Using Credentials

Most methods within PsMapExec supports using various credential material.


This switch allows for the current user context to be used across authentication. Its not really required as PsMapExec should determine if this should be in use anyway.

PsMapExec -Targets All -Method WMI -CurrentUser -Command ps


A base64 encoded Kerberos ticket can be supplied to the -Ticket parameter either directly into the console or can be loaded from file.

the username switch does not need to be provided as a valid kerberos ticket will contain the intended username for the ticket anyway.

PsMapExec -Targets All -Method WMI -Ticket "doIhsj..."
PsMapExec -Targets All -Method WinRM -Ticket "C:\ticket.txt"

Username and Hash

A username and hash combination can also be provided for authentication. The following hashes are currently accepted:

  • RC4 / NT

  • NTLM

  • AES256 HMAC

PsMapExec -Targets All -Method WMI  -Command "net user" -Username [User] -Hash [Hash]

Username and Password

Of course a traditional username and password combination is also supported. If the provided password contains a "$" ensure the password is wrapped in single quotes.

PsMapExec -Targets All -Method WinRM -Username [User] -Password [Password]

Local Authentication

Currently, the switch -LocalAuth is only supported across the following methods:

  • WMI

  • RDP

  • MSSQL (MSSQL SQL Server authentication)

Local authentication currently only supports a username and password combination.

PsMapExec -Targets All -Method WMI -LocalAuth -Username [User] -Password [Password]

PsMapExec -Targets All -Method MSSQL -LocalAuth -Username sa -Password sa

PsMapExec -Targets All -Method RDP -LocalAuth -Username [User] -Password [Password]

Last updated