commands.sh
nxc

nxc winrm

all

Pentest and exploit Windows Remote Management (winrm).

More info →

Options (2)

-u, --usernameboolean

Search for valid credentials by trying out every combination in the specified lists of usernames and passwords

Example: nxc winrm {{192.168.178.2}} {{[-u|--username]}} {{path/to/usernames.txt}} {{[-p|--password]}} {{path/to/passwords.txt}}
-p, --passwordboolean

Search for valid credentials by trying out every combination in the specified lists of usernames and passwords

Example: nxc winrm {{192.168.178.2}} {{[-u|--username]}} {{path/to/usernames.txt}} {{[-p|--password]}} {{path/to/passwords.txt}}

Examples (4)

Search for valid credentials by trying out every combination in the specified lists of usernames and passwords

nxc winrm 192.168.178.2 [-u|--username] path/to/usernames.txt [-p|--password] path/to/passwords.txt

Specify the domain to authenticate to (avoids an initial SMB connection)

nxc winrm 192.168.178.2 [-u|--username] username [-p|--password] password -d domain_name

Execute the specified command on the host

nxc winrm 192.168.178.2 [-u|--username] username [-p|--password] password -x whoami

Execute the specified PowerShell command on the host as administrator using LAPS

nxc winrm 192.168.178.2 [-u|--username] username [-p|--password] password --laps -X whoami
made by @shridhargupta | data from tldr-pages