Note: Some of these commands may not work due to firewalls/restrictions in place on the remote machine. Be sure to verify the appropriate services are enabled and permissions are set.
SMB Access
Use this command to map a remote share as a network drive; You will be prompted for credentials
net use x: \\192.168.1.118\c$
Use this command to remove your mapped network drive
net use x: /delete
Use this command to map the network drive, but include credentials in a single command
net use x: \\192.168.1.118\c$ password /user:username
WMI Access
Use this command to verify you have access to WMI on the remote machine
wmic /node:"192.168.1.118" /user:user /password:password bios
I did not know of a way via command line to test registry access, so I chose to use the example of connecting to a remote registry via regedit.exe
Launch regedit.exe
Click File > Connect Network Registry
Enter in the hostname or IP Address of the remote machine and click OK
You will be prompted for a username and password
Once authenticated, you will now see the remote machine as a separate node in your registry editor. Navigate around to verify you can view registry keys.
Verify account is in admin group
Aside from launching a Computer Management console (compmgmt.msc) and connecting to the remote machine, here is another WMIC command that will enumerate the users and groups. I added a piped find to look for any line with "Administrators" to single out the Administrators group.
wmic /node:"192.168.1.118" /user:username /password:password path win32_groupuser | find /i "Administrators"
No comments:
Post a Comment