Evil-winrm error on connection to host

Hi, I am receiving an error that i have been unable to fix and find a solution for online.
I am running on OS: Ubuntu 22.04 LTS x86_64.
I am able to connect if i run the same command via kali or the docker file supplied in the evil-winrm git repo. Any solution to this issue would be greatly appreciated!

evil-winrm -u administrator -p badminton -i 10.129.239.174

Evil-WinRM shell v3.3

Info: Establishing connection to remote endpoint

Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error

Error: Exiting with code 1

I too am running into this error.

@LordOfr0 Did you find the solution in the past 15 days?

Yes it is related to this issue Lab Access Openvpn certificate verify failed

If you fix this it will fix the evil-winrm issue

Strange. I’m using the starting machines, and it looks like tls-cipher "DEFAULT:@SECLEVEL=0" is already there. Don’t think it matters, but tried without quotes as well.

client
dev tun
proto udp
remote edge-us-starting-point-1-dhcp.hackthebox.eu 1337
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
cipher AES-128-CBC
tls-cipher "DEFAULT:@SECLEVEL=0"
auth SHA256
key-direction 1

Tried different VPN servers, tried re-installing evil-winrm, ruby, etc.

try older openvpn version 2.51 e.g.

Sadly, that didn’t work either. I’ll have to try a few other things.

I gave up and just used a docker image. Spent way too much time trying to solve this, so found a workaround.

Hi, have you got any solution to this?

after infinite frustration, scouring the web, noting the addition to .ovpn file == no positive results…

I jumped into Discord and asked, a user ended up responding, explaining its a known issue and suggested a full update on Kali. Upon updating, winrm worked smoothly, just as the write-up.

Link to Kali update doc: https://www.kali.org/docs/general-use/updating-kali/

This is alarmingly hacky, but it works for this case.

1.) pip install pywinrm
2.) run python3 to open up a prompt
3.) Run the following

import winrm
session = winrm.Session('10.129.67.232', auth=('administrator','badminton'), transport='ntlm')
session.run_ps("whoami").std_out

If you get an md4 error, refer to: this link.

Then simply re-run the final line replacing “whoami” with your command (You can also change run_ps to run_cmd to execute cmd commands instead of ps ones)

For the flag, do:

session.run_cmd("type C:\\Users\\mike\Desktop\\flag.txt").std_out

A bit hacky, but it’s a solution for this box.

In my case issue was evil-winrm was using ruby 2.7 but mine ruby path was set to ruby 3.0
so go to and change ruby3 to ruby2.7 temporarily

cd /usr/bin/
cp ruby ruby.bk
cp -f ruby2.7 ruby

and run evil-winrm this will solve the issue.
after executing to reverb changes

cd /usr/bin/
cp -f ruby.bk ruby

In my case evil-winrm was using ruby2.7 but my default path for ruby was set to 3.0 so temporarily change it.

cd /usr/bin
cp ruby ruby.bk
cp -f ruby2.7 ruby

and now run evil-winrm it will work.
to revert back changes

cp -f ruby.bk ruby

Add those lines to /etc/ssl/openssl.cnf

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

It will activate md4 for openssl.

this fixes it… ty /bow

Thankyou, this fixed it for me!

I’m using ubuntu, not kali. I gave up on making evil-winrm work on ubuntu. I used docker instead.

Here is the docker command I used…

docker run --rm -ti --name evil-winrm  oscarakaelvis/evil-winrm -i 10.129.111.232 -u Administrator -p 'password'

I wrote the solution for M1/M2 users here.

Workaround: edit /etc/ssl/openssl.cnf by adding legacy = legacy_sect under default = default_sect in order to appear as:

[openssl_init]
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect
legacy = legacy_sect

and by uncommenting #activate = 1 under [default_sect] and adding [legacy_sect] and activate = 1 under them in order to appear as:

[default_sect]
activate = 1
[legacy_sect]
activate = 1

Thanks!! this works for me!