WSMan-WinRM : Scripts For Executing Remote Commands

WSMan-WinRM : Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object

WSMan-WinRM is a collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.

Background

For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement

Notes

SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer to the code comments for required imports/references/etc.
All examples leverage the WMI Win32_Process class and WMI Create method for invocation.

Usage

SharpWSManWinRM.cs

 Usage: SharpWSManWinRM.exe <hostname> <command>
 Usage: SharpWSManWinRM.exe <hostname> <command> <domain\user> <password>

 Example: SharpWSManWinRM.exe host.domain.local notepad.exe
 Example: SharpWSManWinRM.exe host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd

WSManWinRM.ps1

 Usage: Invoke-WSManWinRM -hostname <hostname> -command <command>
 Usage: Invoke-WSManWinRM -hostname <hostname> -command <command> -user <domain\user> -password <password>

 Example: import-module .\WSManWinRM.ps1
          Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe
 Example: import-module .\WSManWinRM.ps1
          Invoke-WSManWinRM -hostname MyServer.domain.local -command calc.exe -user domain\joe.user -password P@ssw0rd

WSManWinRM.vbs

 Usage: cscript.exe SharpWSManWinRM.vbs <hostname> <command>
 Usage: cscript.exe SharpWSManWinRM.vbs <hostname> <command> <domain\user> <password>

 Example: cscript.exe SharpWSManWinRM.vbs host.domain.local notepad.exe
 Example: cscript.exe SharpWSManWinRM.vbs host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd

WSManWinRM.js

 Usage: cscript.exe SharpWSManWinRM.js <hostname> <command>
 Usage: cscript.exe SharpWSManWinRM.js <hostname> <command> <domain\user> <password>

 Example: cscript.exe SharpWSManWinRM.js host.domain.local notepad.exe
 Example: cscript.exe SharpWSManWinRM.js host.domain.local "cmd /c notepad.exe" domain\joe.user P@ssw0rd

CppWSManWinRM.cpp

 Usage: CppWSManWinRM.exe <hostname> <command>

 Example: CppWSManWinRM.exe host.domain.local notepad.exe
 
 Note: Username/password option does not work yet

Ethics

WSMan-WinRM is designed to help security professionals perform ethical and legal security assessments and penetration tests. Do not use for nefarious purposes.

Download

R K

Next ToRat : A Remote Administration Tool Written In Go Using Tor As A Transport Mechanism & RPC For Communication »

Previous « Stegseek : Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second

Published by

R K

Tags: WinRMWSMan-WinRMWSMan.Automation

3 years ago

Burrow – Breaking Through Firewalls With Open Source Ingenuity

Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…

8 hours ago

Cyber security

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification…

8 hours ago

Cyber security

Nutek-Apple : Unleashing Power On macOS And Linux

Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…

8 hours ago

Cyber security

SecureSphere Labs – A Haven For Cybersecurity Innovators And Ethical Hackers

Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…

8 hours ago

Cyber security

Vulpes/VulpOS : The Docker-Powered All-in-One Workstation For Penetration Testing And Offsec Labs

All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…

8 hours ago

Hacking Tools

LiCo-Extrator : Revolutionizing Icon Extraction Across Platforms

Got it! Below is the updated README.md file with instructions for downloading the project on…

1 day ago

Kali Linux Tutorials