Evil-WinRM shell

Hi there, I’m collaborating in a project that probably is a thing you’ll like if you like Windows hacking. Is a WinRM shell with some extra features like:

  • Command history
  • Tab autocompletion
  • Ability to load C# exes, dlls and powershell scripts directly into memory
  • List remote services
  • FullLanguage Powershell language mode
    And many more…

Here is the link:

Remember to place a star on github if you want to support the project. I hope it will help you for some hackings and I wanted to share it with you.


1 Like

Great! Thanx!

Very nice tool honestly, used it very recently.

Great tool! Thnx for sharing!

Yeah, new version was released yesterday. Now supporting ssl and certificates to connect.

Thank you for sharing. A very useful tool.

Any idea what’s wrong with my Ruby install. Had this message using your script and the other one in mentioned in the heist thread

/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:39: warning: constant OpenSSL::Cipher::Cipher is deprecated
/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:128: warning: constant OpenSSL::Cipher::Cipher is deprecated

All ruby newly installed added the winrm gem and the others colorizer etc

I always get this error:

ruby evil-winrm.rb -i 10.10.10.x -u -p

Info: Starting Evil-WinRM shell v1.6

Info: Establishing connection to remote endpoint

Error: Can’t establish connection. Check connection params

Error: Exiting with code 1

awesome tool tbh :slight_smile: also used it recently :B

Worked out the kink, thanks!

Really nice. thanks!

New release (v1.7). For “git cloners” just git pull to update. for ruby gem users just “gem install evil-winrm” ← yes, same command as the first time again.

New feature added… now compatibility to load donut payloads . I bet you know what is. Read the documentation at Readme. Cheers!

Had the same problem on some scripts:

When I loaded the v2 (main branch) PowerView script, it worked fine
When I loaded the v3 (dev branch) PowerView script, it gives me connection issues.

Debugging - you can debug the ruby script with the -rdebug switch - this gave me:

Error: Can’t establish connection. Check connection params

Error: Exiting with code 1

evil-winrm.rb:270: Bad HTTP response returned from server. Body(if present): (413).' (WinRM::WinRMHTTPTransportError) from evil-winrm.rb:433:in rescue in main’
from evil-winrm.rb:328:in main' from evil-winrm.rb:449:in
evil-winrm.rb:270: exit(exit_code)

However: updating your evil-winrm to the latest version - today this is v1.9 - fixes this. Check your CHANGELOG.md file to make sure you have the latest version

I’m getting
7: from /usr/local/bin/evil-winrm:23:in <main>' 6: from /usr/local/bin/evil-winrm:23:in load’
5: from /var/lib/gems/2.5.0/gems/evil-winrm-1.9/bin/evil-winrm:3:in <top (required)>' 4: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require’
3: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require' 2: from /var/lib/gems/2.5.0/gems/evil-winrm-1.9/lib/evil-winrm.rb:556:in <top (required)>’
1: from /var/lib/gems/2.5.0/gems/evil-winrm-1.9/lib/evil-winrm.rb:380:in main' /var/lib/gems/2.5.0/gems/evil-winrm-1.9/lib/evil-winrm.rb:524:in rescue in main’: uninitialized constant EvilWinRM::GSSAPI (NameError)
error and i dont really understand where’s that coming from anyone knows what to do?
edit:fixed after changing to dev branch

Thank you for sharing.

Thanks for sharing!!!

Thank you for this! It actually works where as the alamot’s kept failing on me. I’m going to have to work through the errors on Alamot’s as well it’s probably just some dependency I failed to install

Nice, really nice tools, git cloned then installed gem dependencies and worked like a charm. Used recently, thanks for sharing !!!

Recently had an issue where some zip-related dependency was broken and had to gem install evil-winrm to fix it

please send me pm with hint to get root. i manage to get user.txt flag, thanks for above comments.