WinRM

ABOUT

Windows Remote Management (WinRM) is a simple Windows integrated remote management protocol based on the command line. WinRM uses the Simple Object Access Protocol (SOAP) to establish connections to remote hosts and their applications. WinRM relies on TCP ports 5985 and 5986 for communication, with the last port 5986 using HTTPS. Services like remote sessions using PowerShell and event log merging require WinRM.

Nmap WinRM

nmap -sV -sC 13.13.13.13 -p5985,5986 --disable-arp-ping -n

Evil-WinRM

evil-winrm -i 13.13.13.13 -u rio -p rio@123!

CrackMapExec

crackmapexec winrm 13.13.13.13 -u user.list -p password

PowerShell

PS C:\> $password = ConvertTo-SecureString "password123" -AsPlainText -Force
PS C:\> $cred = new-object System.Management.Automation.PSCredential ("RIOTECH\sreed", $password)
PS C:\> Enter-PSSession -ComputerName RIOTECH-MS13 -Credential $cred

PreviousR-Services NextLDAP

Last updated 5 months ago

hashtagABOUT

hashtagNmap WinRM

hashtagEvil-WinRM

hashtagCrackMapExec

hashtagPowerShell

ABOUT

Nmap WinRM

Evil-WinRM

CrackMapExec

PowerShell