SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service.

This module exploit BITS behavior which tries to connect to the local Windows Remote Management server WinRM every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allo...

RogueWinRM - Windows Local Privilege Escalation From Service Account To System

RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account with SeImpersonatePrivilege to Local System account if WinRM service is not running default on Win10 but NOT on Windows Server 2019. Briefly, it will listen for incoming connection on port 5985 fakin...

Microsoft Windows: Unencrypted traffic (RM Service)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmservunencrypted.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow unencrypted traffic Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...