5985,5986 - WinRm

Hacktricks

The Windows Remote Management (WinRM) is a simple Windows integrated remote management protocol based on the command line. WinRM uses the Simple Object Access Protocol (SOAP) to establish connections to remote hosts and their applications.

• 5985 HTTP

• 5986 HTTPS

FootPrinting

nmap -sV -sC <IP> -p5985,5986 --disable-arp-ping -n

If we want to find out whether one or more remote servers can be reached via WinRM, we can easily do this with the help of PowerShell. The Test-WsMan cmdlet is responsible for this, and the host's name in question is passed to it.

In Linux-based environments, we can use the tool called evil-winrm.

evil-winrm -i <IP> -u USER -p PASSWORD