Remote Code Execution: Difference between revisions

From RCATs
(Created page with "==Remote Code Execution Options==")
 
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Remote Code Execution Options==
==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>==
<section begin="remotecodeex" />
<syntaxhighlight lang="powershell">
#WMI
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create “COMMAND“
 
#PowerShell (WMI)
Invoke-WMIMethod -Class Win32_Process -Name Create –ArgumentList $COMMAND –ComputerName $COMPUTER -Credential $CRED
 
#WinRM
winrs –r:COMPUTER COMMAND
 
#PowerShell Remoting
Invoke-Command –computername $COMPUTER -command { $COMMAND}
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER
</syntaxhighlight>
<section end="remotecodeex" />
 
 
== References: ==
<references />
 
 
[[Category:Lateral Movement]]

Latest revision as of 12:51, 19 September 2023

Remote Code Execution Options[1]

#WMI
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create COMMAND

#PowerShell (WMI)
Invoke-WMIMethod -Class Win32_Process -Name Create ArgumentList $COMMAND ComputerName $COMPUTER -Credential $CRED

#WinRM
winrs r:COMPUTER COMMAND

#PowerShell Remoting
Invoke-Command computername $COMPUTER -command { $COMMAND}
New-PSSession -Name PSCOMPUTER ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER


References:

  1. https://adsecurity.org/?p=2398#CreateIFM
Retrieved from "https://rcats.dev/rcats/index.php?title=Remote_Code_Execution&oldid=1005"