Skip to content

y0k4i-1337/winrm-brute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
winrm-brute.rb
winrm-brute.rb
 
 

Repository files navigation

winrm-brute

A brute-force tool against WinRM service.

THIS TOOL IS FOR LEGAL PURPOSES ONLY!

Introduction

This tool will try to connect to a given target using the credentials provided and run a single command to check if it was successful.

The brute-force attack is intended to test the security of systems in scenarios like penetration testing. Don't use it against system you are not authorized to.

Installation

First, clone the git repository:

git clone https://github.com/mchoji/winrm-brute

The easiest way to get started is using Bundler.

Bundler

After cloning the repository, just run:

cd winrm-brute
bundle config path vendor/bundle
bundle install

How to Use

To check the available options, just call the program without arguments or with -h.

$bundle exec ./winrm-brute.rb
Usage: winrm-brute.rb [options] HOST
    -u USER                          A specific username to authenticate as
    -U USERFILE                      File containing usernames, one per line
    -p PASSWORD                      A specific password to authenticate with
    -P PASSWORDFILE                  File containing passwords, one per line
    -t TIMEOUT                       Timeout for each attempt, in seconds (default: 1)
    -q, --quiet                      Do not write all login attempts
        --port=PORT                  The target TCP port (default: 5985)
        --uri=URI                    The URI of the WinRM service (default: /wsman)
    -h, --help                       Show this message

To start brute-forcing using usernames and passwords contained in files, you can run:

$bundle exec ./winrm-brute.rb -U users.txt -P passwords.txt 10.0.0.1

Example output:

Trying admin:password
Trying admin:P@ssw0rd
Trying Guest:password
Trying Guest:P@ssw0rd
Trying DefaultAccount:password
Trying DefaultAccount:P@ssw0rd
Trying bob:password
Trying bob:P@ssw0rd
[SUCCESS] user: bob password: P@ssw0rd
Trying john:password
Trying john:P@ssw0rd

Use the -q option to omit the "Trying" messages.

Dependencies

The only dependency is WinRM Ruby gem.

Supported Authentication Methods

Currently, the only authentication method supported by winrm-brute is the negotiate protocol. However, WinRM gem supports methods like SSL and Kerberos, so this tool should be easily extended to support those as well.

WinRM Service

Windows Remote Management (WinRM) is a Windows service that allows a user to run commands remotely. See the official documentation for more information.

Authors

M. Choji - @mchoji

License

winrm-brute is licensed under the Apache License, Version 2.0. See LICENSE for more information.

About

A brute-force tool against WinRM service.

Topics

ruby brute-force winrm

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages