evil-winrm
evil-winrm
is used to take advantage of machines with port 5985 or 5986 open which is Powershell Remoting.This will provide shell level access to the machine with the user account that you have compromised.
You can auth either with a hash or password
Supports SSL
Usage
Connect with pass the hash attack
Password Authentication:
evil-winrm Docker
I have had issues with
evil-winrm
running properly on non kali Linux distros such as Ubuntu.One simple work around is to pull a Kali Docker image and utilize that
copy files from host into evil-winrm docker container
evil-winrm Service enumeration
you can use a builtin from evil-winrm to enumerate services on a remote endpoint
evil-winrm file upload
use the builtin for evil-winrm to upload files from your attackbox to the remote host
WinRM Implant Execution
start your implant in the background so if your evil-winrm shell dies your implant will continue to run
Last updated