Remoting

Remote Command Execution SMB|WMI|WinRM

The Remoting command in Amnesiac serves as a powerful utility that allows users to load and utilize two essential tools, Invoke-SMBRemoting and Invoke-WMIRemoting. These tools provide users with the capability to execute commands on remote systems and retrieve outputs, enabling efficient and flexible interaction with target machines.

Invoke-SMBRemoting utilizes the SMB (Server Message Block) protocol to establish a connection with the target machine. It communicates with the target using Named Pipes.

Invoke-WMIRemoting leverages the WMI (Windows Management Instrumentation) protocol for remote command execution. Unlike Invoke-SMBRemoting, Invoke-WMIRemoting offers the flexibility to use a specified set of credentials for command execution.

It's essential to note that both scripts require administrator privileges over the target system to work effectively.

Loading and Usage

To load the Invoke-SMBRemoting and Invoke-WMIRemoting tools, simply enter the Remoting command in Amnesiac. This command not only loads the tools but also provides detailed usage information, ensuring users have clear instructions on how to employ them effectively.

Command Shortcuts

After loading the tools with the "Remoting" command, users gain access to convenient shortcuts for executing commands on target machines:

  • SMBRemoting <fqdn> <cmd>: This shortcut allows users to run a command on a target machine using Invoke-SMBRemoting. It executes the command as the current user.

  • WMIRemoting <fqdn> <cmd>: This shortcut enables users to run a command on a target machine using Invoke-WMIRemoting. Similar to SMBRemoting, it executes the command as the current user.

Important Considerations

To prevent potential issues and session crashes, users should avoid running commands as local users (e.g., nt authority\system) without specifying credentials (WMI only). Additionally, it's advisable not to set the current host as the target when using WMI.

In summary, the "Remoting" command in Amnesiac equips users with the capabilities of Invoke-SMBRemoting and Invoke-WMIRemoting, allowing for efficient remote command execution on target machines. Users can choose between these tools based on their specific needs and can leverage credential support with Invoke-WMIRemoting for enhanced security and control. Be mindful of user privileges and potential pitfalls to ensure successful and reliable remote interactions.

Last updated