No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>== | ==Remote Code Execution Options<ref>https://adsecurity.org/?p=2398#CreateIFM</ref>== | ||
<section begin="remotecodeex" /> | |||
<syntaxhighlight lang="powershell"> | <syntaxhighlight lang="powershell"> | ||
#WMI | #WMI | ||
| Line 14: | Line 15: | ||
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER | New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<section end="remotecodeex" /> | |||
== References: == | == References: == | ||
<references /> | <references /> | ||
Revision as of 11:48, 19 September 2023
Remote Code Execution Options[1]
#WMI
Wmic /node:COMPUTER/user:DOMAIN\USER /password:PASSWORD process call create “COMMAND“
#PowerShell (WMI)
Invoke-WMIMethod -Class Win32_Process -Name Create –ArgumentList $COMMAND –ComputerName $COMPUTER -Credential $CRED
#WinRM
winrs –r:COMPUTER COMMAND
#PowerShell Remoting
Invoke-Command –computername $COMPUTER -command { $COMMAND}
New-PSSession -Name PSCOMPUTER –ComputerName $COMPUTER; Enter-PSSession -Name PSCOMPUTER