WinRM

Ports: TCP/5985, TCP/5986

nmap -sV -sC 10.129.201.248 -p5985,5986 --disable-arp-ping -n

If we want to find out whether one or more remote servers can be reached via WinRM, we can easily do this with the help of PowerShell. The Test-WsMan cmdlet is responsible for this, and the host's name in question is passed to it. In Linux-based environments, we can use the tool called evil-winrm, another penetration testing tool designed to interact with WinRM.

evil-winrm -i 10.129.201.248 -u Cry0l1t3 -p P455w0rD!

PreviousRDP NextWeb Information Gathering

Last updated 2 months ago