cme_winrm
Execute remote commands and dump credentials via WinRM protocol on hosts with WinRM enabled.
Instructions
Execute WinRM protocol operations. Supports remote command execution and credential dumping on hosts with WinRM enabled (ports 5985/5986).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| targets | Yes | Target IP, hostname, CIDR range, or file path | |
| username | No | Username or file path to usernames | |
| password | No | Password or file path to passwords | |
| hash | No | NTLM hash for pass-the-hash | |
| domain | No | Domain name | |
| localAuth | No | Use local authentication | |
| kerberosAuth | No | Use Kerberos authentication | |
| port | No | WinRM port (5985 HTTP, 5986 HTTPS) | |
| checkProto | No | Check protocol: http or https | |
| httpTimeout | No | HTTP timeout in seconds | |
| threads | No | Concurrent threads | |
| execCmd | No | Execute cmd command | |
| execPowershell | No | Execute PowerShell command | |
| sam | No | Dump SAM hashes | |
| lsa | No | Dump LSA secrets | |
| dumpMethod | No | Dump method: cmd or powershell | |
| module | No | Module to run | |
| moduleOptions | No | Module options | |
| verbose | No | Verbose output | |
| debug | No | Debug output |