Requirements

  • Ports: 5985/TCP (WinRM HTTP) or 5986/TCP (WinRM HTTPS)
  • Required Group Memberships (on remote host): Remote Management Users, or local Administrator/Domain Admins

WinRM (Windows Remote Management) is enabled by default on most Windows installations.

To initiate session on the command prompt:

winrs.exe -u:Administrator -p:Mypass123 -r:target cmd

We can achieve the same from Powershell with a PSCredential object:

# Once we have the PSCredential object:
Enter-PSSession -Computername TARGET -Credential $pscredential
# === OR ===
Invoke-Command -Computername TARGET -Credential $pscredential -ScriptBlock {whoami}