#
evil-winrm
evil-winrm is awesome for PowerShell remoting into devices - even with just a local admin hash!
#
Connect to host with evil-winrm using docker and an account hash
sudo docker run --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 1.2.3.4 -u administrator -H YOUR-HASH-GOES-HEREIf you're going to connect with a password, replace -H YOUR-HASH-GOES-HERE with -p YOUR-PASS-HERE.
#
Connect to host with a local directory mapped for uploads and downloads
This is important. If you're going to connect to a host and want to be able to upload/download files, you need to map a drive like so:
sudo docker run -v /home/sevminsec/Desktop/payloads:/data --rm -ti --name evil-winrm oscarakaelvis/evil-winrm -i 192.168.1.1 -u 7ms -p supsecpass!
#
Use Kerberos
The README talks about how to get Kerberos going with evil-winrm, and I'm not sure how necessary the installation of the Kerberos packages was, nor the editing of /etc/krb5.conf. But what I DO know is I got all sorts of errors trying to get the Kerberos connection made until I did the following command inside of exegol:
evil-winrm -i HOST -r domain.com