Using evil-WINRM Tool

This Tool is allowed in OSCP Exam.

To Check Allowed Tools Click Here.

# Check if winrm port is open and allowed to access.
# You can use nmae to confirm if port is open or not.
nmap -p 5985,5986 $IP

# If Port is open then you can confirm that for the username and credential you are allowed to login or not. If you get "pwned" THEN you are allowed to login.
netexec winrm $IP -u $UserName -p '$Password' --continue-on-success

# Normal Login with Credential
evil-winrm -i $IP -u $UserName -p '$Password'

# Using Hash
evil-winrm -i $IP -u $UserName -H $LMHash:$NTLMHash

PreviousUsing runas Command NextUsing SMBClient

Last updated 10 months ago