Security Stuff
  • About
  • HackTheBox
    • Windows
      • Forest
      • Escape
      • Timelapse
      • Support
    • Linux
      • TwoMillion
      • Soccer
      • Pollution
      • Pilgrimage
      • Sandworm
  • Windows
    • Authentication
      • Overview
      • Logon
      • Kerberos
      • Credential
    • Active Directory
      • Domain Service
        • LDAP
        • AD Objects
      • Key Distribution Center
      • Certificate Service
    • Windows Protocols
      • SMB
    • Windows Server
      • MSSQL
    • Execution
      • Windows APIs
      • Remote Access
        • WinRM
    • Credential Access
      • Kerberos Ticket
        • Kerberoasting Attack
        • Golden/Silver Ticket Attack
        • AS-REP Roasting Attack
      • OS Credential Dumping
        • DCsync Attack
      • Certified Pre-Owned
  • Linux
    • Management
      • Package
    • Process
      • Namespace
      • Terminal
  • Web
    • Authentication
      • SAML
      • OAuth
    • Enumeration
  • Defense
    • Windows
      • Windows Event Logs
  • Development
    • Programming Language
    • Database
      • MySQL
    • Virtualization
      • Container
    • Cryptography
      • GnuPG
Powered by GitBook
On this page
  • Introduction
  • Configuration
  • CIM Cmdlet
  • Older WMI Cmdlet
  • Remote Management
  • PowerShell Remoting
  1. Windows
  2. Execution
  3. Remote Access

WinRM

Introduction

Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol.

Configuration

CIM Cmdlet

Introduced in PowerShell ver 3.0.

Older WMI Cmdlet

The older WMI cmdlets use the DCOM protocol, which is compatible with older versions of Windows but may be blocked by firewall on newer versions of Windows.

Remote Management

The Get-CimInstance cmdlet uses the WSMan protocol by default. Read Should I use CIM or WMI with Windows PowerShell?.

We can test whether the WinRM service is running on a local or remote computer with Test-WSMan.

# The stack version can be determined using the `Test-WSMan` cmdlet. It needs to be version 3.0. to support WSMan
PS C:\> Test-WSMan -ComputerName dc01

Interactively get credential with Get-Credential

$cred = Get-Credential

or use System.Management.Automation.PSCredential

$passwd = ConvertTo-SecureString 'E3R$Q62^12p7PLlC%KWaxuaV' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ('svc_deploy', $p)

to query information from remote host.

$CimSession = New-CimSession -ComputerName dc01 -Credential (Get-Credential)
Get-CimInstance -CimSession $CimSession -ClassName Win32_BIOS

PowerShell Remoting

Microsoft Learn - Enter-PSSession

PreviousRemote AccessNextCredential Access

Last updated 1 year ago