Execute PowerShell commands via WMI using Crackmapexec

/static/assets/terminal-logo.svg/static/assets/windows-logo.svg
Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. In this TTP, we utilize Crackmapexec to execute powershell commands on a windows host.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my host protected against Crackmapexec?

2023-02-07

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy Crackmapexec to dump SAM and LSA and execute system commands