Winrm Enumeration Tools

evil-winrm

If you were able to crack or recover a password and the winrm service is open, you can use evil-winrm to get a shell (if the user you cracked the password for has permissions):

$ evil-winrm -i <target_IP> -u <username> -p <password>

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Port Scanning Tools

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

HTTP General Notes
Cross-Site Scripting (XSS)
- XSS Cheatsheet
- XSS Client side redirects
SQL Injection (SQLi)
Deserialization
Directory Fuzzing
IDOR Testing
Intigriti Bug Bounty Tips
Out of band exploitation
Server-Side Template Injection (SSTI) Help
Subdomain Enumeration
WebFOCUS
XXE Cheatsheet

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

Identifying Hash Types
Dumping Hashes
- 1. Cracking Hashes Offline
- 1. Cracking Hashes Online
  - Medusa
  - Hydra

6. Reporting

7. Random Notes/Useful Tidbits

Winrm Enumeration Tools

Winrm Enumeration Tools

evil-winrm

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!