Remote Code Execution: Difference between revisions

From RCATs
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>==
==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>==
<section begin="remotecodeex" />
<syntaxhighlight lang="powershell">
<syntaxhighlight lang="powershell">
#WMI
#WMI
Line 14: Line 15:
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER
</syntaxhighlight>
</syntaxhighlight>
<section end="remotecodeex" />


== References: ==
== References: ==
<references />
<references />
[[Category:Lateral Movement]]

Latest revision as of 11:51, 19 September 2023

Remote Code Execution Options[1]

#WMI
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create COMMAND

#PowerShell (WMI)
Invoke-WMIMethod -Class Win32_Process -Name Create ArgumentList $COMMAND ComputerName $COMPUTER -Credential $CRED

#WinRM
winrs r:COMPUTER COMMAND

#PowerShell Remoting
Invoke-Command computername $COMPUTER -command { $COMMAND}
New-PSSession -Name PSCOMPUTER ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER


References: