WinRM

ABOUT

Windows Remote Management (WinRM) is a simple Windows integrated remote management protocol based on the command line. WinRM uses the Simple Object Access Protocol (SOAP) to establish connections to remote hosts and their applications. WinRM relies on TCP ports 5985 and 5986 for communication, with the last port 5986 using HTTPS. Services like remote sessions using PowerShell and event log merging require WinRM.

Nmap WinRM

nmap -sV -sC 13.13.13.13 -p5985,5986 --disable-arp-ping -n

Evil-WinRM

evil-winrm -i 13.13.13.13 -u venator17 -p S3cr3t!

CrackMapExec

crackmapexec winrm 13.13.13.13 -u user.list -p passwor

PowerShell

PS C:\> $password = ConvertTo-SecureString "password123" -AsPlainText -Force
PS C:\> $cred = new-object System.Management.Automation.PSCredential ("MILITECH\sreed", $password)
PS C:\> Enter-PSSession -ComputerName MILITECH-MS13 -Credential $cred

PreviousR-Services NextWMI