.. / Evil-Winrm-PKINIT
Star

Evil-WinRM uses the Windows Management Instrumentation (WMI) to give you an interactive shell on the Windows host. Winrm Supports PKINIT, meaning if you have a computers PFX file, you can authenticate and get a shell. Note that the command requires a public and a private key in PEM format, that can be extracted by converting the PFX to PEM format. Take a look at the references for more info on that. Password protected PFX files can be cracked with JohnTheRipper.

Command Reference:

Target IP: 10.10.10.1

PFX File: cert.pfx

Domain: EVILCORP

Command:

evil-winrm -i 10.10.10.1 -c pub.pem -k priv.pem -S -r EVILCORP

Extra code:

openssl pkcs12 -in certificate.pfx -out certificate.pem -clcerts

References:

https://github.com/Hackplayers/evil-winrm

https://book.hacktricks.xyz/cryptography/certificates

.. / Evil-Winrm-PKINIT Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / Evil-Winrm-PKINIT
Star