search

Powershell Remoting

Instead of having to connect to a workstation from outside of the network everytime in order to execute commands, if we are already in a Powershell session we can either start a new session in our target box or issue commands on the target remotely from the current session we are in.

Executing commands in such a manner is less noisy of course. You can run scripts or local functions from your current workstation onto your target remotely. You can even issue commands to multiple targets in the network in one statement if you have the privileges to do so (Fan-Out Remoting).

You may have to enable remoting (Enable-PSRemoting) on your workstation if PSRemoting is not enabled already, but you need Administrator privileges to do so.

This works excellently in conjunction with Pass-the-Hash.

Some of these commands will require PowerView.

hashtag
Storing Credentials into the Session

  • Method 1: Using the Get-Credential cmdlet from a remote desktop:

$creds = Get-Credential <user>  # then enter the password in the popup

  • Method 2: Using the New-Object-Cmdlet

$user = '<user>'
$pwd = '<password>'
$secure_pwd = $pwd | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $user, $secure_pwd

hashtag
Begin a New Session on Another Workstation

Enter-PSSession -ComputerName <computer>

hashtag
Running a Stateful Session and Then Entering It

hashtag
Executing Commands Remotely on Another Workstation

hashtag
Spraying Computers to See Where You Have Access

  • My little script is a bit cleaner...

hashtag
Executing Scripts Remotely

  • You can spray this command onto other workstations at once as well...

hashtag
Execute Locally Loaded Functions on Remote Machines

hashtag
Copying Files Remotely

PreviousSkeleton KeysNextLateral Movement

Last updated