Devious-WinRM 1.2.1

A Pentester's Powershell Client.

Devious-WinRM

A Pentester's Powershell Client.

Description / Purpose

This tool allows one to access servers running WinRM or Powershell Remoting, with additional tools for capture the flag / pentesting. I created this project to fix a few grievances I have with existing tools (such as the amazing Evil-WinRM) and to contribute to the open-source hacking community.

Under the hood, Devious-WinRM is not directly based on WinRM. It is instead built on the PowerShell Remoting Protocol, which in turn uses WinRM. PSRP was chosen as it seems to require less user permissions than WinRM, at least in a rudementary Active Directory environment.

Features / Planned

• No-config Kerberos auth
• Make it pretty
• Pass the hash support
• Pass the ticket support
• File upload/download
• Syntax highlighting
• Ctrl+C command interupt
• Remote path completion
• In-Memory .NET loader
• Local logon token upgrader via RunasCs
• In-Memory Powershell loader
• Certificate auth
• SSL auth
• Logging

Installation

0 - Install Kerberos (Linux only)

sudo apt install gcc python3-dev libkrb5-dev krb5-pkinit

1 - Install Devious-WinRM

uv tool install devious-winrm

or

pipx install devious-winrm

Sample usage:

dwrm ws01.example.com -u 1upbyte -p supersecret123 -k --dc dc01.example.com

Check out the Installation Guide for more technical information along with help for other distros.

Credits

• Evil-WinRM - This goes without saying, but Evil-WinRM is an incredible tool. It was the primary inspiration for this project.
• pypsrp - A tremendously well-featured library for Powershell Remote in Python. Super friendly developer as well!
• evil-winrm-py - Aditya and I had the same idea at almost the exact same time. I would be remissed if I didn't mention his project as well.
• RunasCs - Used for the local token upgrader. Super useful tool when doing work over WinRM.