WSMan-WinRM is a collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.
Background
For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement
Notes
Usage
SharpWSManWinRM.cs
Usage: SharpWSManWinRM.exe <hostname> <command>
Usage: SharpWSManWinRM.exe <hostname> <command> <domain\user> <password>
Example: SharpWSManWinRM.exe host.domain.local notepad.exe
Example: SharpWSManWinRM.exe host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd
WSManWinRM.ps1
Usage: Invoke-WSManWinRM -hostname <hostname> -command <command>
Usage: Invoke-WSManWinRM -hostname <hostname> -command <command> -user <domain\user> -password <password>
Example: import-module .\WSManWinRM.ps1
Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe
Example: import-module .\WSManWinRM.ps1
Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe -user domain\joe.user -password P@ssw0rd
WSManWinRM.vbs
Usage: cscript.exe SharpWSManWinRM.vbs <hostname> <command>
Usage: cscript.exe SharpWSManWinRM.vbs <hostname> <command> <domain\user> <password>
Example: cscript.exe SharpWSManWinRM.vbs host.domain.local notepad.exe
Example: cscript.exe SharpWSManWinRM.vbs host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd
WSManWinRM.js
Usage: cscript.exe SharpWSManWinRM.js <hostname> <command>
Usage: cscript.exe SharpWSManWinRM.js <hostname> <command> <domain\user> <password>
Example: cscript.exe SharpWSManWinRM.js host.domain.local notepad.exe
Example: cscript.exe SharpWSManWinRM.js host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd
CppWSManWinRM.cpp
Usage: CppWSManWinRM.exe <hostname> <command>
Example: CppWSManWinRM.exe host.domain.local notepad.exe
Note: Username/password option does not work yet
Ethics
WSMan-WinRM is designed to help security professionals perform ethical and legal security assessments and penetration tests. Do not use for nefarious purposes.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…