Powershell For Penetration Testing : Part 5


Based on Winrm

must Enable PS_remoting

set PSSESSION permission

set Windows firewall for run set- command

enable remoting required ADMIN


PSSESSION permission required ADMIN

set-PSSessionConfiguration -Name Microsoft.Powershell -ShowSecurityDescriporUI

Enter in computer session

Enter-PSSession -ComputerName Client02

Display trusted hosts

get-item WSMAN:\localhost\Client\TrustedHosts

set trusted hosts

set-item WSMAN:\localhost\Client\TrustedHosts -Value [* | Computername]

get firewall rule

get-NetFirewallrule | where DisplayName -Like "*windows management Tnstumentation*" | select Displayname, name, enable

set firewall rule

get-NetFirewallrule | where DisplayName -Like "*windows management Tnstumentation*" | set-NetFirewallrule -Enable True -Verbose


gcm *-PSSession*
Enter-PSSESSIon -Computername $computername
get-service -Comp $computername | select name ,status
EXIT # exit from that session

Invoke command run script remotely or run a block

help invoke-command -example
invoke-command -computername $computername -ScriptBlock {get-service | select name,status} | out-file service.txt #run block

cimsession same as pSSession use when module or set of cmdlet like dnsclient

get-DNSClientServerAddress -CimSession (New-CimSession -compuername $computername) # '()' use for nested command and this command giving DNS information

Happy Hacking … ;)




Developer , Pentester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Data-oriented design is more than just performance

JUnit 5 parameterized feature

firebase android

Date and Time in Java

Forensics — Tryhackme

Everything Needs Design, Even Codes.

What’s coming in Python 3.8

Today, I will show you Laravel 8 Toastr Notifications Example.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Developer , Pentester

More from Medium

Dirty Pipe: CVE-2022–0847 Tryhackme Writeup

NMAP commands

Tryhackme Git Happens

Command Challenge (bash)