Use PowerShell’s PSSession to run remote commands with given credentials

If you’re doing a penetration test and you’ve got credentials for an account on a remote machine, you can try to run remote commands by taking advantage of the PowerShell remoting feature.

First make sure that the TCP ports 5985/5986 (WinRM ports) are open (“nmap -p 5985,5986″ should help you there).

To establish are remote session, you can use the Enter-PSSession command, however you need to provide the credentials as a PSCredential/SecureString object.

To do that, you can use the Get-Credential cmdlet.

Here are the steps:

$creds = Get-Credential
Enter-PSSession -ComputerName <computer> -Credential $creds