An attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck – Force. What tool is being enabled using this command?

  • Post author:
  • Post category:Blog
  • Reading time:1 mins read
  • Post last modified:June 12, 2024

An attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck – Force. What tool is being enabled using this command?

  • WinRM
  • BloodHound
  • PsExec
  • WMImplant

Explanation & Hint:

WinRM can be useful for post-exploitation activities. An attacker could enable WinRM to allow further connections to the compromised systems. It can easily be enabled on a Windows system by using the Enable-PSRemoting -SkipNetworkProfileCheck – Force command. This command configures the WinRM service to start automatically and sets up a firewall rule to allow inbound connections to the compromised system.

For more Questions and Answers:

8.3.3 Quiz – Performing Post-Exploitation Techniques Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments