[Article]-Webcast: Abusing Windows Remote Management (WinRM) with Metasploit

[don]

Here's some more great content as Rapid7 and EH-Net join forces once again. Please help spread the word by following us on Twitter @ethicalhacker and RTing this and other items of interest.

Permalink: [Article]-Webcast: Abusing Windows Remote Management (WinRM) with Metasploit

Join us for a Free Webcast on Dec 4

In this technical webinar for penetration testers, David Maloney discusses how you can use Windows Remote Management and Windows Remote Shell to obtain a session on a host while avoiding detection through anti-virus solutions. Participants will learn about:

   • Capabilities of Windows Remote Management (WinRM) and Windows Remote Shell (WinRS)
   • Discovering hosts running these services
   • Brute forcing the services to obtain passwords
   • Running WMI Queries and running commands
   • Getting and migrating shells to a more persistent process

David Maloney, a Software Engineer on Rapid7’s Metasploit team, is responsible for development of core features for the commercial Metasploit editions. Before Rapid7, he worked as a Security Engineer and Penetration Tester at Time Warner Cable and as an Application Security Specialist for a global insurance company. David has been a long-time community contributor to the Metasploit Framework. He is one of the founders of Hackerspace Charlotte and is an avid locksport enthusiast.

Date:  Tuesday December 4, 2012
Time:  1:00 PM - 2:00 PM CST




Register Now!

Even if you can't join us live, please register anyway to get details on the video!

See you there,
Don

[don]

Less than a week until the live event. As a reminder, the webcast in its entirety will be recorded. So even if you can't attend the live event, please register anyway to be on the list of those automatically notified when the video is available.

As always, it is greatly appreciated when all of you EH-Netters help spread the word of our educational events.

See you next week,
Don

[H1t M0nk3y]

I like these videos Don, so thanks for doing this! 

[don]

You're quite welcome. I appreciate you letting us know, because sometimes one can live in their own ittle bubble and think that it's good but not really know for sure.

Don

[don]

Don't forget to join us tomorrow for some live hacking with Metasploit. It will be fun!

Don

[don]

C u in about 1 hour.

If you can't attend and have questions or have questions that didn't get answered during the live event, throw them in this thread.

See ya,
Don

[ziggy_567]

Did the date for this change?

When I registered, I clicked on the "Import this event into your calendar" link and it showed up on my calendar for the 6th.

I'll still be attending, but I thought it odd.

[mubix]

Awesome work @thelightcosine !

[H1t M0nk3y]

I just missed it. I miscalculated the time zones by one hour and connected at the very end! 

So Don, when will the recording be available?

I feel a bit dumb...

Thanks

[don]

I usually like to post the video about a month afterwards, so that there's incentive to register and attend the live event. But because of the holidays, I may do it this month.

My arm is ready for twisting. 

Don

[digitalvampire]

Don't feel bad, I just realized I did the same.. I was even watching a CST timer to make sure I the timing right this morning.  Went to grab lunch and saw I was off an hour!

[m0wgli]

I like these videos Don, so thanks for doing this! 

Totally agree with this, I enjoyed the Webcast tonight. I'll be researching this further.

As mentioned at the end, nobody knows everything! It's great that so many in the community are willing to share! 

[H1t M0nk3y]

My arm is ready for twisting.

Good! I have been practicing Jiu-Jitsu for years now and twisting arms is all we do!! 

@digitalvampire: It's good to see I am now the only one!!

This site is so much fun!

[digitalvampire]

I agree, I love this forum!  I'm still mad I missed this, but I'm looking forward to seeing it uploaded... Thanks for bringing this to us!!

-DV

[m0wgli]

If you haven't seen it already the post below is worth a read:

https://community.rapid7.com/community/metasploit/blog/2012/11/08/abusing-windows-remote-management-winrm-with-metasploit