If you’re doing a penetration test and you’ve got credentials for an account on a remote machine, you can try to run remote commands by taking advantage of the PowerShell remoting feature.<\/p>\n
First make sure that the TCP ports 5985\/5986 (WinRM ports) are open (“nmap -p 5985,5986″<\/em> should help you there).<\/p>\n To establish are remote session, you can use the Enter-PSSession<\/em> command, however you need to provide the credentials as a PSCredential\/SecureString object.<\/p>\n To do that, you can use the Get-Credential cmdlet.<\/p>\n Here are the steps:<\/p>\n If you’re doing a penetration test and you’ve got credentials for an account on a remote machine, you can try to run remote commands by taking advantage of the PowerShell remoting feature. First make sure that the TCP ports 5985\/5986 (WinRM ports) are open (“nmap -p 5985,5986″ should help you there). To establish are remote […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[84,82,83,85],"class_list":["post-291","post","type-post","status-publish","format-standard","hentry","category-security","tag-credential","tag-powershell","tag-pssession","tag-winrm"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":" If you’re doing a penetration test and you’ve got credentials for an account on a remote machine, you can try to run remote commands by taking advantage of the PowerShell remoting feature. First make sure that the TCP ports 5985\/5986 (WinRM ports) are open (“nmap -p 5985,5986″ should help you there). To establish are remote session, you can use the Enter-PSSession command, however you need to provide the credentials as a PSCredential\/SecureString object. To do that, you can use the Get-Credential cmdlet. Here are the steps: $creds = Get-Credential Enter-PSSession -ComputerName <computer> -Credential $creds<\/p>\n","category_list_v2":"Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=291"}],"version-history":[{"count":2,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/291\/revisions"}],"predecessor-version":[{"id":829,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/291\/revisions\/829"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}$creds = Get-Credential<\/pre>\n
Enter-PSSession -ComputerName <computer> -Credential $creds<\/pre>\n","protected":false},"excerpt":{"rendered":"