search
githubEdit

TCP 5985: WinRM

WinRM is Microsoft's implementation of WS-Management in Windows which allows systems to access or exchange management information across a common network.

-- Wikipediaarrow-up-right

hashtag
PSSession

Enter-PSSession -ComputerName <hostname> -Credential <username>

hashtag
Evil-WinRM

The ultimate WinRM shell for hacking/pentesting GitHub - Hackplayers/evil-winrmarrow-up-right

Password

evil-winrm -i <ip> -u <user> -p <pw> -s <script-path> -e <binary-path>

PtH

evil-winrm -i <ip> -u <user> -H <nt-hash> -s <script-path> -e <binary-path>

hashtag
Using mimikatz

As mimikatz is not working fully interactively in this environment, we can just issue single commands.

./mimikatz.exe "<command>" "exit"
PreviousTCP 3389: RDPNextTCP 6379: Redis

Last updated