WSMan-WinRM – A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
A collection of evidence-of-strategy supply code and scripts for executing remote commands more than WinRM working with the WSMan.Automation COM object.
History
For background information, please refer to the pursuing site write-up: WS-Administration COM: An additional Solution for WinRM Lateral Movement
Notes
- SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visible Studio 2019. Refer to the code comments for demanded imports/references/and many others.
- All examples leverage the WMI Win32_Course of action course and WMI Produce method for invocation.
Use
SharpWSManWinRM.cs
Utilization: SharpWSManWinRM.exe
Utilization: SharpWSManWinRM.exe
Case in point: SharpWSManWinRM.exe host.area.local notepad.exe
Case in point: SharpWSManWinRM.exe host.domain.nearby "cmd /c notepad.exe" domainjoe.consumer P@ssw0rd
WSManWinRM.ps1
Usage: Invoke-WSManWinRM -hostname -command
Usage: Invoke-WSManWinRM -hostname -command -consumer -password
Illustration: import-module .WSManWinRM.ps1
Invoke-WSManWinRM -hostname MyServer.domain.community -command calc.exe
Illustration: import-module .WSManWinRM.ps1
Invoke-WSManWinRM -hostname MyServer.domain.area -command calc.exe -consumer domainjoe.consumer -password P@ssw0rd
WSManWinRM.vbs
Usage: cscript.exe SharpWSManWinRM.vbs
Use: cscript.exe SharpWSManWinRM.vbs
Case in point: cscript.exe SharpWSManWinRM.vbs host.domain.community notepad.exe
Example: cscript.exe SharpWSManWinRM.vbs host.domain.regional "cmd /c notepad.exe" domainjoe.user P@ssw0rd
WSManWinRM.js
Usage: cscript.exe SharpWSManWinRM.js
Usage: cscript.exe SharpWSManWinRM.js
Example: cscript.exe SharpWSManWinRM.js host.area.area notepad.exe
Instance: cscript.exe SharpWSManWinRM.js host.domain.nearby "cmd /c notepad.exe" domainjoe.person P@ssw0rd
CppWSManWinRM.cpp
Utilization: CppWSManWinRM.exe
Case in point: CppWSManWinRM.exe host.area.community notepad.exe
Be aware: Username/password alternative does not do the job but
Ethics
WSMan-WinRM is designed to support stability industry experts accomplish moral and authorized safety assessments and penetration exams. Do not use for nefarious applications.
