PowerShell Remoting (PS Remote)
Overview
Windows PowerShell Remoting. Using the WS-Management protocol, Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers.
Authentication
The following list contains a list of what occurs when a script or application runs under the default credentials:
Kerberos is the default method of authentication when the client is in a domain and the remote destination string is not one of the following: localhost, 127.0.0.1, or [::1].
Negotiate is the default method when the client is not in a domain, but the remote destination string is one of the following: localhost, 127.0.0.1, or [::1].
Specifying credentials
Credentials through PowerShell
Get-Credentials
Will popup a promtp to enter user credentials
Trusted hosts
Windows by default has an empty TrustedHosts list, a list that contains those remote computers (hosts) that you can remotely manage from a client without authentication.
To run PowerShell commands on a device from a remote computer, we have to add the remote machine to the trusted hosts list of the host machine.
Lazy: Allow all
Specify a host
Enumerating for WinRM administrator access
Get all AD computers
Check for administrator access
Command examples
Connecting to remote host
One-to-one remoting
If you want your remote session to be interactive, then one-to-one remoting is what you want. This type of remoting is provided via the
Enter-PSSession
cmdlet.
One-to-many remoting
Sometimes you may need to perform a task interactively on a remote computer. But remoting is much more powerful when performing a task on multiple remote computers at the same time. Use the
Invoke-Command
cmdlet to run a command against one or more remote computers at the same time.
PowerShell Sessions
Similar to the CIM sessions, a PowerShell session to a remote computer can be used to run multiple commands against the remote computer without the overhead of a new session for each individual command.
Now we can the variable $session
to run persist commands.
When you finish remove the sessions
Executing script on remote host/s
File transfer
Downloading a file over PS Remote from remote machine
Upload a file over PS Remote to remote machine
Using WinRM on Kali PowerShell
Installing PowerShell on Kali
Enter into PowerShell and install PSWSMan
Common problems
Problem: Error message about unspecified GSS failure
Enter-PSSession : Connecting to remote server xxx.xxx.xxx.xxx failed with the following error message : acquiring creds with username only failed Unspecified GSS failure. Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.
Problem: Error message about access denied connecting with NTLM
Enter-PSSession : MI_RESULT_ACCESS_DENIED
Solution: Make sure to use -Authentication Negotiate even if this isn’t necessary when remoting from a Windows client.
References
Last updated