ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Remote Command Syntax
  • PS Sessions
  • Commands with Remote Options

Was this helpful?

  1. Windows
  2. System Ops

Remote Command Execution

Remote Command Syntax

PsExec \\<RemoteComputerName> cmd.exe /c <command>

PsExec (Sysinternals) allows you to execute processes remotely.

psexec \\RemoteComputerName ipconfig

Example

psexec \\RemoteComputerName -u Username -p Password cmd.exe /c CommandToRun

PsExec with explicit credentials.

Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { CommandToRun }

PowerShell cmdlet

Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { Get-Process }

Example

Invoke-Expression

Not intended for remote execution, but can with the necessary permissions.

mstsc /v:RemoteComputerName

The Remote Desktop Command (mstsc) (GUI App, but does command open GUI?)

WinRS -r:RemoteComputerName <command>

Windows Remote Shell (WinRS)

winrs -r:http://RemoteComputerName <command>

Example

ssh username@RemoteComputerName CommandToRun

SSH

Enter-PSSession -ComputerName RemoteComputerName

Start interactive session with a remote computer.

Invoke-Expression -Command "Enter-PSSession -ComputerName RemoteComputerName"

Example

wmic /node:"RemoteComputerName" process call create "<command>"

WMIC.

wmic /node:"RemoteComputerName" process list

Example

wmic /node:"RemoteComputerName" os get caption

Another Example

sc \\RemoteComputerName start ServiceName

Remote service start.

Example:

Get-Hotfix -ComputerName win10 -Credential administrator (prompt for PW)
$c = Get-Credential -UserName "win10\user" -Message:"Enter password:"
Get-Hotfix -ComputerName win10 -Credential $c
Get-Hotfix -computername win10 -credential $c | where {$_.Description -match "Security"}

PS Sessions

  1. Establish Creds

$cred = Get-Credential -UserName "win7\User"  -Message:"Enter password:"

  1. Issue Remote Command

Get-Hotfix -ComputerName win7 -Credential $cred

  1. Establish PSSession

$session 7 = New-PSSession -computername win7 -Credentail $cred

4A) Enter Commands to PSSession

Invoke-Command -session $session7 {get-process}

4B) Interactively Control

` Enter-PSSession -session7 $session7
Get-Process
Get-Service | Where {$_.Status -like "Running"
Exit-PSSession

Commands with Remote Options

reg /s "C:\Path\To\Your\RegistryFile.reg"

/sparameter to import registry changes remotely by specifying the remote computer's registry path.

reg import \\RemoteComputerName\Share\RegistryFile.reg

Remote registry import

sc \\RemoteComputerName stop "ServiceName"

Allows you to manage and configure Windows services on remote computers.

sc \\RemoteComputerName query

Query services on remote computers.

netsh -r RemoteComputerName interface show interface

You can use netshto configure network settings on remote Windows systems if you have appropriate permissions.

tasklist /s RemoteComputerName

The tasklistcommand with the /sparameter allows you to list running processes on a remote computer.

query user /server

Displays information about user sessions on a remote server.

query process /server

Lists processes running on a remote server.

gpupdate /target:computer /force

Forces a remote update of Group Policy settings on a computer.

wmic /node /output

Allows you to run a specific command on multiple remote computers and save the output to a file.

taskkill /s

Terminates processes on a remote computer specified by its name or IP.

ssh username@RemoteComputerName "ls"

Run remote command

Allows you to schedule tasks remotely on other Windows computers:

schtasks /create /s RemoteComputerName /tn "MyTask" /tr "C:\MyScript.bat" /sc daily /st 08:00
PreviousStored CredentialsNextActive Directory

Last updated 1 year ago

Was this helpful?

🪟