# Windows Remote Management

Adversaries may use Valid Accounts to interact with remote systems using Windows Remote Management (WinRM). The adversary may then perform actions as the logged-on user.

WinRM is the name of both a Windows service and a protocol that allows a user to interact with a remote system(e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell.

**Example**

Here we have a technique that will allow us to lateral move onto a different machine using he WinRM service, this can be easily taken advantage with the use of PowerShell

We can verify if this is available on our target with the **Test-WsMan** Cmdlet

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRl2aBIevMjzW-zNdYE%2F-MRl2jREvqJTfXE8Uqe_%2Fimage.png?alt=media\&token=70feb495-dc74-4444-a3bb-22479935d175)

**Usually Administrators can log in to a workstation where they have administrator privileges or sometimes we can find users that have this privileges as well.**

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRl2aBIevMjzW-zNdYE%2F-MRl2in4F-7Lumxs7dRZ%2Fimage.png?alt=media\&token=4f7f0821-5959-4877-8a19-03328caa41d9)

Now will remote onto the target machine, assuming  we have credentials

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRl2aBIevMjzW-zNdYE%2F-MRl2kNY9DbGun_fata0%2Fimage.png?alt=media\&token=7913b228-3ca5-4e76-bac7-160fb8798137)

And Login successfully

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRl2aBIevMjzW-zNdYE%2F-MRl2lHcACETfdaTLd2W%2Fimage.png?alt=media\&token=647a4020-731b-4b70-9200-9f5f6b97d180)