evil-winrm-py
Python-based tool for executing commands on remote Windows machines using the WinRM protocol. Provides an interactive shell with file upload/download, command history, and colorized output.
Description
evil-winrm-py is a Python tool designed for remote command execution on Windows machines via WinRM (Windows Remote Management). It offers an interactive shell enhanced with features like file transfer capabilities, command history, and colorized output for better usability during penetration testing and red team operations.
The tool supports multiple authentication methods, including NTLM, Pass-the-Hash, Certificate, and Kerberos, making it versatile for various network environments and privilege escalation scenarios. It is particularly useful in post-exploitation phases where WinRM is enabled on target Windows systems.
As a Kali Linux package, it integrates seamlessly into offensive security workflows, providing a reliable alternative to native WinRM clients with added security testing features.
How It Works
evil-winrm-py leverages the WinRM protocol over HTTP or HTTPS to establish sessions with remote Windows hosts. It uses python3-pypsrp for WS-Management protocol handling, supports NTLM/Kerberos authentication via python3-kerberos, and implements an interactive shell with prompt-toolkit for enhanced user experience. Features like file upload/download utilize WinRM's native transport, while options for hashes, certificates, and private keys enable advanced auth bypass techniques such as Pass-the-Hash.
Installation
sudo apt install evil-winrm-pyFlags
Examples
evil-winrm-py -hevil-winrm-py -i IP -u USER -p PASSWORDevil-winrm-py -i IP -u USER -H HASHevil-winrm-py -i IP --priv-key-pem key.pem --cert-pem cert.pemevil-winrm-py -i IP -u USER --port 5986 --sslewp -i IP -u USER -p PASSWORDewp -h