POWERSHELL REMOTING

Uses TCP 5985 & TCP/SSL 5986

To enable PowerShell Remoting

Enable-PSRemoting

To connect to a remote computer where current user has local admin access

Enter-PSSession -ComputerName <COMPUTER NAME>

To store a session of a remote computer where current user has local admin access

$sess = New-PSSession -ComputerName <COMPUTER NAME>

Execute commands on remote machine via PSRemoting where our current user is local admin on the remote machine

Invoke-Command -ComputerName <COMPUTER NAME> -ScriptBlock {whoami}

Execute commands on remote machine via PSRemoting where our current user is local admin session on the remote machine 

Invoke-Command -SessionName <SESSIONNAME> -ScriptBlock {whoami}

To copy a file from local machine to remote server where current user has local admin access

Copy-Item -Path <PATH TO FILE> -Destination <DESTINATION PATH ON REMOTE> -ToSession $sess

To copy a file from remote machine where current user has local admin access

Copy-Item -Path <PATH TO FILE> -Destination <DESTINATION PATH ON LOCAL> -FromSession $sess

To load PowerShell scripts from local machine to the remote machine where our current user is local admin on the remote machine

Invoke-Command -Computername <COMPUTER NAME> -FilePath <LOCAL PATH FOR SCRIPT>

To load PowerShell scripts from local machine to the remote machine with local admin session of current user

Invoke-Command -Session $sess -FilePath <LOCAL PATH FOR SCRIPT>

To load a function from local powershell memory into remote machine where our current user has local admin access

Invoke-Command -Scriptblock ${function:<FUNCTION>} -Computername <COMPUTER NAME>

To load a function from local powershell memory into remote machine with local admin session of current user

Invoke-Command -Scriptblock ${function:<FUNCTION>} -Session $sess

If the remote machine prompts for authentication, store the credential of the current user which is a local admin on the remote machine

$cred = Get-Credential -Credential <DOMAIN\USERNAME>

Pass the $cred variable with -Credential parameter for the above commands

PreviousFILE DOWNLOADNextAD BLOODHOUND

Last updated