PoC
evil-winrm
| PoC | evil-winrm | |
|---|---|---|
| 10 | 4 | |
| 788 | 4,173 | |
| - | 1.6% | |
| 5.3 | 0.0 | |
| 3 months ago | 5 days ago | |
| Ruby | Ruby | |
| GNU General Public License v3.0 only | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PoC
- Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) using a vulnerability in 2017 in 2022 (it wasn't patched prior March 2021)
- Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
-
Windows filehosting
And the fix that they couldn't be bothered to implement? Literally one line of code.
- Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
- “Podem tomar o controlo da sua TV e espiá-lo com a câmara e o microfone”. Ataque à Vodafone analisado por um dos maiores ‘hackers’ do mundo
- RCE vulnerability in TIBCO Data Virtualization
- Pwning Cisco ISE: from XSS to a root shell (w/ exploit video)
- Command Injection and SQL Injection Vulnerabilities in Micro Focus Operations Bridge Reporter (CVE-2021-22502)
- Unauth cmd injection as root on login / logout (plus other hilarious vulns) in Micro Focus Operations Bridge Reporter
-
How We Hacked a TP-Link Router and Took Home $55.000 in Pwn2Own
If you already have a day job in security, the $500 the manufacturer will give you won't give you a big boost. I prefer to drop the advisory and exploit after they fixed it even if I don't get money, as that gives me more street credz amongst the hacker crowd. See my github for examples: https://github.com/pedrib/PoC
evil-winrm
-
HackTheBox - Writeup Authority [Retired]
┌──(root㉿kali)-[/home/kali/hackthebox/machines-windows/authority] └─# evil-winrm -i authority.htb -u svc_ldap -p 'lDaP_1n_th3_cle4r!' Evil-WinRM shell v3.4 Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion Info: Establishing connection to remote endpoint *Evil-WinRM* PS C:\Users\svc_ldap\Documents>
- Release v3.5 · Evil WinRM - This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it.
-
Active Directory in CTFs
Evil-WinRM exploits WinRM, a protocol used by system administrators on Windows servers.
- GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
What are some alternatives?
CVE-2021-36260 - command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
rport - remote access and remote management
dawnscanner - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
DevChecker - Access remote Windows devices for common IT admin tasks and information
WhatWeb - Next generation web scanner
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
mad-metasploit - Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
heimdal - Heimdal
ruby-pwsh - A ruby gem for interacting with PowerShell
spellcheck-action - GitHub Action for checking code & Pull Requests for spelling mistakes
MIXON - Next generation cyber security research and testing software.