tldr/pages/common/evil-winrm.md

# evil-winrm

> Windows Remote Management (WinRM) shell for pentesting.
> Once connected, we get a PowerShell prompt on the target host.
> More information: <https://github.com/Hackplayers/evil-winrm>.

- Connect to a host:

`evil-winrm {{[-i|--ip]}} {{ip}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}}`

- Connect to a host using pass-the-hash authentication instead of a password:

`evil-winrm {{[-i|--ip]}} {{ip}} {{[-u|--user]}} {{user}} {{[-H|--hash]}} {{nt_hash}}`

- Connect to a host, specifying directories for PowerShell scripts and executables:

`evil-winrm {{[-i|--ip]}} {{ip}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-s|--scripts]}} {{path/to/scripts}} {{[-e|--executables]}} {{path/to/executables}}`

- Connect to a host, using SSL:

`evil-winrm {{[-i|--ip]}} {{ip}} {{[-u|--user]}} {{user}} {{[-p|--password]}} {{password}} {{[-S|--ssl]}} {{[-c|--pub-key]}} {{path/to/pubkey}} {{[-k|--priv-key]}} {{path/to/privkey}}`

- Upload a file to the host:

`PS > upload {{path/to/local/file}} {{path/to/remote/file}}`

- List all loaded PowerShell functions:

`PS > menu`

- Load a PowerShell script from the `--scripts` directory:

`PS > {{script.ps1}}`

- Invoke a binary on the host from the `--executables` directory:

`PS > Invoke-Binary {{binary.exe}}`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00			`# evil-winrm`

			`> Windows Remote Management (WinRM) shell for pentesting.`
			`> Once connected, we get a PowerShell prompt on the target host.`
			`> More information: <https://github.com/Hackplayers/evil-winrm>.`

			`- Connect to a host:`

evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`evil-winrm {{[-i\|--ip]}} {{ip}} {{[-u\|--user]}} {{user}} {{[-p\|--password]}} {{password}}`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`- Connect to a host using pass-the-hash authentication instead of a password:`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`evil-winrm {{[-i\|--ip]}} {{ip}} {{[-u\|--user]}} {{user}} {{[-H\|--hash]}} {{nt_hash}}`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`- Connect to a host, specifying directories for PowerShell scripts and executables:`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`evil-winrm {{[-i\|--ip]}} {{ip}} {{[-u\|--user]}} {{user}} {{[-p\|--password]}} {{password}} {{[-s\|--scripts]}} {{path/to/scripts}} {{[-e\|--executables]}} {{path/to/executables}}`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
			`- Connect to a host, using SSL:`

evil-winrm: add long/short options (#16865) * evil-winrm: add long options * PtH 2025-06-16 06:03:10 +03:00			`evil-winrm {{[-i\|--ip]}} {{ip}} {{[-u\|--user]}} {{user}} {{[-p\|--password]}} {{password}} {{[-S\|--ssl]}} {{[-c\|--pub-key]}} {{path/to/pubkey}} {{[-k\|--priv-key]}} {{path/to/privkey}}`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
			`- Upload a file to the host:`

			`PS > upload {{path/to/local/file}} {{path/to/remote/file}}`

pages: improve list placeholders and wording of descriptions (#12111) pages: improve wording and list placeholders clamav: fix verb tenses Co-authored-by: Juri Dispan <juri.dispan@posteo.net> * buzzphrase: use k instead of n for number of phrases Co-authored-by: Juri Dispan <juri.dispan@posteo.net> * adguardhome: use non-default instead of different * adguardhome: use configuration instead of config Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com> * goimports, module: fix list placeholders Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com> * pages: leave stems and extensions in the same placeholders pages: fix list placeholders pages: fix list placeholders pages: apply suggestions from code review Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> qpdf: enclose n with backticks Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> --------- Co-authored-by: Juri Dispan <juri.dispan@posteo.net> Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com> Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> 2024-01-31 00:55:19 -03:00			`- List all loaded PowerShell functions:`
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
			`PS > menu`

evil-winrm: change folder to directory 2021-01-10 14:35:37 -05:00			- Load a PowerShell script from the `--scripts` directory:
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
			`PS > {{script.ps1}}`

evil-winrm: change folder to directory 2021-01-10 14:35:37 -05:00			- Invoke a binary on the host from the `--executables` directory:
evil-winrm: add page (#3956) Co-authored-by: Zlatan Vasović <zlatanvasovic@gmail.com> 2020-04-06 12:59:55 +02:00
			`PS > Invoke-Binary {{binary.exe}}`