Skip to content

Evil-WinRm

Evil-WinRM connects to a target using the Windows Remote Management service combined with the PowerShell Remoting Protocol to establish a PowerShell session with the target.

By default, installed on kali. See winrm.

Basic usage

Example from HTB machine: Responder.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
evil-winrm -i $ip -u <username -p <password>

evil-winrm -i <ip> -u Administrator -H "<passwordhash>"
# -H: Hash

# Open a menu
menu

# There are some options there like
[+] Bypass-4MSI
[+] services
[+] upload
[+] download
[+] menu
[+] exit

# To use them, just run it on the terminal
Last update: 2025-01-11
Created: May 3, 2023 19:57:46