WinRM is a Microsoft implementation of the WS-Management Protocol. It uses WMI over HTTP(S) over 5985/TCP and 5986/TCP.
WinRM requires listeners on the client and server to process requests. This can be enabled using the Powershell command ’Enable-PSRemoting –Force’ locally and remotely using any of the previous techniques.
winrs -r:REMOTEIP -u:DOMAIN\USER -p:PASSWORD notepad.exe
We can also avoid the double-hop problem with -EnableNetworkAccess
PS> Enter-PSSession –ComputerName REMOTEIP –Credential DOMAIN\USER –EnableNetworkAccess
If the computer is not domain joined, then you need to add the target computer to the trustedhosts list
PS > winrm quickconfig
PS > Set-Item WSMan:\localhost\Client\TrustedHosts –Value ’<TARGET_HOST>,<TARGET_HOST2>’
Last modified 1yr ago
Copy link