15-WinRM (5985,5986)

Windows Remote Management (WinRM:5985 or 5986 if with HTTPS) can be used to facilitate remote access with Windows systems over HTTP(S).

WinRM is used in this ways:

• Remotely access and interact with Windows hosts on a local network.
• Remotely execute commands on Windows systems.
• Manage and Configure Windows systems remotely.

crackmapexec tool:

crackmapexec Performs a brute-force on WinRM in order to identify users and their passwords as well as execute commands on the target system.

• Can also be used against WinRM, MSSQL, SMB, SSH.

evil-winrm

How to install it: https://medium.com/@josicaleksandar981/how-to-install-and-use-evil-winrm-in-kali-linux-db7b73280ac3

:LiGithub: https://github.com/Hackplayers/evil-winrm :LiGithub:

Is a ruby script that can be used to obtain a command shell session on the target system.
Example: evil-winrm.rb -u administrator -p 'tinkerbell' -i <ip> ==> This will automatically provide us with a command shell.

#MSF modules:

• auxiliary/scanner/winrm/winrm_login
• auxiliary/scanner/winrm/winrm_auth_methods
• exploit/windows/winrm/winrm_script_exec # change FORCE_VBS option to true idk why???