.. / winrm.cmd

Windows Remote Management


Functions:
Type:
Toolsets:

Processes

Check process details

winrm.vbs get wmicimv2/Win32_Process?Handle=3456 -r:W10.ad.bitsadmin.com
Usecase
Reconnaissance on running processes

Mitre Att&ck

Execute

Lauch process

winrm.vbs invoke Create wmicimv2/Win32_Process -r:W10.ad.bitsadmin.com @{CommandLine="notepad.exe";CurrentDirectory="C:\"}
Usecase
After having copied an implant over SMB, launch it

Mitre Att&ck



Updated: 2023-07-01
Contributor: Arris Huijgen (bitsadmin)