ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Enable/Disable Remoting
  • Security Descriptor
  • Authentication
  • Encrypted Traffic
  • Firewall
  • TrustedHosts

Was this helpful?

  1. Windows
  2. System Ops
  3. Security
  4. Remoting

Modify

Enable/Disable Remoting

Enable-PSRemoting -Force

Enables PowerShell remoting on the computer, configuring it to receive remote commands securely.

Disable-PSRemoting -Force

Disables PowerShell remoting, preventing the computer from receiving remote commands.

Set-WSManQuickConfig -Force

Configures the computer to use Windows Remote Management (WinRM) with default settings, including security settings.

Security Descriptor

Modifies the security descriptor of the default PowerShell session configuration, launching a UI to edit permissions.

Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI

Authentication

Enables Basic authentication for the WinRM service.

winrm set winrm/config/service/Auth '@{Basic="true"}'

Enables Credential Security Support Provider (CredSSP) authentication for the WinRM client.

winrm set winrm/config/client/Auth '@{CredSSP="true"}'

Encrypted Traffic

Disables the allowance of unencrypted traffic for the WinRM service using PowerShell.

Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $false

Toggle unencrypted communication for WinRM service and WinRM client, enforcing encrypted traffic:

Set-WSManInstance -ResourceURI winrm/config/service -ValueSet @{AllowUnencrypted="false"}
Set-WSManInstance -ResourceURI winrm/config/client -ValueSet @{AllowUnencrypted="false"}

Disables unencrypted traffic for WinRM at the registry level, enhancing security:

Set-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 0

Firewall

Creates a new firewall rule to allow inbound connections on port 5986 for WinRM over HTTPS, increasing security:

New-NetFirewallRule -DisplayName "WinRM HTTPS" -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow

Removes firewall rules for WinRM HTTP traffic, enhancing security by disallowing unencrypted remote management traffic.

Remove-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)"

Enables the firewall rule for inbound RDP connections, controlling access security:

Set-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)" -Enabled True

TrustedHosts

Adding a single item to TrustedHosts:

Set-Item WSMan:\\localhost\\Client\\TrustedHosts -Value "Server01"

Adding multiple items:

Set-Item WSMan:\\localhost\\Client\\TrustedHosts -Value "Server01,Server02,127.0.0.1"

Appends the Value instead of changing it:

Set-Item WSMan:\\localhost\\Client\\TrustedHosts -Value "Server03" -Concatenate

Configures the WinRM client to trust specific hosts, enhancing security by limiting remote connections.

Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "hostname1,hostname2"
PreviousEnumerateNextRegistry Locations

Last updated 1 year ago

Was this helpful?

🪟