jaccostraathof

evil-winrm.py

evil-winrm.py

 

download from:  GitHub – adityatelange/evil-winrm-py: Execute commands interactively on remote Windows machines using the WinRM protocol

Example

c:\Python\Scripts>evil-winrm-py.exe -i object.htb -u oliver -p c1cdfun_d2434

Install on Windows

C:\PENTEST\evil-winrm-py-main\evil-winrm-py-main>dir
 Volume in drive C has no label.
 Volume Serial Number is 2455-111A

 Directory of C:\PENTEST\evil-winrm-py-main\evil-winrm-py-main

27/08/2025  12:52    <DIR>          .
27/08/2025  12:52    <DIR>          ..
27/08/2025  12:52             3.467 .gitignore
27/08/2025  12:52    <DIR>          assets
27/08/2025  12:52    <DIR>          docs
27/08/2025  12:52    <DIR>          evil_winrm_py
27/08/2025  12:52             1.071 LICENSE
27/08/2025  12:52             6.864 README.md
27/08/2025  12:52             1.425 setup.py
               4 File(s)         12.827 bytes
               5 Dir(s)  333.581.987.840 bytes free

C:\PENTEST\evil-winrm-py-main\evil-winrm-py-main>pip install .
Processing c:\pentest\evil-winrm-py-main\evil-winrm-py-main
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: pypsrp==0.8.1 in c:\python\lib\site-packages (from evil-winrm-py==1.4.1) (0.8.1)
Requirement already satisfied: prompt_toolkit==3.0.51 in c:\python\lib\site-packages (from evil-winrm-py==1.4.1) (3.0.51)
Requirement already satisfied: tqdm==4.67.1 in c:\python\lib\site-packages (from evil-winrm-py==1.4.1) (4.67.1)
Requirement already satisfied: wcwidth in c:\python\lib\site-packages (from prompt_toolkit==3.0.51->evil-winrm-py==1.4.1) (0.2.13)
Requirement already satisfied: cryptography in c:\python\lib\site-packages (from pypsrp==0.8.1->evil-winrm-py==1.4.1) (45.0.6)
Requirement already satisfied: pyspnego<1.0.0 in c:\python\lib\site-packages (from pypsrp==0.8.1->evil-winrm-py==1.4.1) (0.11.2)
Requirement already satisfied: requests>=2.9.1 in c:\python\lib\site-packages (from pypsrp==0.8.1->evil-winrm-py==1.4.1) (2.32.4)
Requirement already satisfied: colorama in c:\python\lib\site-packages (from tqdm==4.67.1->evil-winrm-py==1.4.1) (0.4.6)
Requirement already satisfied: sspilib>=0.1.0 in c:\python\lib\site-packages (from pyspnego<1.0.0->pypsrp==0.8.1->evil-winrm-py==1.4.1) (0.3.1)
Requirement already satisfied: charset_normalizer<4,>=2 in c:\python\lib\site-packages (from requests>=2.9.1->pypsrp==0.8.1->evil-winrm-py==1.4.1) (3.4.3)
Requirement already satisfied: idna<4,>=2.5 in c:\python\lib\site-packages (from requests>=2.9.1->pypsrp==0.8.1->evil-winrm-py==1.4.1) (3.10)
Requirement already satisfied: urllib3<3,>=1.21.1 in c:\python\lib\site-packages (from requests>=2.9.1->pypsrp==0.8.1->evil-winrm-py==1.4.1) (2.5.0)
Requirement already satisfied: certifi>=2017.4.17 in c:\python\lib\site-packages (from requests>=2.9.1->pypsrp==0.8.1->evil-winrm-py==1.4.1) (2025.8.3)
Requirement already satisfied: cffi>=1.14 in c:\python\lib\site-packages (from cryptography->pypsrp==0.8.1->evil-winrm-py==1.4.1) (1.17.1)
Requirement already satisfied: pycparser in c:\python\lib\site-packages (from cffi>=1.14->cryptography->pypsrp==0.8.1->evil-winrm-py==1.4.1) (2.22)
Building wheels for collected packages: evil-winrm-py
  Building wheel for evil-winrm-py (pyproject.toml) ... done
  Created wheel for evil-winrm-py: filename=evil_winrm_py-1.4.1-py3-none-any.whl size=25078 sha256=4c41fb3e15749fe62f568921162435e82892aecd7e24dfd04c054fff731b9639
  Stored in directory: c:\users\puck\appdata\local\pip\cache\wheels\69\7f\05\0af1b9c2427890f813ed9f04707a6c6371d16ba42075d1cd37
Successfully built evil-winrm-py
Installing collected packages: evil-winrm-py
  Attempting uninstall: evil-winrm-py
    Found existing installation: evil-winrm-py 1.4.1
    Uninstalling evil-winrm-py-1.4.1:
      Successfully uninstalled evil-winrm-py-1.4.1
Successfully installed evil-winrm-py-1.4.1

[notice] A new release of pip is available: 24.3.1 -> 25.2
[notice] To update, run: python.exe -m pip install --upgrade pip



c:\PENTEST>pip uninstall evil-winrm-py
Found existing installation: evil-winrm-py 1.4.1
Uninstalling evil-winrm-py-1.4.1:
  Would remove:
    c:\python\lib\site-packages\evil_winrm_py-1.4.1.dist-info\*
    c:\python\lib\site-packages\evil_winrm_py\*
    c:\python\scripts\evil-winrm-py.exe
    c:\python\scripts\ewp.exe
Proceed (Y/n)? n

c:\PENTEST>cd c:\Python\Scripts

c:\Python\Scripts>evil-winrm-py.exe
          _ _            _
  _____ _(_| |_____ __ _(_)_ _  _ _ _ __ ___ _ __ _  _
 / -_\ V | | |___\ V  V | | ' \| '_| '  |___| '_ | || |
 \___|\_/|_|_|    \_/\_/|_|_||_|_| |_|_|_|  | .__/\_, |
                                            |_|   |__/  v1.4.1

usage: evil-winrm-py [-h] -i IP [-u USER] [-p PASSWORD] [-H HASH] [--no-pass] [--priv-key-pem PRIV_KEY_PEM]
                     [--cert-pem CERT_PEM] [--uri URI] [--ua UA] [--ssl] [--port PORT] [--log] [--debug] [--no-colors]
                     [--version]
evil-winrm-py: error: the following arguments are required: -i/--ip

c:\Python\Scripts>

.

Upload file

c:\Python\Scripts>evil-winrm-py.exe -i object.htb -u oliver -p c1cdfun_d2434
          _ _            _
  _____ _(_| |_____ __ _(_)_ _  _ _ _ __ ___ _ __ _  _
 / -_\ V | | |___\ V  V | | ' \| '_| '  |___| '_ | || |
 \___|\_/|_|_|    \_/\_/|_|_||_|_| |_|_|_|  | .__/\_, |
                                            |_|   |__/  v1.4.1

[*] Connecting to 'object.htb:5985' as 'oliver'
evil-winrm-py PS C:\Users\oliver\Documents> upload PowerView.ps1
[-] Usage: upload <local_path> <remote_path>
evil-winrm-py PS C:\Users\oliver\Documents> upload PowerView.ps1 .
Uploading C:\Python\Scripts\PowerView.ps1: 768kB [00:03, 262kB/s]
[+] File uploaded successfully as: C:\Users\oliver\Documents\PowerView.ps1
evil-winrm-py PS C:\Users\oliver\Documents>

.

Download file

evil-winrm-py PS C:\programdata> download Engines.xls .
Downloading C:\programdata\Engines.xls: 64.0kB [00:00, 264MB/s]
[+] File downloaded successfully and saved as: C:\Python\Scripts\Engines.xls

.