provocativo_
back to the arsenal
// arsenal·Post-ExploitIntermediateFOSS

Evil-WinRM

WinRM shell client for Windows post-exploit — the 'ssh' of WinRM.

Post-Exploit

$ evil-winrm --help

Evil-WinRM

// what it is

Description

Ruby tool to connect to WinRM-enabled Windows hosts with username/password or NTLM hash. Includes built-in upload/download and PowerShell helpers.

// use cases

What people use it for

  • WinRM-based shell access
  • PtH WinRM

// commands

The commands you'll type

Connect with hash

$ evil-winrm -i target -u admin -H <hash>

// facts

category
Post-Exploit
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Post-Exploit

Post-ExploitAdvanced

Mimikatz

Benjamin Delpy's Windows credential-theft Swiss Army knife.

FOSS
WIN
open entry →
Post-ExploitAdvanced

Impacket

SecureAuth (now Fortra) Python toolkit for low-level Windows network protocols.

FOSS
LIN·WIN·MAC
open entry →
Post-ExploitAdvanced

BloodHound

Active Directory attack-path visualizer — graphs the shortest path to Domain Admin.

FOSS
LIN·WIN·MAC
open entry →