Offensive Playbook
Toggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Win Rm

Configuring WinRM

Windows GUI 

Run > services.msc > Windows Remote Management (WS-Management)
	Start the Service


Run > gpedit.msc > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service 
	Set "Allow remote server management through WinRM" to enabled


Run > wf.msc > Inbound Rules > Windows Remote Management (HTTP-In)
	Set the rule to enabled for public


Run > services.msc > Windows Remote Management (WS-Management)
	Start service again

Run > gpedit.msc > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client
	Set "Trusted Hosts" to "*"

Run > compmgmt.msc > Local Users and Groups > Users > 
	Create a new user with a password that doesnt expire
	Right click new user > Properties > Member Of 
	Add this user to the Administrators and Remote Management Users Groups

PowerShell 

# start the service
Start-Service WinRM

# configure WinRM for remote manegement and add exception to firewall
Set-WSManQuickConfig 
# enter "Y" at the prompt

# create a password variable and use it to create a local user
$securestring = convertto-securestring "password" -asplaintext -force
New-LocalUsers "winrmuser" -Password $securestring -FullName "winRM User" -Description "winrm account"
Add-LocalGroupMember -Name 'Administrators' -Member 'winrmuser'

# on the attacking windows machine

# start the service
Start-Service WinRM

Set-Item wsman:localhost\client\trustedhosts -value *
# enter "Y" at the prompt

CMD 

# start the winrm and configure the service
winrm quickconfig

Create another user using the powershell method earlier or net user, add to Administrators group