Evil-WinRM

Evil-WinRM

Evil-WinRM is a powerful WinRM shell designed for hacking and pentesting Windows systems. It leverages the Windows Remote Management (WinRM) service to provide a command-line interface with advanced features for post-exploitation scenarios.

Key Features:

• In-Memory Script Loading: Load PowerShell scripts directly into memory, reducing disk footprint and evading some antivirus solutions.
• DLL and C# Assembly Loading: Load DLL files and C# assemblies in memory to execute custom code.
• Dynamic AMSI Bypass: Bypasses the Antimalware Scan Interface (AMSI) to avoid detection by antivirus software.
• Pass-the-Hash Support: Authenticate using NTLM hashes, eliminating the need for cleartext passwords.
• Kerberos Authentication: Supports Kerberos authentication for secure access to domain resources.
• File Transfer: Upload and download files with progress bar.
• Service Enumeration: List remote machine services without requiring elevated privileges.
• ETW Bypass: Bypasses Event Tracing for Windows.

Use Cases:

• Post-Exploitation: Execute commands and transfer files on compromised Windows systems.
• Red Teaming: Simulate real-world attacks to assess an organization's security posture.
• Penetration Testing: Identify vulnerabilities and exploit weaknesses in Windows environments.
• Security Research: Analyze Windows security mechanisms and develop new attack techniques.