evil-winrm
PassTheCert
evil-winrm | PassTheCert | |
---|---|---|
4 | 2 | |
4,173 | 494 | |
1.3% | 2.6% | |
0.0 | 5.3 | |
4 days ago | 5 months ago | |
Ruby | Python | |
GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
evil-winrm
-
HackTheBox - Writeup Authority [Retired]
┌──(root㉿kali)-[/home/kali/hackthebox/machines-windows/authority] └─# evil-winrm -i authority.htb -u svc_ldap -p 'lDaP_1n_th3_cle4r!' Evil-WinRM shell v3.4 Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion Info: Establishing connection to remote endpoint *Evil-WinRM* PS C:\Users\svc_ldap\Documents>
- Release v3.5 · Evil WinRM - This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it.
-
Active Directory in CTFs
Evil-WinRM exploits WinRM, a protocol used by system administrators on Windows servers.
- GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
PassTheCert
- HackTheBox - Writeup Authority [Retired]
-
Certpotato : using adcs to privesc from service accounts to local system
Man, I love ADCS. There’s so many options to get DA. Here’s another trick. I’ve been in situations where PKINIT isn’t set up so certificates can’t be used for authentication. Enter PassTheCert!
What are some alternatives?
rport - remote access and remote management
DevChecker - Access remote Windows devices for common IT admin tasks and information
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
heimdal - Heimdal
WhatWeb - Next generation web scanner
ruby-pwsh - A ruby gem for interacting with PowerShell
spellcheck-action - GitHub Action for checking code & Pull Requests for spelling mistakes
MIXON - Next generation cyber security research and testing software.
bashcov - Code coverage tool for Bash
urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
docker-escape-tool - Tool to test if you're in a Docker container and attempt simple breakouts
CrackMapExec - A swiss army knife for pentesting networks