Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting - Hi friends mederc, In the article that you read this time with the title Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Bypassing, Article Evil-Winrm, Article Microsoft, Article Penetration Testing, Article Pentesting Windows, Article Post-Exploitation, Article PowerShell, Article Remote Management, Article Ruby, Article Windows, Article WinRM, we write this you can understand. Alright, happy reading.

Title : Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting
link : Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting

Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting

The ultimate WinRM trounce for hacking/pentesting.

   ___ __ __  ____  _                     /  _]  |  ||    || |                   /  [_|  |  | |  | | |                  |    _]  |  | |  | | |___               |   [_|  :  | |  | |     |              |     |\   /  |  | |     |              |_____| \_/  |____||_____|                                                       __    __  ____  ____   ____   ___ ___  |  |__|  ||    ||    \ |    \ |   |   | |  |  |  | |  | |  _  ||  D  )| _   _ | |  |  |  | |  | |  |  ||    / |  \_/  | |  `  '  | |  | |  |  ||    \ |   |   |  \      /  |  | |  |  ||  .  \|   |   |   \_/\_/  |____||__|__||__|\_||___|___|                                                                     By: CyberVaca@HackPlayers

Description & Purpose
This trounce is the ultimate WinRM trounce for hacking/pentesting.
WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. H5N1 touchstone SOAP based protocol that allows hardware as well as operating systems from unlike vendors to interoperate. Microsoft included it inwards their Operating Systems inwards social club to brand life easier to arrangement adminsitrators.
This plan tin give the sack move used on whatsoever Microsoft Windows Servers amongst this characteristic enabled (usually at port 5985), of course of report exclusively if y'all convey credentials as well as permissions to work it. So nosotros tin give the sack say that it could move used inwards a post-exploitation hacking/pentesting phase. The purpose of this plan is to supply overnice as well as easy-to-use features for hacking. It tin give the sack move used amongst legitimate purposes yesteryear arrangement administrators besides but the nearly of its features are focused on hacking/pentesting stuff.

Features

• Command History
• WinRM dominance completion
• Local files completion
• Upload as well as download files
• List remote machine services
• FullLanguage Powershell linguistic communication mode
• Load Powershell scripts
• Load inwards retentiveness dll files bypassing to a greater extent than or less AVs
• Load inwards retentiveness C# (C Sharp) compiled exe files bypassing to a greater extent than or less AVs
• Colorization on output messages (can move disabled optionally)

Help

Usage: evil-winrm -i IP -u USER -s SCRIPTS_PATH -e EXES_PATH [-P PORT] [-p PASS] [-U URL]     -i, --ip IP                      Remote host IP or hostname (required)     -P, --port PORT                  Remote host port (default 5985)     -u, --user USER                  Username (required)     -p, --password PASS              Password     -s, --scripts PS_SCRIPTS_PATH    Powershell scripts path (required)     -e, --executables EXES_PATH      C# executables path (required)     -U, --url URL                    Remote url endpoint (default /wsman)     -V, --version                    Show version     -h, --help                       Display this assist message

Requirements
Ruby 2.3 or higher is needed. Some ruby gems are needed every bit well: winrm >=2.3.2, winrm-fs >=1.3.2, stringio >=0.0.2 as well as colorize >=0.8.1.
$ sudo precious rock install winrm winrm-fs colorize stringio

Installation & Quick Start

• Step 1. Clone the repo: git clone https://github.com/Hackplayers/evil-winrm.git
• Step 2. Ready. Just launch it! $ cd evil-winrm && ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'

If y'all don't desire to seat the password inwards clear text, y'all tin give the sack optionally avoid to fix -p declaration as well as the password volition move prompted preventing to move shown.
To work IPv6, the address must move added to /etc/hosts.

Alternative installation method every bit ruby gem

• Step 1. Install it: gem install evil-winrm
• Step 2. Ready. Just launch it! $ evil-winrm -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'

Documentation

Basic commands

• upload: local files tin give the sack move auto-completed using tab key. It is non needed to seat a remote_path if the local file is inwards the same directory every bit evil-winrm.rb file.
  
  • usage: upload local_path remote_path
• download: it is non needed to fix local_path if the remote file is inwards the electrical current directory.
  
  • usage: download remote_path local_path
• services: listing all services. No administrator permissions needed.
  
• menu: charge the Invoke-Binary as well as l04d3r-LoadDll functions that nosotros volition explicate below. When a ps1 is loaded all its functions volition move shown up.

Load powershell scripts

• To charge a ps1 file y'all only convey to type the refer (auto-completion usnig tab allowed). The scripts must move inwards the path fix at -s argument. Type carte 1 time again as well as run across the loaded functions.
  

Advanced commands

• Invoke-Binary: allows exes compiled from c# to move executed inwards memory. The refer tin give the sack move auto-completed using tab fundamental as well as allows upwards to iii parameters. The executables must move inwards the path fix at -e argument.
  

• l04d3r-LoadDll: allows loading dll libraries inwards memory, it is equivalent to: [Reflection.Assembly]::Load([IO.File]::ReadAllBytes("pwn.dll"))
  The dll file tin give the sack move hosted yesteryear smb, http or locally. Once it is loaded type menu, as well as thus it is possible to autocomplete all functions. 

Extra features

• To disable colors only alter on code this variable $colors_enabled. Set it to false: $colors_enabled = false

Credits:
Main author:

• cybervaca

Collaborators, developers, documenters, testers as well as supporters:

• OscarAkaElvis
• jarilaos
• vis0r

Hat tip to:

• Alamot for his original code.
• 3v4Si0N for his awesome dll loader.

Disclaimer & License
This script is licensed nether LGPLv3+. Direct link to License.
Evil-WinRM should move used for authorized penetration testing and/or nonprofit educational purposes only. Any misuse of this software volition non move the responsibleness of the writer or of whatsoever other collaborator. Use it at your ain servers and/or amongst the server owner's permission.

Download Evil-Winrm

Thus the article Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting

That's all the article Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Evil-Winrm - The Ultimate Winrm Trounce For Hacking/Pentesting with the link address https://mederc.blogspot.com/2013/06/evil-winrm-ultimate-winrm-trounce-for.html

Share this post