🔬WinRM
Lab 1
🔬 WinRM: Exploitation with Metasploit
Target IP:
10.4.30.175WinRM exploitation
Dictionaries to use:
/usr/share/metasploit-framework/data/wordlists/common_users.txt
/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
Enumeration
ping 10.4.30.175
nmap --top-ports 7000 10.4.30.175PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
5985/tcp open wsman
CrackMapExec Brute-force
Use
crackmapexectool to confirm WinRM is running on port5985
Execute specific Windows commands
evil-WinRM Shell
Get a command shell session using
evil-winrmtool
Meterpreter Session
Last updated
Was this helpful?