Windows Remote Management
RDP
rdp-sec-check.pl 10.10.10.10xfreerdp /u:qu35t /p:"P455w0rd!" /port:3389 /v:10.10.10.10WinRM
evil-winrm -i 10.10.10.10 -u qu35t -p "P455w0rd!"$password = ConvertTo-SecureString 'Password1!' -AsPlainText -Force
PS C:\htb> $cred = new-object System.Management.Automation.PSCredential ("QU35T.pw\qu35t", $password)
PS C:\htb> Enter-PSSession -ComputerName ACADEMY-EA-DB01 -Credential $credWMI
wmiexec.py qu35t:"P455w0rd!"@10.10.10.10 "hostname"References
Last updated