WinRM VBS Remote Code Execution

vendor:

N/A

by:

thelightcosine

8,8

CVSS

HIGH

Remote Code Execution

N/A

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2012

WinRM VBS Remote Code Execution

This module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy.

Mitigation:

N/A

Source

WinRM VBS Remote Code Execution

Mitigation:

Exploit-DB raw data: