If you’re doing a penetration test and you’ve got credentials for an account on a remote machine, you can try to run remote commands by taking advantage of the PowerShell remoting feature.
First make sure that the TCP ports 5985/5986 (WinRM ports) are open (“nmap -p 5985,5986″ should help you there).
To establish are remote session, you can use the Enter-PSSession command, however you need to provide the credentials as a PSCredential/SecureString object.
To do that, you can use the Get-Credential cmdlet.
Here are the steps:
$creds = Get-Credential
Enter-PSSession -ComputerName <computer> -Credential $creds