Simple WinRM shell (via Kerberos)

Hi there,

I’m here (again) to proudly (x2) introduce a WinRM shell that i developed for simple needs.
The main difference from my past winrm_shell is that this on relays on a valid Kerberos ticket.
(Very useful with Golden Tickets)

ATTENTION

Make sure you have your kerberos ticket properly configured,
either setting the KRB5CCNAME variable or copying and renaming it to ‘/tmp/krb5cc_0’

Example:

export KRB5CCNAME=’/foo/bar/ticket.ccache’
or
cp -v /foo/bar/ticket.ccache /tmp/krb5cc_0

Also, make sure you can resolve all domain involved names.

Usage: ./winrm_kerb_shell.rb [options]

Example:
./winrm_kerb_shell.rb -s fooserver.contoso.com -r CONTOSO.COM

PS contoso.com\bob@fooserver Documents>

It requires ruby and ‘winrm’ ruby module (gem install winrm)

I really appreciate any comments and suggestions.

Regards,

Nice! probably we’ll add something similar to Evil-WinRM (kerberos auth). Thanks for the inspiration.