Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Evil-Winrm : Winrm Pentesting Framework
Introduction
Penetration testing is a crucial aspect of securing modern systems and networks. It helps identify potential vulnerabilities that attackers can exploit. With the growing complexity of systems and the plethora of attack vectors available, the tools used for penetration testing have evolved over the years. One such tool, Evil-WinRM, has become a go-to tool for pentesters when it comes to attacking Windows-based systems.
What is Evil-WinRM?
Evil-WinRM, an open source penetration testing framework, is designed to provide an easy and efficient way to automate various tasks and run complex commands on a remote Windows machine. It is a powerful tool that allows pentesters to leverage the Windows Remote Management (WinRM) protocol to execute commands, upload and download files, and run PowerShell scripts.
Getting started with Evil-WinRM
To get started with Evil-WinRM, you need to install the tool and then establish a connection to the remote Windows machine. Evil-WinRM can be installed using the Ruby-Gem package manager by typing the following command −
$ gem install evil-winrm
Establish a connection
To establish a connection to the remote computer, use the following command −
$ evil-winrm -i <IP address of remote machine> -u <username> -p <password>
For example, to connect to a remote machine with the IP address ‘192.168.43.120’ using the username "Administrator" and the password "Secret123", type the following command −
$ evil-winrm -i 192.168.43.120 -u Administrator -p Secret123
After successful authentication, you will be presented with the Evil-WinRM shell. From here you can run commands, upload and download files, and run PowerShell scripts.
Using Evil-WinRM to run commands
One of the main functions of Evil-WinRM is to execute commands on the remote machine. To do this, simply type the command you want to run in the Evil-WinRM shell. For example, to list the contents of the "C:" directory on the remote machine, type the following command −
$ dir C:\
The output will look like this −
Volume in drive C has no label.
Volume Serial Number is XXXXX-XXXXX
Directory of C:\
02/05/2023 09:17 AM <DIR> Program Files
02/05/2023 09:17 AM <DIR> Windows
0 File(s) 0 bytes
2 Dir(s) XXXXXXXXXXXXXXXXX bytes free
Upload files with Evil-WinRM
Another useful feature of Evil-WinRM is the ability to upload files to the remote machine. This can be useful when, for example, an executable needs to be loaded onto the remote machine for execution. To upload a file, use the following command −
$ upload <local file path> <remote file path>
For example, to upload a file named "evil.exe" from the local computer to the "C:\Windows\System32" directory on the remote computer, type the following command −
$ upload evil.exe C:\Windows\System32\evil.exe
The output of the command will be similar to the following −
Uploading evil.exe to C:\Windows\System32\evil.exe... File uploaded successfully!
Executing PowerShell Scripts with Evil-WinRM
Another useful feature of Evil-WinRM is the ability to execute PowerShell scripts on the remote machine. This can be useful when you need to run complex scripts that perform a variety of tasks, such as extracting information or exploiting vulnerabilities. To execute a PowerShell script, use the following command −
$ powershell_script <script path>
For example, to execute a PowerShell script named "script.ps1", type the following command −
$ powershell_script script.ps1
The output of the command will be similar to the following −
Executing script.ps1... [script output here] Script execution complete!
Exploring Windows Services with Evil-WinRM
Another important aspect of penetration testing is the analysis of Windows services running on the target machine. With Evil-WinRM, you can easily enumerate and analyze the services running on a remote Windows machine. To list all the services, you can use the following command −
$ services
The output of the command will be similar to the following −
Listing services... [list of services here] Service listing complete!
From the list of services, you can identify the ones that are running with elevated privileges or are vulnerable to attack. You can then proceed to exploit these services to gain access to the target machine.
Conclusion
In conclusion, Evil-WinRM is a powerful and versatile penetration testing tool that provides pentesters with an easy and efficient way to attack Windows-based systems. From running commands and uploading files to running PowerShell scripts, Evil-WinRM has everything you need to do a complete penetration test. With its ease of use and powerful features, Evil-WinRM is a must in any pentester's arsenal.
567 Views
