Closed vector-sigma closed 9 years ago
So you might be running into the KB2871997 patch (http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/) for a local admin account, not sure why a DA would produce the same issue. The 'access denied' error implies that the WMI method execution itself is being denied from the machine for some reason.
Try starting a new process as the DA with runas, then try running- Invoke-WmiMethod -ComputerName "192.168.1.100" -Path Win32_process -Name create -ArgumentList "cmd.exe"
What's the error that comes back from that?
I'm running with a local admin account, also tried a DA account, and using the hostname vs an IP address. Specifying the domain name with the user name also returned the same error. My target host is windows 7, PS ver 3, no host Firewall
Invoke-WmiMethod - Remote - 0x80070005 (E_ACCESSDENIED) on technet