Don’t leave your Remote PowerShell sessions unattended!

I thought this goes without saying, but apparently people still need to be reminded. If you leave your session unattended, say by forgetting to lock your PC or by using a shared account to login to a remote PC, you are just asking for trouble. Remember that credentials are stored in the session connection info, so getting your password(s) from sessions you left unattended is as easy as running a one-liner:

(Get-PSSession).Runspace.ConnectionInfo.Credential.GetNetworkCredential().Password

Of course getting the username part is just as easy, and sending the info over email takes one more line of code. Not all remote sessions are spilling the beans so easily, but this will work for every Exchange session (regardless of the connection status!), PS remoting over domain boundaries, etc.

For the same reason, never run a script or code from untrusted source.

P.S. for all the people still storing passwords in script files – do a simple search on your favorite search engine and end this practice.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.