TCP 5985: WinRM

WinRM is Microsoft's implementation of WS-Management in Windows which allows systems to access or exchange management information across a common network.
-- Wikipedia

PSSession

Enter-PSSession -ComputerName <hostname> -Credential <username>

Evil-WinRM

The ultimate WinRM shell for hacking/pentesting GitHub - Hackplayers/evil-winrm

Password

evil-winrm -i <ip> -u <user> -p <pw> -s <script-path> -e <binary-path>

PtH

evil-winrm -i <ip> -u <user> -H <nt-hash> -s <script-path> -e <binary-path>

Using mimikatz

As mimikatz is not working fully interactively in this environment, we can just issue single commands.

./mimikatz.exe "<command>" "exit"

PreviousTCP 3389: RDP NextTCP 6379: Redis

Last updated 3 years ago