Windows Remote Management (WinRM:5985 or 5986 if with HTTPS) can be used to facilitate remote access with Windows systems over HTTP(S).
WinRM is used in this ways:
- Remotely access and interact with Windows hosts on a local network.
- Remotely execute commands on Windows systems.
- Manage and Configure Windows systems remotely.
crackmapexec tool:
[[crackmapexec]] Performs a brute-force on WinRM in order to identify users and their passwords as well as execute commands on the target system.
- Can also be used against WinRM, MSSQL, SMB, SSH.
evil-winrm
How to install it: https://medium.com/@josicaleksandar981/how-to-install-and-use-evil-winrm-in-kali-linux-db7b73280ac3
:LiGithub: https://github.com/Hackplayers/evil-winrm :LiGithub:
Is a ruby script that can be used to obtain a command shell session on the target system.
Example: evil-winrm.rb -u administrator -p 'tinkerbell' -i <ip> ==> This will automatically provide us with a command shell.
#MSF modules:
auxiliary/scanner/winrm/winrm_loginauxiliary/scanner/winrm/winrm_auth_methodsexploit/windows/winrm/winrm_script_exec# change FORCE_VBS option to true idk why???