Execute PowerShell commands via WMI using Crackmapexec

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. In this TTP, we utilize Crackmapexec to execute powershell commands on a windows host.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my host protected against Crackmapexec?


Deploy Crackmapexec to dump SAM and LSA and execute system commands