evil-winrm
Windows Remote Management (WinRM) shell for pentesting. Once connected, we get a PowerShell prompt on the target host. More information: https://github.com/Hackplayers/evil-winrm.
- Connect to a host:
evil-winrm --ip
ip --user
user --password
password
- Connect to a host, passing the password hash:
evil-winrm --ip
ip --user
user --hash
nt_hash
- Connect to a host, specifying directories for scripts and executables:
evil-winrm --ip
ip --user
user --password
password --scripts
path/to/scripts --executables
path/to/executables
- Connect to a host, using SSL:
evil-winrm --ip
ip --user
user --password
password --ssl --pub-key
path/to/pubkey --priv-key
path/to/privkey
- Upload a file to the host:
PS > upload
path/to/local/file
path/to/remote/file
- List all loaded PowerShell functions:
PS > menu
- Load a PowerShell script from the
--scripts
directory:
PS >
script.ps1
- Invoke a binary on the host from the
--executables
directory:
PS > Invoke-Binary
binary.exe