Windows Remote Management

RDP

rdp-sec-check.pl 10.10.10.10

xfreerdp /u:qu35t /p:"P455w0rd!" /port:3389 /v:10.10.10.10

WinRM

evil-winrm -i 10.10.10.10 -u qu35t -p "P455w0rd!"

$password = ConvertTo-SecureString 'Password1!' -AsPlainText -Force
PS C:\htb> $cred = new-object System.Management.Automation.PSCredential ("QU35T.pw\qu35t", $password)
PS C:\htb> Enter-PSSession -ComputerName ACADEMY-EA-DB01 -Credential $cred

WMI

wmiexec.py qu35t:"P455w0rd!"@10.10.10.10 "hostname"

References

RDP-sec-check

PreviousTransferring Files NextWindows AV

Last updated 2 years ago