evil-winrm
evil-winrm is awesome for PowerShell remoting into devices - even with just a local admin hash!
Connect to host with evil-winrm using docker and an account hash
sudo docker run --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 1.2.3.4 -u administrator -H YOUR-HASH-GOES-HERE
If you're going to connect with a password, replace -H YOUR-HASH-GOES-HERE
with -p YOUR-PASS-HERE
.
Connect to host with a local directory mapped for uploads and downloads
This is important. If you're going to connect to a host and want to be able to upload/download files, you need to map a drive like so:
sudo docker run -v /home/sevminsec/Desktop/payloads:/data --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 192.168.1.1 -u 7ms -p supsecpass!