HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

evil-winrm — Windows Remote Management (WinRM) shell for pentesting. Once connected, we get a PowerShell prompt o

Submitted by: @import:tldr-pages··
0
Viewed 0 times
clitldrevil-winrmcommand-line
managementshellcommandwindowswinrmclievil-winrmremote

Problem

How to use the evil-winrm command: Windows Remote Management (WinRM) shell for pentesting. Once connected, we get a PowerShell prompt on the target host. More information: <https://github.com/Hackplayers/evil-winrm>.

Solution

evil-winrm — Windows Remote Management (WinRM) shell for pentesting. Once connected, we get a PowerShell prompt on the target host. More information: <https://github.com/Hackplayers/evil-winrm>.

Connect to a host and start an interactive session:
evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}}


Connect to a host using pass-the-hash authentication instead of a password:
evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-H|--hash]}} {{nt_hash}}


Connect to a host, specifying directories for PowerShell scripts and executables:
evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-s|--scripts]}} {{path/to/scripts}} {{[-e|--executables]}} {{path/to/executables}}


Connect to a host, using SSL:
evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-S|--ssl]}} {{[-c|--pub-key]}} {{path/to/pubkey}} {{[-k|--priv-key]}} {{path/to/privkey}}


[Interactive] Upload a file to the host:
upload {{path/to/local_file}} {{path/to/remote_file}}


[Interactive] List all loaded PowerShell functions:
menu


[Interactive] Load a PowerShell script from the --scripts directory:
{{script.ps1}}


[Interactive] Invoke a binary on the host from the --executables directory:
Invoke-Binary {{binary.exe}}

Code Snippets

Connect to a host and start an interactive session

evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}}

Connect to a host using pass-the-hash authentication instead of a password

evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-H|--hash]}} {{nt_hash}}

Connect to a host, specifying directories for PowerShell scripts and executables

evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-s|--scripts]}} {{path/to/scripts}} {{[-e|--executables]}} {{path/to/executables}}

Connect to a host, using SSL

evil-winrm {{[-i|--ip]}} {{ip_address}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-S|--ssl]}} {{[-c|--pub-key]}} {{path/to/pubkey}} {{[-k|--priv-key]}} {{path/to/privkey}}

[Interactive] Upload a file to the host

upload {{path/to/local_file}} {{path/to/remote_file}}

Context

tldr-pages: common/evil-winrm

Revisions (0)

No revisions yet.