LogoHackDB
icon of Evil-WinRM

Evil-WinRM

Evil-WinRM is the ultimate WinRM shell for hacking/pentesting, offering features like in-memory script loading and AMSI bypass.

Introduction

Evil-WinRM

Evil-WinRM is a powerful WinRM shell designed for hacking and pentesting Windows systems. It leverages the Windows Remote Management (WinRM) service to provide a command-line interface with advanced features for post-exploitation scenarios.

Key Features:

  • In-Memory Script Loading: Load PowerShell scripts directly into memory, reducing disk footprint and evading some antivirus solutions.
  • DLL and C# Assembly Loading: Load DLL files and C# assemblies in memory to execute custom code.
  • Dynamic AMSI Bypass: Bypasses the Antimalware Scan Interface (AMSI) to avoid detection by antivirus software.
  • Pass-the-Hash Support: Authenticate using NTLM hashes, eliminating the need for cleartext passwords.
  • Kerberos Authentication: Supports Kerberos authentication for secure access to domain resources.
  • File Transfer: Upload and download files with progress bar.
  • Service Enumeration: List remote machine services without requiring elevated privileges.
  • ETW Bypass: Bypasses Event Tracing for Windows.

Use Cases:

  • Post-Exploitation: Execute commands and transfer files on compromised Windows systems.
  • Red Teaming: Simulate real-world attacks to assess an organization's security posture.
  • Penetration Testing: Identify vulnerabilities and exploit weaknesses in Windows environments.
  • Security Research: Analyze Windows security mechanisms and develop new attack techniques.

Information

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates