From 0b4f5233af021a4a67e92caac597224c296ee9cf Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 6 Apr 2020 12:59:55 +0200 Subject: [PATCH] evil-winrm: add page (#3956) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Zlatan Vasović --- pages/common/evil-winrm.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 pages/common/evil-winrm.md diff --git a/pages/common/evil-winrm.md b/pages/common/evil-winrm.md new file mode 100644 index 000000000..08bd80c6a --- /dev/null +++ b/pages/common/evil-winrm.md @@ -0,0 +1,37 @@ +# evil-winrm + +> Windows Remote Management (WinRM) shell for pentesting. +> Once connected, we get a PowerShell prompt on the target host. +> More information: . + +- Connect to a host: + +`evil-winrm --ip {{ip}} --user {{user}} --password {{password}}` + +- Connect to a host, passing the password hash: + +`evil-winrm --ip {{ip}} --user {{user}} --hash {{nt_hash}}` + +- Connect to a host, specifying folders for scripts and executables: + +`evil-winrm --ip {{ip}} --user {{user}} --password {{password}} --scripts {{path/to/scripts}} --executables {{path/to/executables}}` + +- Connect to a host, using SSL: + +`evil-winrm --ip {{ip}} --user {{user}} --password {{password}} --ssl --pub-key {{path/to/pubkey}} --priv-key {{path/to/privkey}}` + +- Upload a file to the host: + +`PS > upload {{path/to/local/file}} {{path/to/remote/file}}` + +- Get a list of loaded PowerShell functions: + +`PS > menu` + +- Load a PowerShell script from the `--scripts` folder: + +`PS > {{script.ps1}}` + +- Invoke a binary on the host from the `--executables` folder: + +`PS > Invoke-Binary {{binary.exe}}`