💀Windows Connection Methods

• If port 3389 is open or a rdp port is open connect using xfreerdp:

  • xfreerdp /u:username /p:password /cert:ignore /v:ip

• If port 5985 is open or a winrm port is open connect using evil-winrm:

  • https://book.hacktricks.xyz/network-services-pentesting/5985-5986-pentesting-winrm

  • evil-winrm -u username -p 'password' -i <IP>/<Domain>

• Another way?

  • winexe -U ‘username%password' //ip_of_remote cmd.exe