PowerShell PSRemoting Pwnage


You have obtained some level of admin creds, (local, domain or otherwise) to a windows server/domain, there is no RDP. There is however the WinRM service, PSRemoting to give it its other name, this allows an admin to create a remote PowerShell session to the server and run commands or scripts, very much like the ssh service used on Linux systems.
The admin level creds you have will allow you to connect to the remote server(s) via PSRemoting, and you will want to run hacker PowerShell tools in the remote session to further infiltrate the server or systems, however, given the lack of RDP and the locked down state of the network and services, you may struggle to get the likes of PowerSploit onto the remote system.

So for instance we might want to run Invoke-Mimikatz on the remote server to extract clear text credentials stored on the server. Lets explore PSRemoting in a liitle more depth.

Continue reading