evil-winrm

Windows Remote Management (WinRM) shell for pentesting.

Once connected, we get a PowerShell prompt on the target host.

• Connect to a host:

evil-winrm --ip {ip} --user {user} --password {password}

• Connect to a host, passing the password hash:

evil-winrm --ip {ip} --user {user} --hash {nt_hash}

• Connect to a host, specifying directories for scripts and executables:

evil-winrm --ip {ip} --user {user} --password {password} --scripts {path/to/scripts} --executables {path/to/executables}

• Connect to a host, using SSL:

evil-winrm --ip {ip} --user {user} --password {password} --ssl --pub-key {path/to/pubkey} --priv-key {path/to/privkey}

• Upload a file to the host:

PS > upload {path/to/local/file} {path/to/remote/file}

• Get a list of loaded PowerShell functions:

PS > menu

• Load a PowerShell script from the `--scripts` directory:

PS > {script.ps1}

• Invoke a binary on the host from the `--executables` directory:

PS > Invoke-Binary {binary.exe}

Copyright © 2014—present the tldr-pages team and contributors.

This work is licensed under the Creative Commons Attribution 4.0 International License (CC-BY).