant security policies and regulations in your environment.
IMPORTANT: This script uses Basic authentication, which transmits credentials in base64-encoded format. This method is not secure over unencrypted connections and can be easily intercepted on the network.
- Do not use this script over untrusted networks without proper encryption (e.g., HTTPS).
- Use this script only in secure, isolated environments where network traffic cannot be sniffed.
- Consider using more secure authentication methods for production environments.
- Open PowerShell as Administrator on the target Windows machine.
- Run the following command to enable WinRM:
winrm quickconfig
- Answer 'Y' to any prompts.
- Open the "Local Group Policy Editor" (run
gpedit.msc). - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
- Double-click on "Allow Basic authentication".
- Select "Enabled" and click "OK".
- Restart the WinRM service by running in PowerShell:
Restart-Service WinRM
- Open the Group Policy Management Console.
- Create a new GPO or edit an existing one.
- Navigate to: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
- Enable the "Allow Basic authentication" setting.
- Link the GPO to the appropriate Organizational Unit (OU) containing the target machines.
- Force a Group Policy update on the target machines or wait for the next automatic update.
Ensure that WinRM traffic is allowed through the Windows Firewall:
- Open Windows Firewall with Advanced Security.
- Create a new Inbound Rule.
- Allow TCP port 5985 (for HTTP)
- Specify Remote IP Address for better security
-
Include the
WinRMClientclass in your PHP script:require_once 'WinRMClient.php';
-
Create an instance of the
WinRMClientclass:$client = new WinRMClient('192.168.1.100', 'username', 'password');
Replace
'192.168.1.100','username', and'password'with the appropriate values for your target Windows machine. -
Execute a command:
$output = $client->execute_command('dir C:\\'); echo $output;
This will execute the
dir C:\command on the remote Windows machine and display the output.
<?php
require_once 'WinRMClient.php';
$client = new WinRMClient('192.168.1.100', 'administrator', 'password123');
// List contents of C:\
$output = $client->execute_command('dir C:\\');
echo "Contents of C:\\\n$output\n\n";
// Get system information
$output = $client->execute_command('systeminfo');
echo "System Information:\n$output\n";- This script uses Basic authentication, which is not secure over unencrypted connections.
- Only works with local users (no domain users can be used for Basic auth)
- It does not support more advanced WinRM features like file transfers.
- Error handling is basic and may need improvement for production use.
Feel free to fork this project and submit pull requests for any improvements or bug fixes.