WinRM is a Microsoft implementation of the WS-Management Protocol. It uses WMI over HTTP(S) over 5985/TCP and 5986/TCP.

WinRM requires listeners on the client and server to process requests. This can be enabled using the Powershell command ’Enable-PSRemoting –Force’ locally and remotely using any of the previous techniques.

winrs -r:REMOTEIP -u:DOMAIN\USER -p:PASSWORD notepad.exe

We can also avoid the double-hop problem with -EnableNetworkAccess

PS> Enter-PSSession –ComputerName REMOTEIP –Credential DOMAIN\USER –EnableNetworkAccess

If the computer is not domain joined, then you need to add the target computer to the trustedhosts list

PS > winrm quickconfig
PS > Set-Item WSMan:\localhost\Client\TrustedHosts –Value ’<TARGET_HOST>,<TARGET_HOST2>’

Last updated