🕺WinRM
Introduction to WinRM:
Windows Remote Management (WinRM) is a management protocol introduced by Microsoft to enable remote management of Windows systems over HTTP(S). It allows administrators to remotely execute commands, scripts, and PowerShell cmdlets, as well as access management information on remote Windows machines. WinRM operates using the SOAP (Simple Object Access Protocol) over HTTP(S) and relies on the Windows Remote Management Service.
Introduction to Evil-WinRM:
Evil-WinRM is a tool designed for penetration testing and red teaming purposes. It leverages WinRM to provide an interactive shell-like interface to interact with Windows machines remotely. Evil-WinRM is particularly useful for gaining foothold access to Windows systems during penetration testing engagements or security assessments.
Interacting with Evil-WinRM:
more connection templates for Evil-WinRM that you can use:
Basic Authentication:
NTLM Authentication:
Replace
HASHwith the NTLM hash of the user's password.Kerberos Authentication:
This command uses the current user's Kerberos ticket for authentication.
Password Prompt:
This will prompt you to enter the password securely without displaying it in the command line.
Use SSL:
This command establishes an encrypted SSL connection.
Specify Target Port:
Replace
PORTwith the specific port number where the WinRM service is running if it's different from the default port (5985).Specify Domain:
Replace
DOMAINwith the domain name if you're targeting a domain user.No SSL Certificate Validation:
This command disables SSL certificate validation. Use with caution, as it can expose you to man-in-the-middle attacks.
Connection Timeout:
Replace
TIMEOUT_SECONDSwith the desired timeout duration in seconds.Verbose Mode:
This command enables verbose mode, providing more detailed output for troubleshooting.
Last updated
