Access

How to get into a system if you have creds

WinRM

Regular

Here are 3 commands:

  1. Converting our password to secure string

  2. Putting password secure string and username into $cred object

  3. Using $cred for authentication

PS C:\> $password = ConvertTo-SecureString "password123" -AsPlainText -Force

PS C:\> $cred = new-object System.Management.Automation.PSCredential ("MILITECH\sreed", $password)

PS C:\> Enter-PSSession -ComputerName MILITECH-MS13 -Credential $cred

Evil-WinRM

evil-winrm -i 13.13.13.13 -u rio -p rio@123

RDP

Rdesktop

rdesktop -u rio -p 'rio@123' -d corp.local 13.13.13.13

Xfreerdp

Regular

xfreerdp /u:rio /p:rio@123 /v:13.13.13.13 /d:corp.local /cert:ignore

With Port-Forwarding

xfreerdp /u:rio /p:rio@123 /v:localhost:3389 /d:corp.local /cert:ignore

Mounting a local dir

xfreerdp /v:rio /u:rio /p:rio@123 /drive:share,/home/rio/test

Remmina (GUI)

reminna

PSEXEC

impacket-psexec administrator:'password123'@13.13.13.13

WMIEXEC

impacket-smbexec sreed:password123@13.13.13.13

SMBEXEC

impacket-wmiexec sreed:password123@13.13.13.13

RUNAS

runas /netonly /user:RIOTECH\rio powershell
PreviousFilesNextPivoting

Last updated