TLDRBins TLDRBins / Winrm from Windows VM

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

Preparation

0. Check Systeminfo

# Windows Pro is needed
systeminfo

Sample Output:
TO-DO

1. Connect to VPN

OpenVPN client

2. Add DNS Server

+-----------------------------------------------------------------------------------+
| 1. Go to 'Control Panel\Network and Internet\Network and Sharing Center'          |
| 2. Click 'Local Area Connection'                                                  |
| 3. Go to 'Properties' -> 'Internet Protocol Version 4 (TCP/IPv4)' -> 'Properties' |
| 4. Under 'General', check 'Obtain an IP address automatically'                    |
| 5. Check 'Use the following DNS address' -> 'Prefer DNS Server' -> <DC_IP>        |
+-----------------------------------------------------------------------------------+

Sample Output:
TO-DO

3. Add domain to hosts

+--------------------------------------------------------+
| 1. Run text editor as Administrator                    |
| 2. Add '<TARGET> <COMPUTER_NAME> <DC> <DOMAIN>'     |
|    to 'C:\Windows\System32\drivers\etc\hosts'          |
+--------------------------------------------------------+

Sample Output:
TO-DO

4. Add computer to domain

+--------------------------------------------------------------------+
| 1. 'Control Panel' -> Search 'Domain'                              |
| 2. Click 'Join a Domain'                                           |
| 3. Under tab 'Computer Name' -> 'Change'                           |
| 4. Check 'Domain' -> '<DOMAIN>'                                    |
| 5. Enter username and password (domain user)                       |
| 6. If succeed, will pop an alert, 'Welcome to DOMAIN domain.'      |
+--------------------------------------------------------------------+

Sample Output:
TO-DO

5. Sync Time with DC

W32tm /resync /force

Sample Output:
TO-DO

Authentication

1. Get TGT ticket

# Get a Kerberos ticket
.\rubeus.exe asktgt /user:<USER> /password:'<PASSWORD>' /enctype:AES256 /domain:<DOMAIN> /dc:<DC> /ptt /nowrap

Sample Output:
TO-DO
# Check
klist

Sample Output:
TO-DO

2. PSSession

# Create new pssession
New-PSSession -ComputerName <COMPUTER_NAME>

Sample Output:
TO-DO
# Enter pssession
Enter-PSSession -Id 1

Sample Output:
TO-DO

1. Set trusted hosts

# cmd
winrm quickconfig

Sample Output:
TO-DO
winrm set winrm/config/client @{TrustedHosts="*"}

Sample Output:
TO-DO
# powershell
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

Sample Output:
TO-DO

2. Enable CredSSP

# powershell
Enable-WSManCredSSP -Role "Client" -DelegateComputer "*"

Sample Output:
TO-DO

3. Create cred object

$username = '<DOMAIN>\<USER>'

Sample Output:
TO-DO
$password = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force

Sample Output:
TO-DO
$cred = New-Object System.Management.Automation.PSCredential($username, $password)

Sample Output:
TO-DO

4. PSSession

$s1 = New-PSSession -ComputerName <COMPUTER_NAME> -Credential $cred

Sample Output:
TO-DO
Enter-PSSession $s1

Sample Output:
TO-DO

Copy Files Between Remote and Local

Exit-PSSession

Sample Output:
TO-DO
# Local to Remote
Copy-Item '<LOCAL_FILE_PATH>' -Destination '<REMOTE_FILE_PATH>' -ToSession $s1

Sample Output:
TO-DO
# Remote to Local
Copy-Item '<REMOTE_FILE_PATH>' -Destination '<LOCAL_FILE_PATH>' -FromSession $s1

Sample Output:
TO-DO