evil-winrm
Evil-winrm is a command line tool specifically designed for post-exploitation on a Windows system. It aims to provide a convenient way to access and interact with Windows machines during penetration testing or red teaming activities.
Some key features of evil-winrm are:
-
Remote shell access: Evil-winrm allows you to establish a remote shell session on a target Windows machine using the WinRM (Windows Remote Management) protocol. It utilizes Windows authentication methods like NTLM, Kerberos, and Negotiate for secure remote access.
-
Command execution: Once a shell session is established, evil-winrm enables you to execute commands on the remote machine, giving you a wide range of capabilities to explore the system, gather information, or perform various actions.
-
File transfer: Evil-winrm allows you to transfer files to and from the remote machine using the built-in file transfer functionality. This can be useful for uploading or downloading tools, scripts, or other files needed for further exploitation or data exfiltration.
-
Enumeration and privilege escalation: The tool provides additional functionalities to aid in enumeration and privilege escalation on the target system. It allows you to retrieve system information, enumerate local users and groups, access the Windows registry, and perform other reconnaissance tasks.
-
Integration with Metasploit: Evil-winrm can be seamlessly integrated with the Metasploit Framework, a popular penetration testing toolkit. This integration allows you to leverage Metasploit's extensive collection of exploits and modules, making the exploitation and post-exploitation process more efficient.
Evil-winrm is a powerful tool in the hands of security professionals, helping them assess the security of Windows environments and identify potential vulnerabilities. However, it's essential to use it responsibly and for authorized purposes only.
List of commands for evil-winrm:
-
evil-winrm:tldr:056b3 evil-winrm: Connect to a host, passing the password hash.$ evil-winrm --ip ${ip} --user ${user} --hash ${nt_hash}try on your machineexplain this command
-
evil-winrm:tldr:08f7d evil-winrm: Connect to a host, using SSL.$ evil-winrm --ip ${ip} --user ${user} --password ${password} --ssl --pub-key ${path-to-pubkey} --priv-key ${path-to-privkey}try on your machineexplain this command
-
evil-winrm:tldr:6a6cb evil-winrm: Connect to a host, specifying directories for scripts and executables.$ evil-winrm --ip ${ip} --user ${user} --password ${password} --scripts ${path-to-scripts} --executables ${path-to-executables}try on your machineexplain this command
-
evil-winrm:tldr:c27c4 evil-winrm: Connect to a host.$ evil-winrm --ip ${ip} --user ${user} --password ${password}try on your machineexplain this command