evil-winrm

evil-winrm is awesome for PowerShell remoting into devices - even with just a local admin hash!

Connect to host with evil-winrm using docker and an account hash

sudo docker run --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 1.2.3.4 -u administrator -H YOUR-HASH-GOES-HERE

If you're going to connect with a password, replace -H YOUR-HASH-GOES-HERE with -p YOUR-PASS-HERE.

Connect to host with a local directory mapped for uploads and downloads

This is important. If you're going to connect to a host and want to be able to upload/download files, you need to map a drive like so:

sudo docker run -v /home/kali/Desktop/share:/data --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 192.168.1.1 -u 7ms -p supsecpass!