Simple WinRM shell (via Kerberos)

Hi there,

I’m here (again) to proudly (x2) introduce a WinRM shell that i developed for simple needs.
The main difference from my past winrm_shell is that this on relays on a valid Kerberos ticket.
(Very useful with Golden Tickets)


Make sure you have your kerberos ticket properly configured,
either setting the KRB5CCNAME variable or copying and renaming it to ‘/tmp/krb5cc_0’


export KRB5CCNAME=’/foo/bar/ticket.ccache’
cp -v /foo/bar/ticket.ccache /tmp/krb5cc_0

Also, make sure you can resolve all domain involved names.

Usage: ./winrm_kerb_shell.rb [options]

./winrm_kerb_shell.rb -s -r CONTOSO.COM

PS\bob@fooserver Documents>

It requires ruby and ‘winrm’ ruby module (gem install winrm)

I really appreciate any comments and suggestions.


Nice! probably we’ll add something similar to Evil-WinRM (kerberos auth). Thanks for the inspiration.