(Created page with "==Remote Code Execution Options==") |
No edit summary |
||
| Line 1: | Line 1: | ||
==Remote Code Execution Options== | ==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>== | ||
<syntaxhighlight lang="powershell"> | |||
#WMI | |||
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create “COMMAND“ | |||
#PowerShell (WMI) | |||
Invoke-WMIMethod -Class Win32_Process -Name Create –ArgumentList $COMMAND –ComputerName $COMPUTER -Credential $CRED | |||
#WinRM | |||
winrs –r:COMPUTER COMMAND | |||
#PowerShell Remoting | |||
Invoke-Command –computername $COMPUTER -command { $COMMAND} | |||
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER | |||
</syntaxhighlight> | |||
== References: == | |||
<references /> | |||
Revision as of 11:46, 19 September 2023
Remote Code Execution Options[1]
#WMI
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create “COMMAND“
#PowerShell (WMI)
Invoke-WMIMethod -Class Win32_Process -Name Create –ArgumentList $COMMAND –ComputerName $COMPUTER -Credential $CRED
#WinRM
winrs –r:COMPUTER COMMAND
#PowerShell Remoting
Invoke-Command –computername $COMPUTER -command { $COMMAND}
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER