With Domain Creds
Run SharpHound remotely with creds
This can be used to run any binary or powershell script remotely e.g. invoke-mimikatz
# Switch to a world writable directory so we have permission to write files to disk cd \windows\tasks # the netonly command means creds are only used for network access runas /netonly /user:lab.local\administrator cmd.exe # verify we are using the correct creds using net view \\WIN-8K30QDLT1AP.lab.local\ # run bloodhound remotely, pass -d argument to specify the domain name C:\tools\SharpHound-v1.0.4\SharpHound.exe -d "lab.local"
Run PowerView remotely with creds
Setup the credentials object