5985,5986 - WinRm

Hacktricks

The Windows Remote Management (WinRM) is a simple Windows integrated remote management protocol based on the command line. WinRM uses the Simple Object Access Protocol (SOAP) to establish connections to remote hosts and their applications.

5985 HTTP
5986 HTTPS

FootPrinting

nmap -sV -sC <IP> -p5985,5986 --disable-arp-ping -n

If we want to find out whether one or more remote servers can be reached via WinRM, we can easily do this with the help of PowerShell. The Test-WsMan cmdlet is responsible for this, and the host's name in question is passed to it.

In Linux-based environments, we can use the tool called evil-winrm.

evil-winrm -i <IP> -u USER -p PASSWORD

Previous3389 - Pentesting RDP NextSQL Injections

Last updated 2 years ago