Evil-WinRM
Evil-WinRM is a powerful WinRM shell designed for hacking and pentesting Windows systems. It leverages the Windows Remote Management (WinRM) service to provide a command-line interface with advanced features for post-exploitation scenarios.
Key Features:
- In-Memory Script Loading: Load PowerShell scripts directly into memory, reducing disk footprint and evading some antivirus solutions.
- DLL and C# Assembly Loading: Load DLL files and C# assemblies in memory to execute custom code.
- Dynamic AMSI Bypass: Bypasses the Antimalware Scan Interface (AMSI) to avoid detection by antivirus software.
- Pass-the-Hash Support: Authenticate using NTLM hashes, eliminating the need for cleartext passwords.
- Kerberos Authentication: Supports Kerberos authentication for secure access to domain resources.
- File Transfer: Upload and download files with progress bar.
- Service Enumeration: List remote machine services without requiring elevated privileges.
- ETW Bypass: Bypasses Event Tracing for Windows.
Use Cases:
- Post-Exploitation: Execute commands and transfer files on compromised Windows systems.
- Red Teaming: Simulate real-world attacks to assess an organization's security posture.
- Penetration Testing: Identify vulnerabilities and exploit weaknesses in Windows environments.
- Security Research: Analyze Windows security mechanisms and develop new attack techniques.
